hxxps://drive[.]google[.]com/drive/folders/1oeUQNZxH0i-43yp5U2bIfplkL09C_mPh?usp=sharing

Analysis

max time kernel
315s
max time network
313s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/11/2024, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1oeUQNZxH0i-43yp5U2bIfplkL09C_mPh?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
3520	msedge.exe
3520	msedge.exe
3140	identity_helper.exe
3140	identity_helper.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
2224	msedge.exe
2224	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4388	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4388	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3268	oregairuzokupc.exe
3268	oregairuzokupc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 3096	3520	msedge.exe	85
PID 3520 wrote to memory of 3096	3520	msedge.exe	85
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 592	3520	msedge.exe	86
PID 3520 wrote to memory of 756	3520	msedge.exe	87
PID 3520 wrote to memory of 756	3520	msedge.exe	87
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88
PID 3520 wrote to memory of 3044	3520	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1oeUQNZxH0i-43yp5U2bIfplkL09C_mPh?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffdcff346f8,0x7ffdcff34708,0x7ffdcff34718
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,4394773651963873889,12968943876780276721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:976

C:\Users\Admin\Downloads\win-oregairuzokupc-1.01\oregairuzokupc-1.01-win\oregairuzokupc.exe
"C:\Users\Admin\Downloads\win-oregairuzokupc-1.01\oregairuzokupc-1.01-win\oregairuzokupc.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:4968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
25KB

MD5
9222217ea98c35e71acd00dfe056b030

SHA1
42fc786d7b865bdba84117ff15357fada69d3b35

SHA256
1bbd4cf227b3645dccb3d9e3e03736d4e7612326ef09126cf18fccf00b1aac4f

SHA512
7aaaa2031579bdbc89a31201613e26f4a1b67998cafc0d2372438beb22f11ba0bcc13d41c6d6e074b3e5a8d87a15dee42747b796c92d619549e83bb117362780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1e7094730997838bdd3e84d2f743ada0

SHA1
33bf89ea8e7b978ab4ad292ccf6adf8bd382d892

SHA256
d5ae9da403a4864b93dc1612ebd99ad626d10c4df689543a6f4068d9a29656e3

SHA512
0ce71aa5325cdff91589fa5ed1b38114ef8aaecf4764f81a9c6944c8057ac208f048a7a8f94f7dfd3e9d9d5524bbe1227f4b78c5f6ebfb4a864a8039d6dd7ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a438c3f3c1a53f438fcb0151dbc24849

SHA1
dcd86b7774d508dcdf8f5e2d51fd1ad3d4a29ea2

SHA256
f656c9c68aad805d4359e84cdfd25559937972f972015ea1332bdf7392c17d4f

SHA512
9a34dd1e4f28653f15eb6e84e9868e9c9dd208b7d5e1e112844350197f7d14c8e2cddf3f1ce5550f323eb7fed8d47b123fddc5d7b85f20b940d87fdd5e9753d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
09ceb62411f5764302fb8cb158a7acb9

SHA1
0044470b659a89795a2d4f819c076c6789205eee

SHA256
9f3671222fdc862f6a4e3c2a8b74b308cfb8e4f279511fca073845415f820d95

SHA512
cf3e5965ad6b376ff35b35a3ffb72d444fd25c5e14042be5a5a0cecde152b9bf3f0e0ad94b1f985fbf0714342b49324631f585912d60a2561170f9b2d4b7b6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e78a3506504bf8d7daac5685f52213bb

SHA1
7fbc434fc4bc50ec2cb5a37c4f609e1500f56ea9

SHA256
dfc616738d6afd7913a51c76807b983526a6b16a22ef0df0107d7b654a143b53

SHA512
803e3b0cd1d2ea885061f428b59797ac29cc8873640cc54da9ad7a21b4cfac3d4c28d42fd29801374cc7bdc33d06944a9462928f7570d5f5ae5eb81935e20409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f2e39eb58d30aae9503e1d7cb1ae37c7

SHA1
fbfb0d5f51fdeca690844d9f96da8fc7e1abc6d4

SHA256
9ba1007ecf9becd23043bf2df91d7cb6d3ce435b5ffd35b4c8aa020e3e903520

SHA512
a03e243c73bb0c0407f3317df5f3267981731e1d8910226f8517b87f4b807604b05de79c7010efdb7778d89ef425089f5de6bbf0898302e148c8574f80624c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c5cb5709136b75eab426ee1f8e335d47

