hxxps://drive[.]google[.]com/drive/folders/12SBg9ZKckhGIXkG_ySTi6jM8HaUQ3glR

Resubmissions

02-12-2024 22:56

241202-2wq9gaxkgs 6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02-12-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/12SBg9ZKckhGIXkG_ySTi6jM8HaUQ3glR

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
12	drive.google.com
13	drive.google.com
10	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\694b061c-a0f9-41cd-9afd-16b01ee05aca.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241202225634.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3156	vlc.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
3880	msedge.exe
3880	msedge.exe
356	identity_helper.exe
356	identity_helper.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3156	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of SendNotifyMessage 46 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3156	vlc.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3156	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 3660	3880	msedge.exe	80
PID 3880 wrote to memory of 3660	3880	msedge.exe	80
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4020	3880	msedge.exe	81
PID 3880 wrote to memory of 4200	3880	msedge.exe	82
PID 3880 wrote to memory of 4200	3880	msedge.exe	82
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83
PID 3880 wrote to memory of 4844	3880	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/12SBg9ZKckhGIXkG_ySTi6jM8HaUQ3glR
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff35b246f8,0x7fff35b24708,0x7fff35b24718
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:644
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff60b905460,0x7ff60b905470,0x7ff60b905480
    3⤵
    PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4004132066772489260,8648953354534589742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3664 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TraceWatch.mpeg2"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5fffb9ed7c2c7454da60348607ac641

SHA1
8d1e01517d1f0532f0871025a38d78f4520b8ebc

SHA256
c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

SHA512
9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32d05d01d96358f7d334df6dab8b12ed

SHA1
7b371e4797603b195a34721bb21f0e7f1e2929da

SHA256
287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

SHA512
e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
32KB

MD5
1f76396a01f9b997d149642fa19395bd

SHA1
f26dd69ff0c45d7fcd9553f0cc5caeaf5410cffe

SHA256
c519c5d085e60c32c52df7706f00daddd219415a5aa2c45d2d7d9dad1e5ac849

SHA512
0153e322815e320bbb18042488bffc0bd7a7c6c063c9919284086496c58865e4da89b3606c0f58e1b7c0a07380dddb2e2a59f967966868c21c26670c215064c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
643d9d26afb10e5db7dc259c703dbdae

SHA1
7f42cc2861cec094dcf74dd525f40ca62228e761

SHA256
202242a29266f26d9990f33033849490a3dac937b528c36cafbf57bb17c63299

SHA512
d3a627e77cd8ac889bb8ebfb1cabbc0627c16d00c514bb9a5890d2ce37e77b52174d1870b69c42adac599f82cd69c5fa898736b7ca6289e0dc5c3f9921a9f00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580de6.TMP

Filesize
48B

MD5
b8956f5989fee9d1ec894f7c36d910cd

SHA1
e703a62ed63e8b8e8d245f17aef4f33a9777702d

SHA256
ca7f3f50dab0ced4eb4ab0f395c3fb9955af673b351d3e703eb4dde487acda5c

SHA512
9fe608896f6bf6aee787a0d26edfd317fc3f0bf32b8359392bd9e113228669cf18cbb94da6a61ef1fa666197acc91215d83a8a26a80566ed2e54783921a2d326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9c8a77c2ab6aa60655aba7222ceaf67d

SHA1
0a0213e829ee8c360ecec752ada7205a519105e7

SHA256
0bfe1cb6b72a19416604de76e751ddb352020894456eef453bfb57bea5698c9c

SHA512
a17c97c548c1e106bc9a3fc97c097fd876f08de8f276451e2461f4e2a879f1e042dd1b71355b6f9ae151e7e69908f3ffd9b2a2e34a5c7f906ff09cda4b4bcd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58ab5e.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6513731774eb4ccac9e49435f712d03

SHA1
97a17f0cc18be08a2f5a9794bc822c95fe14d193

SHA256
d769a299e7104013526f6a8d222de44be135d269f7ef710c70b1b17aea04e5a4

SHA512
395c5152aba65ec97282e0c0e85ca4ee4862515a7d5ab78861fc7c224b747eecc4eaa20511ca433a34036cd75a818df7ef451942d7f5b1d8e6095d139fc083ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e4ed0304f216961a3fc49233b6485b4

SHA1
2e6393337ca80cc972413d17aa81073bd8dda8db

SHA256
9483df34b3d2094381ca1a5aed59b7b0631c6978c4cfcfb5c1303ed3b9b99e6b

SHA512
3a75a639bb9ec08e492b137579a0da6c333da2c9970f576e2451f9af453d67ef53e16d0da059701ffebba166a9f0b3301275acb92a5f428b21b3fc6acaa26ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a61892d5701101344cf8966866c2df47

SHA1
04140daffec7c7f20e75e08be67ee8667aedefed

SHA256
b7656f716fb706c315efa5a569f6527b8209912e2d842458b880fdb5e03f340a

SHA512
1e8fc6c53d02d4bc6e6ed966c4c082bb549448d1471e1bbf35fa151bb22e177d35bec8562c4de4720b9f43c786f4eef66b46df1f552b65e3344b043cceedf784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24b00b0ac894a32c76ecd308df65347c

