hxxps://drive[.]google[.]com/file/d/15scEcQOpOtF6kIP9oJtgaFA2jTcwe6ZM/view?usp=drivesdk

Analysis

max time kernel
1737s
max time network
1741s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/15scEcQOpOtF6kIP9oJtgaFA2jTcwe6ZM/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
680	msedge.exe
680	msedge.exe
4928	identity_helper.exe
4928	identity_helper.exe
2336	msedge.exe
2336	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	5048	7zG.exe
Token: 35	5048	7zG.exe
Token: SeSecurityPrivilege	5048	7zG.exe
Token: SeSecurityPrivilege	5048	7zG.exe
Token: SeRestorePrivilege	5028	7zG.exe
Token: 35	5028	7zG.exe
Token: SeSecurityPrivilege	5028	7zG.exe
Token: SeSecurityPrivilege	5028	7zG.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
5048	7zG.exe
5028	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe
680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 680 wrote to memory of 1372	680	msedge.exe	83
PID 680 wrote to memory of 1372	680	msedge.exe	83
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 4968	680	msedge.exe	84
PID 680 wrote to memory of 1452	680	msedge.exe	85
PID 680 wrote to memory of 1452	680	msedge.exe	85
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86
PID 680 wrote to memory of 2348	680	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/15scEcQOpOtF6kIP9oJtgaFA2jTcwe6ZM/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90de746f8,0x7ff90de74708,0x7ff90de74718
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15124988812850599416,1223061960756908485,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5092

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22603:94:7zEvent23470
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5048

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XSPAMMER BY CODE\" -ad -an -ai#7zMap8021:94:7zEvent22254
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
054aab882c0bbb78553ef11b28b950e3

SHA1
f0af8de72c221c16d234a93b445d6d34ade9d935

SHA256
8d6b64279a12ed98927fe70fa1ddc2ad77fa8ee672c4c0ce463c5487cda0cfd3

SHA512
fd92093a19385ee1bf3eaa282c9f4bff3c33df0cc9418ff56522d38201776d1fcc24bf1f54443398489fe0e1b308b7414c55c2a8ed66ff8d68d14adc1c4807d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8ef924d2697430b519872ff0032887a1

SHA1
af8762a7d8d8cac944382c8365ba9a9bf9c0e347

SHA256
92ea3aa0e2e657c17b3c04d46f2a4e4bc82ce861ee8ca2483377a3b9ad573b73

SHA512
60ab0c046ace028b118208dd8e01ea2935c61aa1a90b0266f85a3475e8149e501c358a9da833a945c077bee4b9faa396944d2ba149e61792808270ded5151c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fc6ef5fb40a4082d314453209f1424e7

SHA1
29ceffd55ead77b84829bb3346e2b3573b3d16b0

SHA256
90820c233ae8c35508493f1459da7b2bb88b2ee7289c7ec7a3cb87962698a4ff

SHA512
014faa759436ed42347c49fab9b8585decd855e9ef3e07b5fc18259f5ea24d4486c29283023de41c68cb81a3847df78b81e9c8c138f4e4937da6a8cce13262fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fa3b97df80562348784357a076de3cb7

SHA1
149c69c6979fab5180c74a339337388da1d08694

SHA256
af31527a48c0e8a563ccab42533874261d3592d5ed19d2f53abbf0952353e634

SHA512
f72d8de0c0a203740c58797a46b9d6234d3e8440d91b8019ca322bb3dfae4109357d5328337383fea8bddcdad28c83c8d1517e9a380a3331b99401420e35ed27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b487a8beca373c46d63c726d8d29cf50

SHA1
0c8f3da9d58593c7f8c4753f4e0fe0f7685e684e

SHA256
ca1fd1b8b392e27911a88f3597febc36833fc164ff263efdb2c1393763b604a5

SHA512
af11c29c187d6677c7d2b9b076f1fa17a558602d580c5573ff9143c874866d5e35cdc27369f32198b2d1cee4451acc5ac9446101a88dc7315117dbfbfab903b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a5d133d0175950b06e011f6f340210b

SHA1
6692fca3a24a1888fe2e67c2025442cf0a52d4cc

SHA256
3998beab6e4263e61a85630680ed95b62b8edf260a58219be11f4087f1787f14

SHA512
62f243a09d16f7ac1134248ab610ce2e873ad1cced2433efc07cb14b8408107c6659ace68625326793563fda08ab1b24db47f0299843a1a74adaeabd95c76a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e44ce97aeeade87a2c6a2b7137868477