SHA1
d15a631f6802f3a828374045b4ea1b8d2fb6c169

SHA256
b39579c6d42782dd401596ab04c095ef1309ffd39eecc7573cde11285f58c9e8

SHA512
00c8e4bd299adc9b9c31677322deb23c77682e6191b11aa9e18df55011443d414fe166cc489efce7c12c7d0f176b4e56a98eb30ecc482f86356cac40caea8fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8402ab12f9a7df3dbda6a997d6d256e6

SHA1
379e1b64c8849a56b9387083b5d23336c1b3123d

SHA256
58bb2faffd7ae9009fe225b03cca5cae1aaa59c95e4e12af680271b3893026d3

SHA512
1f1f37e116f6149e208b4cb05319e4bbaca5a45ba6519d7f30e3216898e836d6689d2b185bc23453a123debebd9b51ede416dda5ae56ed0ae9c5c1e726ecc15f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c07afd72d239758b697784922a1659f

SHA1
36b2f9283232f45c0d3f6c6b1482180259e7ee7c

SHA256
e984e6b0a5e0632cc2ace6b3807e0452579f8f45a91b268b375f050416f34ae5

SHA512
ada5f2609f8c57ede5d2a6f467a066f03866c54ee93a6adbf70aafe0cfa47e9db7867eec9bed771917755225caa3073e5bf387449413e85151f3969e4280a0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
619c69662cea7bc1fe272fce0d52db2c

SHA1
f79bd0a97cd4bced71cd168fc4bda0edbc3ccadc

SHA256
9f190b879c7266ab291fdcee4fb7d2f5500f89f94647b51b08212a14a6d9bece

SHA512
5f19bfe9d5996a759d2cf4967e35460e8937a89ea5e8fe424767577aafee733be1bc4adb4513a824216b7f1549e3e2f433aa0f9f8a1f1b35c9cc025c173afce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e3a32b56daea10caa9e245633fed9cb

SHA1
05398bb106c97b02649b625e39e3d46507de1e25

SHA256
10f2e8acc66725c8ca33601a08e69b50da0dcc58afc97f14bfd3cb6114dd0cb3

SHA512
824d3c68d1dc933094fab65f91377cd61cefd88ff32a9206c6329fed3b440dee053bd07a4645fef28a18dc227054030c4c854bda1d379d6cd43678eb37defd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a7e73bc492b722f4f00d8bbd9bffe67

SHA1
4086cb30a0a7fd270d99b768450ca27cd525e29e

SHA256
8d3116022da55199131718e3335226e760a0b95013cccffee0008bfa7631aaf6

SHA512
f7c7e5de9ab7758bcdb9da42ee66570b4275e948d7e6a2ead0944a6349244e118bc36b5ca9bb20eee6e21d6f0097298dc477fbb7a547cdaf1babc3b5f9965235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8952466d68320d743428b4f923b6b05

SHA1
0a19b13f348b25018c1021330c98dca5864a6dad

SHA256
fa2fcd7fd55d91e478e30bce4c4492466d2606fac0aacd465dd4fd2f326a2738

SHA512
271f4ac29ae06573159e1ec8cec62a233820607f96bd9bfa189279cd560b6528f83ea8ba67c34cf0040da3a88a16bad9ce629b856503ec76d45ae9ed18690719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e06bf22bedf1b20a94422c846ba9644

SHA1
74595ab374fe83b73e48b1a0c1c2c11582a1f2bc

SHA256
caab50a4f38c85c3ab77a2b458f3d75d9283f78374acc2764b591980f14e5c71

SHA512
c8aab7256b878e1c0c9dbdabe0790b10924748c5adb5ce1b062ce9fdf3e3d70d14412193f10aff7ba43e2f8158c16aff85710fa2595b3393782d7eed22b071f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c3d9576bdca2f91f4c0d5032f3d9b63a

SHA1
947905965dac237ec5a4cdd9e02663a0948f7b9b

SHA256
d4ed4a0ac3d965c0b99f0b86e698367640c6f444b3273a7bfd75187513510516

SHA512
a5d45c2cc5380f6f08fea24edbafa7f1477f8d7edebf84e64b80d1c6103fab112dd01fd6b0923f2de126dbb0418851e1c6f21e68a33047fc298602164826d6f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
948a5361708683cf1ffd20516760ee06