SHA1
d31ac172017697ba665ba8442c7fd520e01eefb4

SHA256
380f40d886605ad0ffb1da3b965d74a47da8c8760ac3eb22f19ed9cccf06763a

SHA512
28dce73150e62fea6cabf875764c502c98c636334b94a6afeac2fc2e21ab0db6e405949d2425b5af0ed65ff37556c860bb03669c33049b27f27315aa8e52b998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55412e78abddd9dd6700996ac39c20ce

SHA1
451d6b1bda631f5eb86f8cd07b03b801cc4fd907

SHA256
43aa528d7993d869035af9edc268184d669f9509002d090835db09f10664f708

SHA512
3f5f1176ac6b1c0777dccc1dd930f708a8811fc7d21cedc69fab93a5e3ffd9dbe3e197052a51e6e48a7b7bda11b666e435881c414ba84824fc3e03ae93f0800a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6e466bd18b7f6077ca9f1d3c125ac5c2

SHA1
32a4a64e853f294d98170b86bbace9669b58dfb8

SHA256
74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

SHA512
9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ac2b76299740efc6ea9da792f8863779

SHA1
06ad901d98134e52218f6714075d5d76418aa7f5

SHA256
cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

SHA512
eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb55d26583c8d20be63f58364028ad99

SHA1
564c563da9d1215c6d759eb11a8f2fe228888867

SHA256
b6729a1741bba5f0e88ff0f4d4b39e8d4be7822433b7ae5cd2da81199f7cf30c

SHA512
1e8329976e1c92672d3a05562ccb326b986cf76787a29d253a1ecefe55f5055178b41d3bb1b9a200682e62ecb498ca6a8f48b5cd6f7ff38ff700c4698b42b66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5835c1.TMP

Filesize
1KB

MD5
bb8f17dbfc4401a1b4fb271768efd720

SHA1
1573c6f19adca3b3c8d9aa1043599a6fbe609182

SHA256
3488eec74da98cc41b98ebfb4b7f7b7610f9527592eb8bb623ab174c7b6df233

SHA512
dd6b1aaa9e145a438a82b5253393ee11c93f4e8f006388aecaf260875dc7a27a6f65c3ac2a9d392821ceda37cd3e84e19eda93b428458f146d29370c482aedd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
686bd6b50c7cefeb0bb73b154b501e5a

SHA1
b3eeac42fa0a28f935206fa7ec5d37031e8eb750

SHA256
c91c94fd2bed998b9c5284bd826ee1566fb21c0c87d0d9c557c21ef11d2ae27b

SHA512
885b39467c35ec171cee40283a46750db63964a0709191af1f250ec30e137dcb0ad7317e0dbeeb5cc123d56a76e177e1ad5149cf031127c1326e672118cc79ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
52f66b79f6fa6ab0bde3d46b378c26d2

SHA1
2551e1610c2659059ec8b6ef42a67346adfaa54e

SHA256
1e3afaeceecd618e634e88c3d5b0e7169fa686b6e5d7237a5522410a5fc07841

SHA512
4ef9d8c1ea91f7100b458dcd33fc26e4a0aa75143ca52e33250ad02b5ef60581813d0da0ab4b74db86a5111b34e9577964fbe4f47446e76f642ca2e6134fa753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a499d7ca773a71bda663e71a3b0dac02

SHA1
25a374594290a7fe1372664cbae3fb67bfdc2c1a

SHA256
d78a0f27126de4fbefa544ad0d2f826e52ff95176688b8b85609e080c766cefb

SHA512
d53087a843ea9c13b2988a22dea12f9ce0c012c2b79aa4f0d58c86a547a7d60e0da05baddb3b23a3b79d09be35751d77d212ba1f46d13cab3d4d8367105eaee8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
50c2e2ccc7ce3ab4d6db5ff99764f7cf

SHA1
fb219842e209e31af93859ff086d207c5026e9e2

SHA256
d74727a8b9cbbb93226ab05e65f5abb2446ef0cb3455917ce9eb5ebc29fac16e

SHA512
cc5b9b04c8c35e2aa4ebbad530d2d4c9b69f39a55874ac4e460e85ebdad8dbd329b187406c32b8a05c5b7681f6d7adf0c087a13c25039f41ca465e065017b31a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3b467e9b2358cbe20c38a2727f02ad32

SHA1
a83d70f7b3a67667027c0aac52b4d8d7873ade54

SHA256
29e7fdb16852af31e2e9c5f5ca702f067d0720f46776eef51e5687f9f95fb646

SHA512
c46c7dfa2c388b9b9fe80f4f573b88942b5de389f0291107a01741dfe59f665215a6217dafe94dcba0ff42f1c858ddf71d92380d31d4a13eb8dca1e8bbac3632

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
78B

MD5
74ea7a9e4383115d3270b53883647229

SHA1
f08f7a8e9785921985ae3ab61830d1c18206e4e9

SHA256
3680fc1f03338491780680310581d635b65645150a26bcf70d9ce99d27c0364f

SHA512
a4bbb5478ea2f82d1c62f7748204ef6dd01169804bdc0dc3e6c2cb3d788939d5aa6c0d5870b8f298505e73710ba92355e9e1055c2849d9ee2479bde5d6a295ef

Download Submit
memory/3156-369-0x00007FFF232C0000-0x00007FFF232F4000-memory.dmp

Filesize
208KB

Download
memory/3156-370-0x00007FFF23000000-0x00007FFF232B6000-memory.dmp

Filesize
2.7MB

Download
memory/3156-368-0x00007FF6F3BB0000-0x00007FF6F3CA8000-memory.dmp

Filesize
992KB

Download