hxxps://drive[.]google[.]com/file/d/1tzgLFk_NoPXB5XjGG9h_hDb1ipmhDNhi/view?usp=sharing

Resubmissions

25-04-2024 20:45

240425-zjwbjsee3z 6

25-04-2024 20:43

240425-zhzycaee2t 6

Analysis

max time kernel
1744s
max time network
1804s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1tzgLFk_NoPXB5XjGG9h_hDb1ipmhDNhi/view?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

6 drive.google.com
10 drive.google.com
13 drive.google.com

flow	ioc
6	drive.google.com
10	drive.google.com
13	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4800	msedge.exe
4800	msedge.exe
4568	msedge.exe
4568	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
5224	msedge.exe
5224	msedge.exe
5224	msedge.exe
5224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4568 msedge.exe
4568 msedge.exe
4568 msedge.exe
4568 msedge.exe
4568 msedge.exe
4568 msedge.exe
4568 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4568 wrote to memory of 968	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 968	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3908	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 4800	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 4800	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe
PID 4568 wrote to memory of 3944	4568	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1tzgLFk_NoPXB5XjGG9h_hDb1ipmhDNhi/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc83c046f8,0x7ffc83c04708,0x7ffc83c04718
2⤵
PID:968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:3944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
2⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
2⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3941912977946028564,11142320208692484385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
dd0273f3aee4c3256f4c95ea7f8a42c7

SHA1
46179c215e89bf4d75dc9078c2447d0785072f5d

SHA256
bc4cfe1dde97226dfe6772f31ab96af91080be641ca9c76289533487d54b83d5

SHA512
5f53cfb998f9f59772231165d332ebdbe119e205a51b4cfc3313072a05db086358edd95c0a8fb2a85fa9e5cb244b51c2bf311c5527479c92ebe5ede6f8e02641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
803969d50962cf78079410132f137234

SHA1
2cabae76f728bb24da2aa52ce19eba7b2a85a756

SHA256
da6fa3cdf93352b37517aadd936dc2441eac03ea4e1f92157a05afb2d15d26b3

SHA512
b0f77cfa2bc418cb2a39a50711c9a6ffa7ec006adc0657aa92fd3433b338d947abe1e2f4dd2b8a2ddce1c87e9bdf2d692c884b879cd47355906de59d9cf7e5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
c42482d6673b3c7dce5209e6ebf4e01b

SHA1
faae56477415e2a3b522175e86289cc59da64312

SHA256
c774f01f25c35114fa0c09d3d72dbae757baaf07f972819fb5caded4c3fe27ad

SHA512
5410f1e1ae24680c528dde11134d7bd10c69e72299495eeb11c2e09c5d3b3ac898c2727d602c2487b8851eecc4173e3ace023d2270f563acf716fd2fc060a9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
4ceda7a137659b9c253486b71924a4aa

SHA1
97e7b6501e33c897acf90d95ad91f5965353849e

SHA256
086aad01967c5ddcecfde5afeb8acce615710cdc82a7d51598a5c84c7dbbe238

SHA512
ef1f8328a25ce0564c542d39da92753115bee9c7e924f24b13b968381a45d6b9319ec57518fbefabfaa9b6125a5862c0fcfafb32479ae6f26d74f510cf6e70ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
abebf802abf104e02a8e329571bb7c9d

SHA1
c493555096f6e6f21e5dc791e6e8fd7730d55ad5

SHA256
b2fdd8f74b71b4072d0c952c549b0282c773d898bf0bda5234a833ac0a8116b3

SHA512
8007ba70d1ece07096e90d0f4e4d39af5530ef3efe96d2be15c8c35bb2cd2efe2fdc5d96e4145f70972313d60ef95e5625f9178bc08a8721ff6856fe2bc8a70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
caddd2b8569bbbe4455eed4ec3d8a788

SHA1
da57655b7c5bfb8a157ac9451641c1b357a2430b

SHA256
a9991255c8ca37e46a2aa6252db7d29f2402d15c7d3ac5628e7c8c9ce8edad63

SHA512
705d09f36bae5b64ccc1390c7b9b0cd6ff9e623092b4bc8adb99f0aced0a83fc8453bfc42f5e5f1b17ad9939d7df31aa011dc6488df6fbe8dd25f5405e171154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
fd9d8d74e41e874e80cd3ec0d728fac3

SHA1
265585904742e82e8da55c0a47d249965006ffbb

SHA256
b5de4390e3744441e8d635c75ef0202be1818fc233b9b4a216dab9c486e6bc45

SHA512
5f1e7b260ae44558961272dd14ff5263af8affe2446789e5a00e4f9dc6c5162509c539db909252921b5bc12c2baa5887f526c12228853f3cbd2e0efb72afbef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
831ebd6ae07459b6f5783060c88708e9

SHA1
2087bba1965ca3f80abbddd3a4261f6838b580f6

SHA256
083d1c77eaeabb9adb28bc97f7e9ebd76b56ca4aa381a6fb71ee27537f669511

SHA512
b08461d626d31afaf790e7d5397d85d20380077e026296b2e542ecffcfa078b453a73b8a3c2a7f58ce99a05658437b3168d15eb820a4e411f5d0f106069cfd59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
9e901b700c038fd6cecc216d099de948

SHA1
cd56c0f3d5a7516564b7fc3f02853064329fb441

SHA256
ad0a4cf7dd76e97c4822fb10548e51e0b5b873e284b50dacd7983003eb65c040

SHA512
6cf95665e5568670aab4d927362c731ed0f26628e0afedd8b13039ae53792eedbd2e61118da5c6dc21fb7448d4a8c2feec6e666ad23c52332b862c97d6c8448c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
4578eabeba1c00389f836c107e54b9e9

