hxxps://drive[.]google[.]com/drive/folders/10SpFZl89RzWa1-Uryc_g7HTHHTuWPJAH

Resubmissions

08-08-2024 22:35

240808-2h4bwavfje 6

08-08-2024 22:34

240808-2hkvjavere 6

08-08-2024 22:29

240808-2ekqcs1dpn 6

08-08-2024 22:26

240808-2cvsjsvdrd 6

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/10SpFZl89RzWa1-Uryc_g7HTHHTuWPJAH

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
10	drive.google.com
11	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
1812	msedge.exe
1812	msedge.exe
2120	msedge.exe
2120	msedge.exe
2896	identity_helper.exe
2896	identity_helper.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2032	taskmgr.exe
Token: SeSystemProfilePrivilege	2032	taskmgr.exe
Token: SeCreateGlobalPrivilege	2032	taskmgr.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe
2032	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 3220	2120	msedge.exe	86
PID 2120 wrote to memory of 3220	2120	msedge.exe	86
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 376	2120	msedge.exe	87
PID 2120 wrote to memory of 1812	2120	msedge.exe	88
PID 2120 wrote to memory of 1812	2120	msedge.exe	88
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89
PID 2120 wrote to memory of 4644	2120	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/10SpFZl89RzWa1-Uryc_g7HTHHTuWPJAH
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad63c46f8,0x7ffad63c4708,0x7ffad63c4718
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6248577505751926248,5784920094536354010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1560c494-c703-4298-8914-b4f019f8de50.tmp

Filesize
1KB

MD5
e8e55c2ebc3dfc879347a0e5c7bc92bf

SHA1
4581f7017d7821374a7c8c943ba12295ad15fba9

SHA256
1671b2636d96dd35f6439645ba02e339f8c98f281107fa53465eb3a764a25827

SHA512
f9fb793269c8b5c90828f136572ce6673765f28e9b30bc74764983545c77b8c1df89954f05c0fcace7205fd0f8d28cd78d9fc3445b0a491f3bd06a294cb2249f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f7114372b8fc680339abd2d23d9a01d9

SHA1
3323269395c61d87f75ba0447a423f11842ac2d9

SHA256
0a4fa7112eee32ad855a7fa2cf8824124b85ed8fa55c4b8dadac95ffdd84fab5

SHA512
b319c94ec8d433781d7a2fcbcefce4652c4fd36f9f17192822d88d7e8b24972d977a720ac4127c6c04725323f4fb17286ecec649bf7bceaedfcd78d23df572a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
62dc0ed390f324c4da368568e5dad2e9

SHA1
20e45e2ab960c91e5c61d85bcef88d6c7cd84f78

SHA256
f22ba26778ac2d76ed0b4cadb2299683b886ef8e17dadd11140f270b27d85ddd

SHA512
ec4f013e3f8cd56fce44fc2cab7c464ffe4abd7c117a53f6a6c79966202b7574be0c0f04140dfb436f345ed4724ca35684e5e89975fe25b9741a966f1a63860c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5aaef2a7b9271188496173e8ff317dfd

SHA1
262a6895f8cd0c0bd0c44004b4d915f204432a37

SHA256
274ea1b45056bc741fa2937792938b482992df49e46e360feb8bd159d3519159

SHA512
0c09184110edaf07f952354c179df797c9916a2f3b1d89c6e6c23f5f902bd9aa1a7756ef280bcbce2b041c03a4708d9e57c5382f87b20a41d90179baaafa2582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
747cdea6ae83820ec2e36bd5e9bff735

SHA1
1cb45c730f763f21ae6f5d25cbec8285fe7d1e90

SHA256
e371112765e54ab1249ebedd72a42dd7a450c4727f745849df3360615c90c199

SHA512
1700587894814bac7810d5955e5eefac9dacc74d79580a9c2e523c9e4167f1648e4a57dbb81b3ce7124177260e9095e369fdc7c4a265f3d6620c728906973b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8027f35a253224f59fe7b975f58622d