SHA1
c434b33207ef4548a272d7c640728a175c5dd71f

SHA256
df43bcb8a56b80faf4e339bf385ba7b4f6fa77136b4ef8c99d1134742a2de7a7

SHA512
e5f921b22cfd7fb63a3b17b68db72f27c62c4f484afed7f9dd44088498f491037f7604ca4767277e104051c4f5e294028f40067d1e1d1ed17ae9fa05ee2cb501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
76423bc0929d9aa33dae91f94c32c7c3

SHA1
2d497e4ce6b0f7f4782a2cf2a0685afd379a16b7

SHA256
36dbaf1bdafeeb7759b39ca0d81354cf0eb2228944af40b88b9bbd1cbfd3ec8d

SHA512
b9d72026b57800219437a3108c0c496cef86f2babba0cec0c4526b7da2415d9cc153950c34fd0ba1c334e0a8581192026b11f4ca0707379aa39bca2eac2ca3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e6f476084ed479e2518bbdae67d81263

SHA1
97969263a77e3d65e78c6c0df8b7f48ca3a47b28

SHA256
d28ad2543971c5f024f9a303c951912a9a2811070087f32686310efec2cce810

SHA512
a2a6754f34b29d7dd873ce18566c8edd37fc26f2ae9f17ae6c93f4fd3301d374bd9007515748fa0ca81ac16055e8178c9ee876b92a84ec41513d9b00f1162621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f30b2c9e47491886b41c4650b1d50236

SHA1
fe453b2254a7fa8e6575acfebbdd654b61224826

SHA256
a4a73ea3cb7a8010dee36b412e10d6c566e51882a8546f4697940d88478b2e8b

SHA512
a2763cbfbf8cb34b630a4639343487a86b87f786a09ec7eff2d6bc66f17f2b627746e1401094231abeee24d0e2d2ff4990371bbfbc407f2a6657b794d28982cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f3af789eace9c5d01630d27344335c10

SHA1
6c37095fe986cfff2fd0d0390b50880b712502ae

SHA256
5cf73d564828f32ef0aa3a0edcf061c4a7f1a85c24b7ef889da0491161ac0174

SHA512
3703bf73d1afdcc4b3f02b40bce577754cd9dbebf9d9ab38c9d54d5eb600438fe8d46c9bad23914bec269c143d25121050bd37339c8d8860add26cafaa38017c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
db1758ffc50bf2aa5191a93abbb17053

SHA1
3de4032cf2980edc20e4449c6f7fa9a7eb4b5b25

SHA256
bc6841ffdb14fd73375bedae3955155719330d046fe821ea4907cffc778f33b6

SHA512
9d6ca9faa871c87e739e5dac12bca96a13a885dfec25f10a5a1c9cfe678b9d479b289a7134d8fe02ca58fa70ccd5557dd83bc134da459a5df4c9125f045a6663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
39fc7e3e6162ccb9011b3b3e9679cf11

SHA1
38d4a4cd6b325a4b8963eb26b0d8ff95166fc0c3

SHA256
fdbcd65139b37c2543c6193b1bca1ce30229ce7db174c85d5ddd6c041d283755

SHA512
9903b2a3d6092de31007c8831f7f6f7067638f462a621b4d5c69312bc434da3569ea532efa2d1b2f767509a060c88ccae31513416f61755a094f5690d82e833d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
55a16666c0d360a052abfe1e32090080

SHA1
6c55e0de334268da872d39d1b8ca7241867b4cdc

SHA256
e58a5f74b7eb376caa4f8b53b597885c3c9dccc06448508f8631fa013e5048fc

SHA512
21a3822f40d772584a73d03fd72d44679a779af196c9b9d71b34ecec25771b133d757d834c9772a3d983413bac275d3bfe09ee099de413ce18565c5b0de9e2a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
561d547aafeb40e13829c3ae76a799b7

SHA1
6b25b0154b3d349cc9bf51872a8f372fdc9d4e86

SHA256
7881a2119a4d29ef1a7facba53ea6880aecf1a16a3ea85d0bd8c501b52ef4332

SHA512
a5d8823a10e353f28333944b042999a7552a1c5ebdfdeebdeef30c3aa294011d933139439b26c3d4839596525b2da452d3fb9c5e65ddc4e07323af1accb0dda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
62f840196900cdc50b31b3b86bc83284

SHA1
63b1ea1893ac811473e7bdd6a126737a38a34390

SHA256
0869b61bff9f889b89753ed5db103783c6f54474535cf409a2f8d64f32396ecb

SHA512
09fa51d41e48c9bd990794c4520c6a7a853a13a5ad69650aaeb028440345b72aaaa35948cb2d0640afc7acc76c0a0c9ae3adf66f814896f9e886eb07083c0d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4e3112eefad4d5aa9fdab6640b90673b

