hxxps://drive[.]google[.]com/drive/folders/10SpFZl89RzWa1-Uryc_g7HTHHTuWPJAH

Resubmissions

08-08-2024 22:35

240808-2h4bwavfje 6

08-08-2024 22:34

240808-2hkvjavere 6

08-08-2024 22:29

240808-2ekqcs1dpn 6

08-08-2024 22:26

240808-2cvsjsvdrd 6

Analysis

max time kernel
451s
max time network
452s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/10SpFZl89RzWa1-Uryc_g7HTHHTuWPJAH

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
1372	msedge.exe
1372	msedge.exe
4864	identity_helper.exe
4864	identity_helper.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 3364	1372	msedge.exe	82
PID 1372 wrote to memory of 3364	1372	msedge.exe	82
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 4664	1372	msedge.exe	83
PID 1372 wrote to memory of 2256	1372	msedge.exe	84
PID 1372 wrote to memory of 2256	1372	msedge.exe	84
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85
PID 1372 wrote to memory of 3244	1372	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/10SpFZl89RzWa1-Uryc_g7HTHHTuWPJAH
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96f2046f8,0x7ff96f204708,0x7ff96f204718
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,1288798535722667635,1702623021031214008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
23e2c767fc69f030990ff7501e13e643

SHA1
76f75f4fd5413ab7565bc1e1f7b5b6cd0fbf5f2f

SHA256
f34becc7e12af67cf23b6959483786a5a8562291dea6fe4ca7f3afab3bc7735e

SHA512
cbb14e2cae96f732a560cb26b4693170389f2e594b2deef528b88bbfb10b99cbe2d4e5189416f787f9739af4d11614da40fe77f9f5c6933eac56ff5a2a8ff3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8537f73b77d433788ae5422deae3e2b3

SHA1
4801022ec79706cd8d0788b9d7940f864f2dfc17

SHA256
f66dbb5532c61b21f051a78176067fef9b979d1a8da2b8eaeb9245edf7e83209

SHA512
bdd2057813aa0f369f08284eb13e5464f1c611003c89cb3e0480653a1e9a18116f6c381b457ad0b6432205bf5deca6cadd7b5691010487fd749a667d9ddb4540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
773ec5843edc047e5e49dd5b7e49117f

SHA1
d6439e921d684355c7d3241f6be7451f900b91c9

SHA256
9a74b31c8a3d5e9ec8aeadb29bda5f9028f4577629846dc720181532610f35dd

SHA512
31c86d62690446633876fa678e3756e7ebc1e0903f26dfd16ebd0d47310e2c4194012eee78e10427496a75dce747f8c3f2590a4b15bbc1b9e73a8f321c0dd79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cbcce74074b0b749203fa548b705a579

SHA1
bc68da6bdfe9f88b1c433d9d2b9bcc19b520aedf

SHA256
9e628090bea03d8d60d55d4e7f2941bd0c13ea4dbcd87fbd59cf531e4f234b75

SHA512
4e87c37c3961ddabc26a487a9d67c32f06fe613478d58a5543aa4ca8bd91083bc9a19a94bb3f4431b466e2bc82b02242efb6f6d2ec305c6cbf52aadd5a505c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2779ee0384fec2cbd3acaa9ba7ffc59f

SHA1
929ff3ea8e4492280aa36c5126bc1316288dc405

SHA256
2253a2f441385a5275b1a1be3f7c382fa1d3bcfb25e9e448c6ae037ebd97802c

SHA512
95f26b0442401e2ec72e5f04d7865b3ff348cacb256b6de8ff804780d979521044ba45ad1d39d45359891d9d4f238a154dde5fdc0f6442440bf111a1cd22c1f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
72fe29e01423365f3df364deb12f68b2

SHA1
226b2652ad098f2ce533fbec6f032aea9e523e24

SHA256
67617eb0ee7bd212900eddaeb3efe4718459738864020b45671a6fba8fa6fe02

SHA512
e3b353ab4fc9fa34952b97cf5b48ec2620fba6b1e959ab18582aa92365943b8dc0793a5805bde68f929afbff5caf905310d07d42559efa579515080c72c95f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9151e099e8c2790f2d9bbe45c08a58b1

SHA1
b9e983020a42ccd1c4492050b376a79a9f29b6a3

SHA256
94cb1274e739986297f3b3828f80bcd5dddb02ecd7822da276938f6320474eab

SHA512
fc131bf967062eb40ab34ea9c4ed7b32aaeb3936e2f760a717798489d4548013038ea827d81c4d4826cd0082d69a20db622531e5fb339d5b3c20869fc9fc195f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9dc5a226d7307dcf918bff67725a7c52