SHA1
ce7cc4284658f79124930094d0ae8dfc55d1c57e

SHA256
28d5fc8eba77503b7237062617135883416af0ac9c6c66d46cd629cb2ee83351

SHA512
21cfb458ab82459ebe0a1588d18c05bf7240c393cdfa438b0949c06bcf06c0386f3912e1aabfb1fa1419ec261d140c1c6572f1e3a061913756baaefcdcd1d4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08b44fa8fac31572397d53c3a7b04c1c

SHA1
c85e7bbb434842f112014d0bd961ffa62c36878c

SHA256
1861f10a71b757820be7b6428c0bd742df8a619ba81a90e847340705e5b90f56

SHA512
35f3275db8298da06405638cd72958c222894a79b529b29ee593d3cc8daa59ec1ca2f531bf41e730f44f3f745eaf9d95ae42ff18bf5a0fcfa7007e847acea4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
368c11852055384b2ae214bf44d749e4

SHA1
bcede123fd883caf467bb5fe993a4b9ff738a262

SHA256
7848bc28aca398d2ebd20def151199cfb424f3cee6e6537f42d5298abfcd2bf4

SHA512
05e36a120c66dfc43bdfc375d4801cfc87e347f3788f5198af7a8f639a573e209c42e68e332b7e50704e12e205e0d7c08e072bcbf6b5c3e8a4cdbef6ae35be5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f152234ef27b91015aff6aca0a6858ce

SHA1
c88dcfaf9fe4b57173e3badabdd6c026ada6cdba

SHA256
8fceb8ac45725afcc0949aaa227a675279e945cc7666ac155831fe85b4bde4da

SHA512
65b6782df9c2d4134ccabd2583a8effa2178ab2dad721f09c0bd41d331544e25aa6aa07692ea42788af468d9354d281c504a2331906fbcfa3bf36874fbaf3353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d18aa51030e31f7392aa78d284d33df

SHA1
aa93c0269eea25e2c4b68d1b0fc0b0c2c1f75e69

SHA256
0865c43006e1160092564c927e450fbc058dbe55ba023dc2e8c2e0ccba0d9042

SHA512
5a1e8432a92e81a221e04a068ec324b8a499001cf4a7c9e06091097be27ceacb7fc758d05149b0fdc959352015618efd0bca9a948ac35b6b21209c1d6c3ffe74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4de7df1822c87d7817d7fa6418ec2ee

SHA1
fd5f7345bd361e9eace613e7d528f6c58bbb1391

SHA256
f4bdfccbbffaf4ba0635e7d9b4a68af3e091017ef0ce46077425dbe8a553a05e

SHA512
5db71b6b04009a68a691e489a0403e1b9ded3c93d653388386f9b8aeea0f9b31d4e25b2c7396a7f431c486f207d697944887024ac1181407d8ccbb142283234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72115d1a626b4751012dadc46c14c916

SHA1
4dcd378b2e6756a4bf83adf9c724d1448cf3aeb5

SHA256
8df9a869da747435fd7280728802ec32a8bef8f9ba6759337fadd2de5ee55e85

SHA512
aa1c113cf58e90439489526e88f84e23d3068385d290ca897b0d8c39ccf9928fe3458dfdf883bdb7952989be5d76a16f2a25c05faacfe4661b812fbf8592b63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9af6f1dbfce2d729c11397b90229cf7

SHA1
0dc29589924205cc16a1a610ae3d7b4b8681f912

SHA256
bcec9723df6c4518e3c3f58bb8bd9f93c00f8bda5cfe46711040c5161ea30dc4

SHA512
0ea3f74b2c0eb2b3c2324252f95326831a1d78d9edb95efee3f0d26acd34fc3374715bc1b7296fdd05bbc0e0779ccf740e97ac3a5b83fb518d994ddfb20e220f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
158e9f5c688a4fb9c78cfd9d82883aa2

