hxxps://drive[.]google[.]com/file/d/1TdfFSNxsfRAPge0hpFIDQWMPCrYEUfM2/view?usp=sharing_eip&ts=66e62ea9&sh=JXKN4ozjsadREAkV&ca=1&exids=71471469,71471463

Analysis

max time kernel
43s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1TdfFSNxsfRAPge0hpFIDQWMPCrYEUfM2/view?usp=sharing_eip&ts=66e62ea9&sh=JXKN4ozjsadREAkV&ca=1&exids=71471469,71471463

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
7	drive.google.com
8	drive.google.com
10	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133710497933493980"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1944	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1944	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe
1944	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1944	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 1344	3180	msedge.exe	100
PID 3180 wrote to memory of 1344	3180	msedge.exe	100
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 1896	3180	msedge.exe	101
PID 3180 wrote to memory of 3252	3180	msedge.exe	102
PID 3180 wrote to memory of 3252	3180	msedge.exe	102
PID 3180 wrote to memory of 4064	3180	msedge.exe	103
PID 3180 wrote to memory of 4064	3180	msedge.exe	103
PID 3180 wrote to memory of 4064	3180	msedge.exe	103
PID 3180 wrote to memory of 4064	3180	msedge.exe	103
PID 3180 wrote to memory of 4064	3180	msedge.exe	103
PID 3180 wrote to memory of 4064	3180	msedge.exe	103
PID 3180 wrote to memory of 4064	3180	msedge.exe	103
PID 3180 wrote to memory of 4064	3180	msedge.exe	103
PID 3180 wrote to memory of 4064	3180	msedge.exe	103

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1TdfFSNxsfRAPge0hpFIDQWMPCrYEUfM2/view?usp=sharing_eip&ts=66e62ea9&sh=JXKN4ozjsadREAkV&ca=1&exids=71471469,71471463
1⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3512,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:1
1⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=3780,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:1
1⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5360,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
1⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5372,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
1⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5832,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:2
1⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ff882ced198,0x7ff882ced1a4,0x7ff882ced1b0
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2304,i,961990578525116083,5368974822081812746,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1960,i,961990578525116083,5368974822081812746,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=1808,i,961990578525116083,5368974822081812746,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff88825cc40,0x7ff88825cc4c,0x7ff88825cc58
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,18431845602442970381,13904813510325497981,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,18431845602442970381,13904813510325497981,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,18431845602442970381,13904813510325497981,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,18431845602442970381,13904813510325497981,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,18431845602442970381,13904813510325497981,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3780,i,18431845602442970381,13904813510325497981,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,18431845602442970381,13904813510325497981,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,18431845602442970381,13904813510325497981,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:4860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4888

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\FormatSwitch.wmv"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\85c07c87-0df9-45b5-89b0-0fe625418dfa.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eab4efb82390a0a744513a8cb9b56be8

SHA1
30557084fa25a5aa6dfe710841c443d657a340be

SHA256
512d72d8890dc41241d232572c5830c081b306e2c7c531d4a5dc450d96e261ec

SHA512
9c04fad7c8383944e57a1c5db725a7332bd77476da25dab2fb6a9a5c23f4349db29b44ec19f3fe1149848d442ca5d2872ed12d27e263db13a26f0ac58563074c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
825edefe31aaa2e57df4a7f057dbe723

SHA1
a3ba08e239dc6f882cfe478020e332801ba0499a

SHA256
72c360ccb42e01a83c8ac46b7e85bb1747e91096954af5c7ca91bedf899be78c

SHA512
22f8c98d0814d12bfcc71f64ebc87737ef53f3ed90324ace98c4763c07c66f310654c29c0c6ad138a91368152446f50328a2adb88a5c80b4d693724c9ee06c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
03f8e7f37fb47df701c924801244855c

SHA1
63f80ed40ff18c3679bf68dbe6d1eaffd598f589

SHA256
d32c14f5ffb410e6f26c9af35ef6ed6b7dc8f6e7c67be734133fcb1f0c79c162

SHA512
9e648397a3dbb2bf8fead556b6d1b22b245757ac666a08f0f49932e5d5735fd124385f9b62bbedfec270a8d0c388fbe1388b2bd21a15a2d4fe685acedca17253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
95d8cc49fa314d616f46904da91af353