SHA1
4d90611ff175247869e6dec7eb7998acaf876c24

SHA256
25c7315745d81fb61d342601fae8447ddd1701b9c0b6d321bf845eb6e38420fc

SHA512
4f1e954fe2c99b9767383bb5049139ee6290c3c7269cdd035b1e975e251c9940c76ac0293b0c5bc595b4015c759f484ddbfa12ede3f9876ffad506fc0b9a759f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
552c283feabb51ad892d59e05feecdc2

SHA1
64e6e40c87ca1f3fa09bcf308d3bec44e45dd24c

SHA256
9d4662fa51b1758fe5fd91e9ce1b5bcf803cdf75ff775e6dbe3c4d663e748927

SHA512
f64cc3914dc2c55d59761a4b760c43ff2334bf0ec45138ea4be415a83b9c7b9327af42055bafc502a164891bc1e09ef56c47ee82865e63f498edd3f19e8bbc42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
d85a8924b1514f249a67afb14c85223e

SHA1
8137ab6983d14693cf80354c46008a8670e9e483

SHA256
71027b95b8600fda4fc3e90d38420ff3e35667deecaf9793f9c67adc1de02b10

SHA512
8fc328e0a8f1410af8788595339477e13271868eb9120c15c6b6110a4059a46307fa65b5d02d20a294805548a83ca77e9a06dffb5868e02e319485ec968b5bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
c9c047c6d170c43f645b2c8a2807cb98

SHA1
7e771ac4d854a5018e5d08729c72a8b83ec00a63

SHA256
41ae8fcc521886b19dce8c53175143acd6f525e9c8631cb93c36c3fa99872a64

SHA512
fbefbb8d2d59a58c1894ca1d86854e8464409ce44c54808039bf9fed1a0951afac3d99f46244af49101ed2b52af8fcde1c11cbcf8ac29eaf85cde151541ff8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
84569ebcffeabb351da82e6826bf1250

SHA1
0b3bcdab59de667dea4381c6a76f050445e935b2

SHA256
789686f047d4d588fed1e71bd4786dfbe8a8b6dde0981adb7d4ce62d9297ced3

SHA512
48f060b4ba118591ee15a1c6640156cebdf639cb2a5fd99f836cf0de3ac1090a9da5c1b2fb0f0a95f1e3afe00649407fe212417af9ce0659f53fe161a4bac9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
9e13bc75191780d6e869ef673a35526c

SHA1
d26b12e02e99c8435986280200385fcf35f1b41f

SHA256
82feb8a04fbcbc228ab7d30ac1c04beb2c649be111c204eaabac01d46ca2d4cd

SHA512
1d2e1229c91a939fbc7d361653c83e2d8cc3eab440623a45cda429e5e389467c581ee493441987671d69055617f6a7b82d383fe67438d886359d60327589ce96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
75683f1bfb6b1c23023727803d428ed4

SHA1
899f091401dc74bf31cd652be95ae31f8868e0f5

SHA256
0fa6271349fcc5a491f5ff686c24a55c82b7839ccaf80b15427452d449c5b76f

SHA512
410afeb2c8d231965c721e23720adc4d6b8813ba8407126f6aa24b778cce9dfbd51ad4176890a349ea6b859a30607e0833951ac95ea7b7e2954f673b498c308f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
3d52da467259fb6616c0b8f3f49b104a

SHA1
09a5bfeea8a4dadfd7f09c0e84b348d01de6af81

SHA256
1bc60fdb5c096807dbea79f26704797c3686b70c2e11064bb1e13abe4dbd6f91

SHA512
6f36783cd57e68e649964c02280c3fc51b1ba736914e45f5ec6ddd0a487b63a047dac0ae13ea4523d7d7d178ba096e2228926b5892edf0904da813973e32be1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
eed91ff2944d4ae0993631725034a2bb

SHA1
34bfd800eb05e9606018e92148e566b8ad626181

SHA256
fd9e52b47d4a8dc41a7663992adbe4fb0f9c744bd64e12ddaa68c7b43f81b646

SHA512
813626033747a08e49f970f5bfb5a74e58612e1e600955f025ab0966aff17fa08e43fd871aa1a4a5da0169e3bda70c65b01b6193dc6854b47f96ae3385432a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
174d95e50954ab65c05b732cc89241d3

SHA1
fbd1d16c7e3acae1cfcf265685c342d04311f687

SHA256
db4fa67b11d4eca0cefbe1f5854c05e452f0c6edc7c3dad3231342178a518ad5

SHA512
c506afcfad91337f8953838338fe1578840c5f8de83873fb700c27d7bf4b8c2720378907c25f92bc410ea546c20cf204a08119d39325e0fcf76fb575443f0039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ac28393af7354a469c7c36cfcd25975a

SHA1
2ca71a1edcb26163edf1d9047928f8ba25435e0a

SHA256
077c3b7104373c9ac8cd8ebeb70353e9ad0b88fafb36e79a021e96d1574cba5a

SHA512
f6a70880052fab92a9f851f0a19fd9a748c2d00365cbac4fa7ff79360c1850e53b9bea58c496667678ec6ebf6f432da4d5326bc06e1d26332ff630ae3898a388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
88cf65bdec34f1bcc9d75d354363ffe1

SHA1
a5f731abb6176f352310f27fc12039c237efb3bb

SHA256
5b8d916a9c325f889de67338cd8527348640724b7433e01fc08a73cb82ff1798

SHA512
9a1f014cda391036e2db4110469feeadae45b45db3f8f3ddf6458ef2c1c46d6c982aab61de270db3075558b3ad9fb53cdd0229566836ab88cc1c644d722be656

Download Submit
\??\pipe\LOCAL\crashpad_4568_NGEAMFGZBEIPJWVR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit