hxxps://drive[.]google[.]com/drive/folders/1GBQzKr6bkOy9NEpnvMoOZNZAyAq92rHa

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1GBQzKr6bkOy9NEpnvMoOZNZAyAq92rHa

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
12	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5164	msedge.exe
5164	msedge.exe
1860	msedge.exe
1860	msedge.exe
2996	identity_helper.exe
2996	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
5144	msedge.exe
5144	msedge.exe
5144	msedge.exe
5144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 536	1860	msedge.exe	85
PID 1860 wrote to memory of 536	1860	msedge.exe	85
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 1264	1860	msedge.exe	86
PID 1860 wrote to memory of 5164	1860	msedge.exe	87
PID 1860 wrote to memory of 5164	1860	msedge.exe	87
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88
PID 1860 wrote to memory of 5824	1860	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1GBQzKr6bkOy9NEpnvMoOZNZAyAq92rHa
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6dbb46f8,0x7ffa6dbb4708,0x7ffa6dbb4718
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12247819795379265646,122141567016322230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte7ac5002h89d8h412ahbda9h6824dee4f37f
1⤵
PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x108,0x12c,0x7ffa6dbb46f8,0x7ffa6dbb4708,0x7ffa6dbb4718
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1424,910968391359927649,10847022950185241576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1424,910968391359927649,10847022950185241576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b07d44f3a2ea17ab7459fa0d948bed6a

SHA1
1badd362f46b4610d1a139069c82c5e2c02ef5f2

SHA256
5ad5ee2554c011661955c206046077d1fee406732141d2d9d0c14e72930a26a0

SHA512
af204a871a0f0109cb932452b557ac2b45431ed8feeb5f14aaeeb1d4607fb11e7998183d1c47b25263daccf4f9499e60cf5444fbd22fe46d191fc9ebbd658336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
50d56ce196f36af1893c2dd04eb30079

SHA1
a9a3833133f4ae2080c975197323e214ca01e1d0

SHA256
73b29c88e5f78d4d07138fd3a6e68c02aa83f800b0aef41acdc5583f7726f988

SHA512
9a8c633e96787ff938150bcf6ac06034779a8942fbb42a4c845d14a42ed05098c0137b15d3348cedc05c2878172a776fd05288b05304f811cd4bdfe3c237e61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb237c09025c598820f3d66e1ef0ddaa

SHA1
1ead844294c9e0b1f2c36bbe532137d081583243

SHA256
441eac26145ba898ea75677d2157ebcebf4becfd71a41830540a0207c18dd32a

SHA512
18418c93ee9c93e43af688299d33a2d4837af8d183a19623a579e8fa1c9408d98e4d6534d8e6cb13906a6f369e102733a34cc512c1682459fa4516beb607c78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2646ee7c37c61a8392445d9573bfa9e3

SHA1
3eae511fdecf20a6711656d157101524f351ff14

SHA256
207b7d0980a675ca45ad67367802b56cdf142c76d824a04230446dc1716a8bf4

SHA512
99e4af7bb923349917bc66b180966dbfc2782626899a2a18e3fec95b2203880986dd2c4cb08c84dc7c64b270c2a6028282aecf230c98dac68707491d6a875f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee6d02733018f85f8a42d2f773b211cc

SHA1
37a49d6b46658c3bd8e6f84a46da12d6781606fe

SHA256
c2217a5063fae963cbfad641f8b54460cb661468b73a43a78d450caa5ead3865

SHA512
1469c4019d3369483670ec89fdb00d03284bf30cca93e98dad322ac4953c900200134a37745b5b8ac97986b44ce485577d6d5ed81b87426c36817ca03e976e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5b0a64c3b8c8f240296f7d60ae37cacc