SHA1
097c45af88e63ac851c667f64a6f9674b28cda09

SHA256
29cc016ee0c202dc7e58ce497b8d206a76352810e7fb6576f981998da4e8c852

SHA512
32f5a5614c1a1a99673bfd17f9c21ed34ba882aec9b60e70745d4ffc424d0438e4459fa7f97b76bcfe9ad68c494b8aeff469cc83a21bf03cc3749fa47a917687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b213ae2c5bf1ad018e0d47f163e17d5f

SHA1
a2f4e926173a51c580562d56b4dc08c6fb7a6840

SHA256
1e7d5930474e83b001f8eb7366824e52bd48b9e61cd681731756d3b9e11f64a1

SHA512
99c6ccbd8a579da7fbdb5564bb23cafa005df16d70f63a308fd54ae12b7eafc7dc8efc31e32dca4fa0e19efec78a1175f1600312d5ad6bf7d4f45664d74a5509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60d32c9f67ab8f1988bf196ab0240125

SHA1
7cfc70a08efd63cfed5640ade991f069a8eee613

SHA256
ab0b311ce7f8a98fe8c33fc7d2250f15e70427c0a256d89fb24798bc58b7b77a

SHA512
d53f2fa0060c24de4d38b1efd28d6f475e694981f0f1ec6f8117986127be33626027f40bc4e63bb5c60bcd397b3a93307a1932a1af7bcd31301d8418ab4573fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2d773cd583e7c970b64bdccc301a150

SHA1
6a5046456397a3413c168a14cf7677047a462f58

SHA256
c64a3d4c2972d3efa7f867b32158ce3d1dde985dca9c9f452e70ace6fb175be2

SHA512
dd2a408be1f4c83b39d85d299b5a2a665678201439b402ac0ee00742b2dbfcf644922b2547cd120c12ed827b3ee2f0134d1bebef7958aa6f93bedfa6175a8c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bced163255f08e87603a106de22b9a95

SHA1
5c6e0990601fb5fd27ff75ce12289a768e945fa7

SHA256
782205eab0ba5c62aa2a83040f41d00c2ec1b7b076e5ead3d7e798efb9a0fbf6

SHA512
c768d7d4c180f7c8d7fce9d35eb1bc967e1a604ce7baff596c91b62316daac517fedb6b4d8d7e715d2dff88a1d3d60debac1551df48d2d03c1313b2b387630a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4480a4911264daf5a94ea2a92338e695

SHA1
9dcbe9f8388e2699d719c717bb6917308db6ca23

SHA256
e744ceef46c28b63cb0c87f9b764fa42bded65983c0d59f9642aabdde9076cca

SHA512
d4d2652cc8058da04f08c6351ed0d68b91e584f0d6d9198afc3cf4ae97b7d84da5498d090f41241379cdaa2cbbe910b5d9b909e2b75240cc9c06ac94af2bb519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ac5fc990e498d798091d40518e424827

SHA1
6648107b8afff0ed15b3c98d472ccf2cfabff27a

SHA256
b2080a620ae4b8dae92a156ebb04824cc35d5c899e37b0b1c74a1b3eae5a6f67

SHA512
b046a944151400275f5f469373156face8a67a1190745b0a69a76bf6c78d4857c2e13eac0522a4a8276e657cede7d9b33e37dea438f80fed8857d7d8c6c37666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f725e589c269477560445bcc78129462

SHA1
f047a30b07a9cf57b7261682bcd1f65190ed9c63

SHA256
ae6e33a8546144baff97d85fac83c8dbeefeec09526cf99f3d54a06af9ba923b

SHA512
5d02b6d1015c8cb8045b572d1cfe75a6f221cfd8ca437a7a87e8f775d56af3a5a419129fc9dd1d61090b21e04c13739d47fc692cf9174903e1dde05b13203156

Download Submit
C:\Users\Admin\Downloads\XSPAMMER BY CODE.rar

Filesize
1KB

MD5
5cb133da8775bfc12bbf96d4584665a2

SHA1
08640ea2d44213980144c3ff70dd6095a61146c5

SHA256
2050e1344163302dd592e8dcbe3b14e72fc17ac13dc3877e088e72e0d9561370

SHA512
087e39af3a0084500dcca07128acca9fb9c206395ff9fdc2218369665418a459237fe2eb92e556610d993630673205f9bcc69ce520f478537e37e9ebe8e4a514

Download Submit