SHA1
f7c1fc5aa98f33e75fbbb4722798d6100057744f

SHA256
93bc50b30f7b849ca2894db8d967f42fc745fc4fe93bf8fd3252ecd7cb7707de

SHA512
d8e1b41227a5752c5ecbb2dc869a6a95812749be51ce125d97c35f389674b8ff192b138647c5d10a3d24b15a1c540081271eb2730d2b4f7cb440721d27fe7cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3aa16e41a41a84a0f29971a013e3b95

SHA1
14f62a6ef5ea098a78e8548ffa65517ecbb98849

SHA256
31a8cb2a360383ab4a190ce7bff4931843e65f2d1e7dfbac6f7915918c054f8b

SHA512
2d9aafc534aac587491e7e9ff0d96fc5b12a4a53fd9366ec3a36af92bcf9765d466fbae3a64c7f8cf847b8a393ccb24684ce50b47ddb40c7454a5c1da62ac290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
820afbae7b620a3641febdfdda6dd123

SHA1
0cc190c4d6d39ac3e89dd3dc1bdb03525d8844b3

SHA256
909f9817fe4b3dbfbe6d0cf2f13cdd3566d215d5dcee0950b0bdbe58e4276e61

SHA512
d518c26d9eb7f8dd4976f0b36ae7cd1b9073807ab177d11879162a17ac7b878d607fc6c4aa5ffbd1a894c46c43a1c7dfd9e99695f2ef8216ff07802d79913279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8501a411bd743eb0961201dc0c2f7cce

SHA1
54cd3aae52a8101385f6124b0305fe818197179e

SHA256
0d20146a764a25c3af70423de83dcb135e50bdaa9572f1138d876adfb24b3889

SHA512
211c9b95901a78489935e7174cec71e6a9a40108d22b30d5d22ac30dc14038d38927882db04223dfcc8c3b48572b448cb19526a2903acddf59f98b9e1f669da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d912cd8e971ef885835cb55e3906785

SHA1
aca576237a868c9a1d25ed05c38704551538f521

SHA256
020752a358adad009f93aa749a1ed01b5474bb56b99b010382a6b63b84de94f2

SHA512
32cd10513eb726b57f242de76f6039b6349a059dbc1b68fd460039e3774ae5808d06b292e6fc60073ef95648c38daef863338148b69b938a622efb09d1fb8111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581306.TMP

Filesize
1KB

MD5
fa60c7c1e2bd19ced9fadde54a18b54d

SHA1
5f7c9930dd783d91b158edb0c9a5cf667edd7c72

SHA256
ba7cb94f86093ba2cfc793dd18d2103961ad5b7c999a1d25c4271ff32c196e9b

SHA512
2d3643d55c5de463ca16422e121f0611eb9bc8d88ab5bcd1817b67eb8d0f18a9885beab32b37ba3098dce9c69bf2eedd78958640f745beb9335c170ae54e9127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72ab4c73341f3530113002e6f70fe8b5

SHA1
de5cbb441fef92b41ffd165dc66ac97aa07d1d1b

SHA256
8c24a09f7c1eff99d81fdfc2d95239ab42a02454f2ff23a30738f70b36a6fe44

SHA512
3ab69005c521e3564293dbf4dd5e606f7e6890ee06ef37a9da2fec84ed8d2c7aff4cba1a273d66fcae08fe7545b0af050ecfe99b519fe75a720531a2c40b50e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7e9d2f1fc7c86c336d4a3ebca670c566

SHA1
3e659d282377923c633bad5a85633007e9d57781

SHA256
74057341fd2db095e6a26dc0962b59c8f995272ff3b51340b016b161a4f57b10

SHA512
1d0d169461fc16d121cae25d7333dddebfac2874e85446c36887cbc0fdf8c3dba92f14968403c149af645a5fafc20571a90ba5d331c300f9326ce5e6c6e58722

Download Submit
memory/2032-354-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-356-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-355-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-345-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-353-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-352-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-351-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-350-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-346-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download
memory/2032-344-0x0000028E35920000-0x0000028E35921000-memory.dmp

Filesize
4KB

Download