SHA1
bb43ea9b434530a1a486b5391686a565cb6e4dcd

SHA256
036cce1600b661242a9d87038bd4ceaaeeec1d56ce4d1f0f80141f2d6e092af1

SHA512
3a8fb10527ccc6487669cf34596703a4c3e7382d48ec6b01d84a4dedb2fe25f1c2a1816edba00b2428af811f723287cdac516fcf37a9988809608266461537d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58db77.TMP

Filesize
1KB

MD5
640c139e5e4667539a80636c3df0b2b5

SHA1
9aa6c421dfc495a958210ec91e50c1dbdf5ef3db

SHA256
bf41354ce0f52f85bcef468963251ea738904447447a34501215fc3821ec20f9

SHA512
90f7bf3915a5f2021e23afd54409d99da1ab22d5f9efe4a199e97d0a73d66a9c131e77261f6cc6d1c03c6f84330d956e45812656b24869d7a1c3f68881178257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eeabc2bc-c019-4864-9eac-9383428fc14c.tmp

Filesize
5KB

MD5
ac231b06f6ae6e0dca7fe8978d1583f5

SHA1
cbf59d4358f28b9a5b47fc693ac102c7a03541dc

SHA256
09840da38de07a7efcf1a48d8da830053526d4072c196de834056a00d7213af5

SHA512
bf0bd00da2fdca9152b73bc755cded725b2db69142736d16361be723e8dd4c10231972779d850427775659eecf7759517237dadc4a6c69c486b8c7d691c44cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a038431b95413b86038d0dd5dcea41d5

SHA1
c16470d7fbd07d666ea98651ea878a76e57f22a7

SHA256
a3886971665e6982eb0ee1b19175abf7b7ae8db9549d04379b022d8a094f66f2

SHA512
885a0143d7fe88a3dc2d8fa0523a21d93b83f9f0fd5475cc2a0524fe00ebf9a2bdd380adcd7e5a0a59b2d8c3d7d00c7488e4635d1c085b30c91cce47d79dbead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c40bb984cbffb52b17a390e537611bb

SHA1
06db3bd4bb2fc58f3d2e5fb7a9068866b4c14926

SHA256
59428310000604ee4c673b04e1f90f55f25f40001d87510d075f62ae3b27c5de

SHA512
2eea3f4b02bd055577bd6b3fd3d8842c177836cf4dfb785f32e9cac1d55148ed661ac350bc6fad7a81297e200636acd066e581ac6c23ea80d3e8591242f5ea64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d45a72b7c55c9863a5843a60d047b251

SHA1
5d83143fe3a79c163e6d54e0108463808716322d

SHA256
ffed8bd136d1f60cb08631f78dd51dfa784af692347d37688c6a7a40ab9d8adf

SHA512
5397d4206467501d0f7e4b1c53fe41a631f3d79aa237994429563f1b4a29ecf5b260e5795bcdf99ccead5c9f79bf8e5825574e2e7bc1e655922a645364947a35

Download Submit
C:\Users\Admin\Downloads\Patch-1.01.zip

Filesize
14KB

MD5
968d2102768ed60563bc228b37676f71

SHA1
0c41b4c809d421f5ac134eb6366d7e47078ace62

SHA256
4060f57b442183bc86c5808eb2185f42b51f5aaf9a3e322c738aede4116c1834

SHA512
211200ecb781a29b6ce53625928f92825e872db1e9b47912d3a634f4b5b95671910a43960562eb51aed13c4e5ae3ea454f5603777c0348d0f37456e7f6db246d

Download Submit
memory/3268-447-0x0000000140000000-0x0000000140021000-memory.dmp

Filesize
132KB

Download
memory/3268-450-0x00007FFDE6580000-0x00007FFDE658D000-memory.dmp

Filesize
52KB

Download
memory/3268-449-0x00007FFDC9D60000-0x00007FFDCA583000-memory.dmp

Filesize
8.1MB

Download
memory/3268-448-0x00007FFDCA590000-0x00007FFDCB717000-memory.dmp

Filesize
17.5MB

Download