hxxps://drive[.]google[.]com/file/d/1v4jZV-cYFf5hgLd-IO4SAWv-rC3tzcPu/view

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
17-07-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1v4jZV-cYFf5hgLd-IO4SAWv-rC3tzcPu/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
3	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
5072	msedge.exe
5072	msedge.exe
4624	identity_helper.exe
4624	identity_helper.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3348	5072	msedge.exe	87
PID 5072 wrote to memory of 3348	5072	msedge.exe	87
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1356	5072	msedge.exe	88
PID 5072 wrote to memory of 1696	5072	msedge.exe	89
PID 5072 wrote to memory of 1696	5072	msedge.exe	89
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90
PID 5072 wrote to memory of 3820	5072	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1v4jZV-cYFf5hgLd-IO4SAWv-rC3tzcPu/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff404346f8,0x7fff40434708,0x7fff40434718
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7276999862218263209,5930171344899101982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
fa9182073db88e02455620f080f24693

SHA1
95996990c8ed0aabaeb6c8ed3559f4dc898e2e64

SHA256
1d4b7d33d1ac6a4ce27340d0bd61e05c1aa14bc867aaaa490498b115eda8fe83

SHA512
27d66b246ba87ea1d83fe20687fc2f6c71ec2c948ab40aa2dc918f83ecc6ab936f5d256041372094b800405286a57c57b51407bc4f7e854cc33139f6a95e875a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bd4b633093ddf31125dd1861f7a8c6b0

SHA1
5e2b5c24856b1141451aa9d9434558607a93a258

SHA256
f2c2604fd1b0588652759c333f24fdb4a19b350561ada78a7bccbfbec84a07d9

SHA512
edad9d621ce3c8dce0e64496f53df038f162eac813e2721c01b4226339d579776639c4c145e4a47a5bc0b6810d8b104ec0a94199ac888e67ff52a80972842982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
38ed4fdf4d3e9d2e6d4ee9ebb744132e

SHA1
578904e719fbb20cfdec827c78345a545ef98403

SHA256
19f78b6363af02909c77d3d8efd91d1ec9bc7b1fc154a503bae7b882711d7d77

SHA512
0832a2ea20c0363b847f366d5251bce8796b143a3464b21bd187177c22d0666cc7278c97ea10e58d32133159565d6278673e18e04646a1edd7e1aa8b1e3177f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4f295ff62687ff149a15b9724818d60

SHA1
727101ea9c9200071104f262a812cda9d8ace893

SHA256
fc59c0c041fb39da9192f5ec5b98a2bbda721267295ca66c9e3de24bc4630a8b

SHA512
9496dc9396b113d3124d5851ab25dd40766fa10f03394c473663d204929bfc2479966c68f9a4dbf89a1a67651dfcac19ffb87b419beafa6756adfc8d1ca9291f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e3fc4e3472fb1b0a6258d21573060448

SHA1
787fec31267cd9dc9f4784ffd182f2a300d0bb45

SHA256
c813e60291504d3222019ebd7f3066efa6d1b11167ba524ec34fbdbfad480aba

SHA512
06ca710e0c4c2f4162ad198279d6a2cbc83c30750d8f59aa2c70dbf2b4a154c078ebcc407a4f0499c9739e2ae98705709d525d63b98cc6aeb75ae65864660aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
052cc72a25bc65c1b3a9e83960111912

SHA1
1dc2db7ae996b1915649ccc41fb3b103a87833f7

SHA256
c9e7bc3f9b0ed539c1fbf269373f927a19275dc04e0ed824cacfdf08971748a6

SHA512
e96806dfe41bec2b41bbbd11a5efd4c99026d7eb98c765e18eb21aa5065dfdf65eb1dafabc03d14d90dab50f8854eb0de8ebbfb71075df349210cf4323e12c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1530dc572c46f22f21df914bed1d25e

SHA1
650474801b286ca4c888f4390dc5899c2c21d9b7

SHA256
4bcdf3b0f6662bb0280ceee7139b98a05099a809fdd4e4351e27069ef93f353e

SHA512
f3ab4d1bf22b55065e026a74848aac2a62cdaf732b7c11337c48b1fb5f2bedea1998e22e3cdb087b1b7dcbb248aba41f32922d96290676eb9a546de23223221c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f5ac085b62e364a4f3f96207955d5b78

SHA1
de17978212ce397120c57e29c827e2434decdd94

SHA256
a0059b90ff011b0a8d23fced1e7b2ced38ced1b39d5563b9f0f85878f91413f3

SHA512
72baa8e471212d829b2dcb6cc6cf673c2b8f72681d398329b7e24ae13b3db6a1d8c9bc2faecd0362373c488a0fa9a06f9fc381fd4ea14a9bde6180ddcc709ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f35af15f3494f6ca3f488ffb7007f8e1

SHA1
16a2d5ec100521125f2dc7cb410ac8dbb4da3d46

SHA256
f54572c07391d6bd3991dbbee41bc5282b13c8217228c6283dda754520ab0cd0

SHA512
44a09c7f476967e76768b78d2887cb20f633342652f5691415fb9c8e5bdd3eaae53619a49c359320789f301208d3816920aaaa1f122b5b3980b8253f6ef2eec0

Download Submit