SHA1
e2bd295f4860e05464096b9d3d4c014cf4775aec

SHA256
20bb16b9aa9e85b79ac9274c0623f231611a982bca56bcfa3cf48a0e711ba08b

SHA512
b585380f355e583300a70e8e58bf5a4ff988de46bc5e6dc1cab1a9a7112eda315d545fee7f06af0f7f36df7f0f609aedcfbfdf25ae8b34f27759a23e5650427f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8c1a3c4991cc46b18e4b2554baad5b96

SHA1
6b065dd7215823ff11af146fcfca8924246d911a

SHA256
3e419ba5f69378e00d73ce9ca45d2393078ece81ee53785d2ae681e906174c94

SHA512
93c9411069aadd5c96a4ab877b78fead106e6cde4ead953717956182cf65db2b76dda0bd48eb02f395e9a44603e4cec62e508ae7bf10b2adb2e47bb74f2f881e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1340c38224367c1a7d54e2dc0e1c8648

SHA1
9f4fc1f298fdf00bfca791e4909c32fc352f73c5

SHA256
1d75a9a624ffe4f4cd037278d5f9306a3f4a1fa0bdda01a598aabc87e25e97a0

SHA512
6cf28e8aa564c10d2d418851a8d1f29424f2888319ab1e7212b88266cb3efe8af96ad18e3cf411c2311bdc793e623d2c9009600aaa62da7d338a2785acc50aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1283824bb1c64c596698359b479cf0c6

SHA1
5be2d03ba7a14a34c5a7ddc172a3e3d24623e1c5

SHA256
0368066ca18d11d077df69846826f29607cc7fb62943b6763d298eaaefa517aa

SHA512
ec29e7fbc83578d21af4c726114aa7e30c5f30f00989fa5436664beed793106ad280b7fbd5a17ff78facf1a4e6dfb451ac20a03ecd57265c476143d5867f238a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae85dd4f150f1c3e03668b44a19634d5

SHA1
20f42ae29d10ad631f70385eb50dd8cb1bef472f

SHA256
ef50be4f8cc77aa8387c86e2a303f87aba4a218b5a57f9350a0831e973ef16a4

SHA512
16c2808787d39525db8500c1e91b7e425c03497861f648f0895de19efb29969ec44f937a8a89e7424d0234e64f2d1713bd13045f7b05753016cd568c757225e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35cb1c9f47a0bf61ac19da31f2b5f234

SHA1
d051b034b5f1c72399666983b2f313e792c6c62d

SHA256
68589dfa2d650b9d441e3edd0265cbee58e8c724adc9c7a29f695af0581260fe

SHA512
753e31c71a58f8decc7cb7c422fd8369ccf5070281fff329750f7c8a849311af2434d1fa6caaa2d51a6e105f075896e13cb1d2170ca014d3138b3258cf3b517b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0aff57405c3dd256f32dc4653d653e11

SHA1
b5912fa4caa4cae068df6774360c83e0ef3b41a3

SHA256
a95760bc72c12a569ca72209a6f5c62b42b0b314289fdc2d6255f1b0e53df0b2

SHA512
91524dcf3a92e40e1c8d18b30680bdbac801a62f48e52cabb1afcce76ae22e00db719668fc2f5060fb943b3a2fc80663a93e378fc3d82cc9a376165dfa434e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1da5caa836ae0529491644eca1e55f9c

SHA1
0166f06b648755c730addd4864089637243d88a7

SHA256
2d89c1cd8298598b9aaf9452e46c3f0c6f814f4cb987d3696ab5286d29e44268

SHA512
29328efe34910210b954d519d43d8f514fd7910c94ba5cf84e7868473cd83ac7b36c6d9a1c8d1b47c28cc0676e680e1cd3a7a020ad919e468d850b5801dae089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84f9ee73beb1ea19f54ef3a50a6fc917

SHA1
632f63854e19249a9c4069ca93514c3e03e28297

SHA256
b109e7c95dae5f0fd6457638d00fde8a02091b2e7149910f4fab75fd13d568ec

SHA512
c146ff3d6e95d2d61cee8528f963d091e39756e1f82a8984675c42e5cf3cee58355b48475299393feec3983147efa4bd11450967708be4a7c43c7015c43cce40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dafa.TMP