SHA1
0d370f1c494dd1a20bc3404892f2465881f8b24d

SHA256
940d3a8c5ff07c6cc9667f641adc57c9c499cb324a62c0caae446a51217cf4c2

SHA512
dd10e82e775869b67a4ee74f9bbc024c8ad8e6e29868afe4154c598c1872bb2accd260f4c72654b99b02ee8f5689dab00cc0c19ad458f0445793525ee50e141c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8cad111ceadcda694ff9ca218f04a830

SHA1
18bc51f3bce0cf82142dd712b118d13fda9e63b3

SHA256
b8cf80bd0bde9965081e86b4b77eae0b66a17fe87b8a4a8ca926551bd16f5b1e

SHA512
28417cf329885543ab15c4a10599d8096aa82d5846daff8e120cc791cf8a49ea2b96d87ece3bf64a76198becad1e1fb0c282a54ed42fbb6ebbd30930c7c2da03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0953c9de4768c925f3f18bd922996d56

SHA1
1f75ba2fc21dd15853e792bef545d12b664c4f43

SHA256
b987a613a76b5b1f6b4c1c7e8db8bc7c565949daaee6b78086ae7bc309a040e9

SHA512
5986153fbf9f3c61b199cbe879d82a44098437f9f3e877c0d89a888f87ffefee931b5883ca62b75f4488f65a3224adc28d29f17330ef6d6aa0fd0f5f6e4dc9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d57d6c63e005a525a060bd42bd631eeb

SHA1
60eb4f7b5985f2f373eeac8b2fb6496143b3b8c5

SHA256
2a6cd5993d79957d5788beaadfdff07d8325eb44decc05d56e2b263328115470

SHA512
e6ac0ceaa653cc37e359bd817d44963ed71ca03ad043b9620ac38e76359832b063b81d7d9b8bfaf9c5581dd9083d6a9e1d62af5a9fd63c28c0bf90f8e8fbe98c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abd9e3e3450a9932377357e91f42afe6

SHA1
0ad90d318ff04111fa0ddc1c85cad2cf1d560e17

SHA256
517c89e19888139a009eee331d37dc41c7d23ffd643b85896733ab613904a1d5

SHA512
11ad6198e7adb5a43e69a78139cd5395b97164ced1c932e96c2450ef727038a2dd2d2a8ea69833c6668d58c48e4b88e1588d57492b34a51e57493887a81dca9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
abd736c00936959cbe62cb67106b328e

SHA1
05656b3f9b01c2d822c7456fb59324eaae33116a

SHA256
ea2e3dc728fae6d3a4bf4918af2b2945b1206a9b7f0054e2cf456c0fbf1257b6

SHA512
0a10de384d41a873eac0cb3b5c85080715e70a2cd552f154bae8027f3822deedc6f1a7649639a5b13a17a0a46a0859b68d00057728f96d285b0f95e708057f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cdf9316c8bc6e5e96a6c220ed667b28d

SHA1
56ff889d868f0a187942ee730176827d57712ffe

SHA256
40e50aa25c86f925e68f2bf4330a7df7e24fc7d02d74375e7e4b3665f0f9851b

SHA512
12748cd7556e6d8909f122ebe6a4051890c57e4f70948733a6d0c5cb4258e4046aedefd2c53ae4823fb28fb5bf7870b63b0fbeeb5f22340909a095295881a410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd8b55bf95ea0568e24b695075c37ae4

SHA1
428009c39a5bd4337cfe4ab0a5893b6131d7192f

SHA256
6172b9524488f48e832b425488d92f026af56b2ac2c1efcb710ef2d765ddbbb0

SHA512
4e9dca69e52588ba0119f5194e4c44f0caa9629e1906e108ce8372997795f8dc92174d74aa654a7d29e68daf62de545dec1fe0f49a53897b123e1e176211ee15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3aa707334bc9cb02dad5cba20d5868e3

SHA1
89b4092e171ae68126d60de46fdad50e0b1320f1

SHA256
79729c85e2664b6a9519eadafba99fa96f9a21a7950d7ef2a560988b9bfa4a7e

SHA512
9ce9fd4722420bf6e01a8f9af58eabce80bbb7744e58d24f536f0e2f83ba731704e31d187065080094ad6913a05dd05d60a94474f935b603ae9472dbdd54c17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a83790f568f5ba1856fee2c6edf8c4a