SHA1
c85725cbbcdebd6ca0c8d0000dead3ceb9325ba6

SHA256
d9c7535320aa867cb64cce5758ee457a4be07ad702630167a51afe552b2cfcc5

SHA512
1c39ebad7a586f76621d95f8268e99af6f755e4c838442bf159af6e9ad984b2d483db0488266bd7c633aa985cd87377b531065ad7ce02e5013bb2a3f778dacf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
be0ddc5da784a5b3f893f20c311785f4

SHA1
ecb3b70c49cbf2e5429fb07709bd6bc32fa29829

SHA256
dbee9ed48cdfd410c0b0cf01bbaf57f649addbc6a5e32d3ccfb2bdb5db7e15b7

SHA512
892944a661bf21341ff5072a090ea73743219f05fab349bc7969ea32e5e8059fa719e1aee3823fcc772cbb6cbee0881cda6797b852573bbde0292db2f9715638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
7fb67061a6147f1e731942854df01cfc

SHA1
7cb461032f3eec0a2bb248568921e96fa6bac7e4

SHA256
dbafc1236a809c3e5e1de0da16faf85a30d9d1f8133aa69e210f0a3c3c9fa6d7

SHA512
7bd0fb7a950c55422badf36e86756e42d55c4a60e279424c885514111fbdd4d3a8c932b9b652af7f22645c3c6a95d8aa84439c797d40b39c2ebef0b6ea44bc91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f2029eb70da626ed6be81307a09f8117

SHA1
1f94c71f6edffdbf36a9081e4b62a7e1f855f076

SHA256
a4e3c50448d1186c508e11ab2d062bbc0b33df413d5b5dc31dccff5a7ce22227

SHA512
42301fd921dac4e5f593004b792e0ec7993323e7db26c001e8120a62277e1700a66274dc96d03ccd0cfe78a9d0fb22f954f95f24435ae3c4f137f92fd268f993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
589d8befd1d9c5bd12327af5049ab32d

SHA1
4a1a9f1c7ec8c30ef0712913d305680a0407cdbb

SHA256
e7b35be0bcc7acd27da9eda94f993ca390f91c332deb2b238bc0771f6670301f

SHA512
327320e722fc0cb63b6aeef3289f02379f73afdc57d6e8a08b96e7f4827a83aec2c9f65a66bbdb48e01920c9d41916469e3d45f4beb251c172110f8860c01536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
684ee21a3bc6b38b8b7ffe4fa888f34a

SHA1
68046fbb1d4390baa7577fc92f3b3e13c7330ff1

SHA256
f13f597fa3cfd7a46588ac83bde258da22ca00c60d046f4b68eb16eee70371ab

SHA512
1820886172048e518477349ceb2c2bf0fd7349efd7c5ede9d29251b447ceaf07a55c5538fef6686b44a20560f0bd51bd613e66731c7439a76b32dde3485d348f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
51KB

MD5
783b5372e6d2621598f05a22d5d37b16

SHA1
540bc01f6132a0dcc540ab67391a8078a5660572

SHA256
ed3eda6f7ec634a8d0b9fb1c2e297592ac093d99e82afbad07a981c707f85dac

SHA512
ab609c5b9722d88f1b56c59ca5715aa4eb8506db3392c9a5358ee92332464c5a32a518a283cf309244db2324f17dfc6c4de8f7e4df1eb26086d82efcf76c3325

Download Submit
memory/1944-219-0x00007FF748B00000-0x00007FF748BF8000-memory.dmp

Filesize
992KB

Download
memory/1944-220-0x00007FF897050000-0x00007FF897084000-memory.dmp

Filesize
208KB

Download
memory/1944-221-0x00007FF886F30000-0x00007FF8871E6000-memory.dmp

Filesize
2.7MB

Download
memory/1944-222-0x00007FF885510000-0x00007FF8865C0000-memory.dmp

Filesize
16.7MB

Download