Filesize
1KB

MD5
1e94ae329285d537d003f95107fa4555

SHA1
89f2a1a144b8ac7fa52e1ae8f4a36ee0132e8bb0

SHA256
aa2a3446700b05cd05a9f98a457ea5cb018922892beaa58089087dd525f31c41

SHA512
b41c5c74badbae36759261ab9b0ab3e9936902ec467f0833d84c2e8074525b8c27fecb46afac28124a25f636365206e741f57537c648f6886fc708f3bb600038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2d91aa4e2a10bc68f7eb3c66a47bd72

SHA1
db7206fe0ff5d4ba153eed17b7a0aaa391629312

SHA256
23d6e18221b4806b6430b87b95a64f07dbbc8cac537660a32d086e42c2a36adc

SHA512
c1db744e9ec0a079dd9fdd37447afd6370b800b2784245c4dabce4c56f4238c835f3f06322cb37d02cbc5cc2f722f784de74c28683f685e52cdbb45d11be0c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3348d8e944032e6d93cb1e7724494d4

SHA1
741b1bac7d8fca409b03cb0449deef545d22cd3e

SHA256
b990d4e8b1be2f298b8c738d87d6d136eab9545fdd43cf5cc321e37bcaaa5096

SHA512
8663d4518693258fd9410d3292b8c0021af927801a24b6339bf23d1f86b92009130fef7144cfb670ef952a4457ed474b0b302b5c1345f7c1eddb21b321f2c29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7e173938730121993477c4f7eb10c914

SHA1
b674d3868d99a739d42d0f6f3418dfcb0103a204

SHA256
fd7367dd3d0a506e6c2716bf2b128fb13a26d4b89cd3067aebb5cc2aa4cd2143

SHA512
c6f335c0dbcf9c0c38fcb575e9e0844e500a8fb0ba8b31d8f36d5a9f76ba136575e164f97fc6ca7d95301f7a31c44c73e060cc09c27707c72a6d8bd1bf73247e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55c63537397d687a2ef5a55377f666cd

SHA1
48d476c622e58dc41e8d1d9a29e044d37d607284

SHA256
3bf82ff937131839a3ac48e97ad3efe8c942605ad4f02ab9587c2725dc27506a

SHA512
a7961a4fdf2cd49d621a922c79238f950387f4fda54d305513d3611490dd0ff6276887a97d221de638dccd4ab259cfa7266c4b0a1f9013022cb19fe9666d8fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b01142ecdae0776a88d849cfd3ff67b9

SHA1
1812b864140e0040fd53703bbf59edb5a121aa57

SHA256
6bf538dea0c122135b2cde3e8043ad82d5b3b88a6f9acdb4bdca743c74f6e8c2

SHA512
b02832c0ff5faa18648e5a0aa6f3968f8e4175f23835017f4ec6889b7d211afddcaf9fb309989169b93e2464e6f4033671818707ab7868811ad69c5ada71090c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
188c6b8cf214c77c49c69eae85029a83

SHA1
2f5481f61ac016589768ca36057fb3f21fd530ca

SHA256
2a59ca02ae68a941e20673727bf95bae144f282fd75947450bb90942187991fe

SHA512
91f8002d07ce16e00cdd3eb6852c396b65673d51063593e7b9309d82882b15a6d4d0be0fa7426587670cf736bab370ff64ef34efc25e2eadadc9e5dd907f0926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3ab247ee30c970fc30b86403e13ff911

SHA1
aa7bcec26a83e9c2189ddddb2332d70930f69f87

SHA256
299a79610dba625bab5f304c33cd6506394387178cfdf739d32438f392a3307b

SHA512
6985534f53cc8518f95eb50041d18e2fabe55bb48182f207f050ba54a5a4fa4df683eb5271269cf094e1d96efc9041401d9d542b0f90318e9beec3ae0bd64fc2

Download Submit