SHA1
2fe04fdfe6fd1b22999c2431c9c074e8db30772e

SHA256
cb3bb0c86b213b0f61508400f7275b5e980be34c7fbaca76bfcc1ae98d334b29

SHA512
b4a38ef16c9f06cf17c330b4e2473ba877972c685947318973f3e17b402c0cd918f092269506b6b72f0a20574f4b3c5e353eb3952d830c3a475b6e94439597e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c623fa5608c10e7c57054dbb10545a8

SHA1
e1e526c1ea2819482b949fe4b02f5f154a2606b9

SHA256
5f34697261de32feeba482cf87794702ce083c608d48604a95ed3c702e5baad8

SHA512
8ddfa8498659de4f6f2e241af605c903e80272a24b459b255ed8386affa565c9dae689c326c058a0344c3b118256793fcd88405af5798721b711bd98d18ef909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e5fe0ae58da96cfc17538ad599d45f5

SHA1
997be533261e98749391b1d3fc8945fef2cdb54e

SHA256
4663a5e7c377209a0f437ac46f8b73085cd55b001bd1be8311b827ec61e2e487

SHA512
31675235c4ab5ea9e742205c255b34968fb253445b069116edd4371c9919c6a2dab8b93cecdf83314fcf045cde2ce0e9b95c36bd61ec592a7ec7d2dec5b218c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf2e91cfbd99d4600d4f258cdec6ae2a

SHA1
c9aba852248fa730cfa305df44540622bc80747b

SHA256
c2985264a26476a1fe44a9b919f5b1d39726b2c244810f9d6b0a988e1bbdb668

SHA512
d161b7460d0d1efafeabbf8cab00da0496ac6d256fde17ec388077bc97903e80f09e6ad266cb5619875a1e875abfcd769593d672585be6830bdcd33829cccc04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
843b4e2a5fae97f11ec64874c468c26d

SHA1
c833773bb6580ab916877490c4a166a1dc77b1e7

SHA256
b17362fb43c5bce75bf05d901d45ab7fe66b2fb86a4bb88ab90516898bec6e61

SHA512
b25e398c975fa8021278132daf68c8c5184d6b7964286c8803d28b76eaeb8c33dca971299f317c39d3842c2896af1fd38bf5a80f28fe9ec59e0b8a8e4f3c0e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4da3eae09268d9ce683e8ade53aa7263

SHA1
260280939d24605dc0981986125e87cbbbcc7823

SHA256
8e1545f01e06512c435ed46857edb6bd4dff68e7235b0388c473dbb51ee9b75e

SHA512
d9e1e1ff79175fdcdbafc8b3a18c3811eb7f8c2f104e031cef3e1d7a2fd1d96f6c522ab089798f9d99b6d5a6806c2120f40415bc440cac1b60f6d8c23b8bdcb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66bf4bb2a129b7ef0238e7fbc26be750

SHA1
f3feeea87fbbf5c42c73b9a32c711e2b91a32f78

SHA256
c227898315141eacc7fb01ed84875ef5615835afdda12c0ced02971dcf03e8b3

SHA512
aaeb08c7c86a053f7d297eb9f99c0ad4693eff083912b60ba88e1d22f8a1ecf0cf0f057a6f1a0cbb47d65e35dca1c6e09ab1e33a91067071c0d5e6804183779b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f7141b686024e4878826d7b13de2d1f

SHA1
581acd49affca855759105dc2aba2053c8d07d6a

SHA256
765eb9e122b206494ad175f3a6722c78be7ceae0cefa64859bc69f0e4837a52d

SHA512
7d3081cbdcab43156746b939c60235840d88cd4c508c095035af93e0ecb5fbcbd3ffbe718c11424daaaeb539c4fcd7af77d0d19b5b78df8a31ffe17e98a13acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4bd0898c9063b1f581bd9f1861cac33c

SHA1
9bfa4009162d66536bc2d60deb88a747b5d77876

SHA256
ff5b53fc30ed8e883ad78378db44cbefc621a89c372f9883f65099f6e5df19c7

SHA512
af8d581462d9fd507eb5366d0eaf50fc74b5fca1bcf8d8bd1277e668015061fce1e113d2f2933d10fa3b4edaa51f4282e4911ea43c6819a7676323e27739a9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87d512767d5bbbec7579eadb63d068b7

SHA1
58dd18a62461cc09dce874d41bc49e4a1fe68c39

SHA256
00550f0de4957426dc5eb4a4e95da4a92dfc2334afa9700c66d43d6bbecd21fa

SHA512
5ac1b3c790a91203bd441f02cdd2209fef9a5142e2b10022d8bb9ce6af5f0495a748258104ed40964a2f45af399eca5d6fe1cb69fa7082f8de79aea482effcfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b251af66a82121fdefb666468d418b07

SHA1
d6db49a1d921b96449019c7f978dbf0dac16f9e4

SHA256
0c6d6ff806a7982c4de68ceed891fabf8fa0b6ce9ae438055a4e424b85d009b9

SHA512
87384e9208adbe09696832fa430db7da3673cefe32fec69f774e21d94e3d8c2e13f7a992e678418281e66a79cd2960532ffbb2b9c835cd165d0b1b70c66d5ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57e05a10a95d91741bfe8efb0a138af2

SHA1
1856353a18e5e6bb48d54aa9bef9dd621b1e5ba2

SHA256
ae4eafa3060049b72bfce42b6a3cd713757864eed0f7fa58f0fc50362b0bdafd

SHA512
c5da8e99573b026a7b116f47c09d110233cf49977cd522a306530e55b7aaf8091b93c8e6dce775f6337b327a1a4b54a2f1e80467131b7f3f4afa9332fb8385e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
441e6da39c501f4a71bd35bec76acc7d

SHA1
ef15beaafff5ca068d6dbc160368e44bbffd8465

SHA256
8ae093d4aff15f9d926cd7cc4942a8acd6070fe2cfc663311d757689d5cdcc56

SHA512
438ca6fe4dfe81b79154005ae6afb390095b386e2bb6a288ab4c795355348d0038a66190a226f0e1a8b46a7be900111a52a7f2ff498571dc9c8a54bd63d47030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7df51a47cfcb920f67c99954fa1c531

SHA1
665261077115b92016f2f155eefc500208feb031

SHA256
64adf954c86825e634557d2fac924047eb71a445e7141f4713ba49e3773b69b7

SHA512
b2bfff1ef0c269d7a6fcaba09a96cfb9d734e02c2f5a05bdf97d4ad948c3b8757c957c7b35ebde1c3e95bed12154ed9f87b890aa8fa124fa829e78e356780ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f954.TMP

Filesize
1KB

MD5
7ca591839eb49cceaf4b24beb64af912

SHA1
e76d1867290422af806ec1ff289e6dbf6273f705

SHA256
434e9fcd38caa3944d8d37a109ef42b91b1a7aa0cfc26957532279db9085ba42

SHA512
a3ec0e15237aa07d99efdc3c55d584978d9c87793bb32bc94dd1adc407133025a24320a255979c4ca3fd60628c7c047e114b914e2841b350d42f9f051569835c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2fc4f2ac9a1b357169a4ad0384277abd

SHA1
9d250831c12412a9a463ce21d5cfeeb6ba82d92f

SHA256
f54652e8c3eadd7cf7d556ce6f7d19b63b6a8ee0ddf46711f4103b7dab14b1ca

SHA512
54c00a3e3896411b0723d9f7c2e5a00bd20f8184aa93c790848c87a4b2a4fc68908f0ed6aac5ea0e0cb6dc751aa025ba66320a283efcc32b4eb5b21d8eed49f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
57d038686f2aa177f4b03a6cdfcf18b9

SHA1
ac68ff33617faaffff940740f9d99a2337f6f958

SHA256
8658ee356370d83e8fcbf5a3ed8580994b0d018f50725dbcf9d5c65120bf5f15

SHA512
3dc6686868219754ab3446f5f2e22fd446f6fa46075e63b6941e6293ddcadfcbefedab5b7b6041f2c4f47ee68477b285d3e3ccc5908d0d63d453354bda260cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3893ef9cb7dcee471cd9d162c1cf34e4

SHA1
582cc12b68adabe992b3eccd3578f11bb603f170

SHA256
9ef05a3f34a251425633af15e8d260ccea628c5b0013b73538f6fdddf6d59601

SHA512
f26afa9894ea11d88dd4fbc48eaad6e56384d7240c719704aab54b8f55b3e4f7a2d510dc55ee97b54b6717effa58676c3462173eb5227a5695c7d19e9918c7ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 536335.crdownload

Filesize
17.0MB

MD5
a5731d0f395a3754e4aa9bf072f1ddb4

SHA1
4dcf831374ed566aabe9fc15396273eccf27246c

SHA256
9ff49fe82d9916aeb40bbdcd428fa0841a1e46fd0914ea89b9a72f3344de886e

SHA512
99aee0407fae15afc8a67d0861e8bd93bd8d93a502aee6cb394347bcca5784afd0be9fe34daf3e6ed21031e9d2b9f05cae85855b8efdd8f110ed319466e107c6

Download Submit