hxxps://drive[.]google[.]com/file/d/1d-AcYI1SvRj8B-iwa3CP7iaGyuSrBE28/view?usp=sharing

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1d-AcYI1SvRj8B-iwa3CP7iaGyuSrBE28/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
5068	msedge.exe
5068	msedge.exe
4372	identity_helper.exe
4372	identity_helper.exe
3904	msedge.exe
3904	msedge.exe
376	msedge.exe
376	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2908	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2908	7zFM.exe
Token: 35	2908	7zFM.exe
Token: SeSecurityPrivilege	2908	7zFM.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
2908	7zFM.exe
2908	7zFM.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 5024	5068	msedge.exe	83
PID 5068 wrote to memory of 5024	5068	msedge.exe	83
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 392	5068	msedge.exe	84
PID 5068 wrote to memory of 4452	5068	msedge.exe	85
PID 5068 wrote to memory of 4452	5068	msedge.exe	85
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86
PID 5068 wrote to memory of 3088	5068	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1d-AcYI1SvRj8B-iwa3CP7iaGyuSrBE28/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd907446f8,0x7ffd90744708,0x7ffd90744718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8835483663670560173,1580448502907208159,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:444

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Downloads.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8edf5aee848362b3fa4c7102382947c3

SHA1
0ca71672592fef3c37dbf92a155d747c927b433f

SHA256
16594552785f10884854bf38d179c9c3d26d023a089180bfe5a3ceb03c395e6d

SHA512
a8863cfcea01c05938edd34690db467f0d429f0598528f23392ca7e7233a9b2fe2eaf7b886ac965e22e8c63ee79af84654e5b2f7e94033e5f54622f7b9584893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78d53c4ecb4f237a195804abc28ebb1e

SHA1
5b036abe11431d0c164cc5427aa7eaaa2d8d1580

SHA256
b1ead24150c5c17d1e8cdfaa64b4395cb1b0872c6f4bb25eb8e024ba0e39c847

SHA512
90c1e12b736dc1a644262a44141f4bd7eb5fe935249978d1ff083e39017652ab847107add5b5fbeec6318db181cd22a728938fba7c384c8023ed8e3c03e61496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
66016b690283365f27d00f3e9f7a9e36

SHA1
40a24eb2835c8859f2bff628dcee34a2b22ce8d9

SHA256
fc380055a44589f2a59e8e04a604e3ed8225d4e713861b5ed7b0b160dc204998

SHA512
66883eaf52d2ff7c52a0bbc2972611d92435a61767213d4d47c9efb64a718f3509f66b937b97d08989a9b2467f3c40aa519547f6525ea9ed992fe412eb009455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
50155f477a105c67da395f1c239bf620

SHA1
45e5e9df23fffa7b010e057deb11711e5a0b135d

SHA256
7947902447ab9898f4039f2c76cfc5dd27dc1b9cb196969c1b685453aae31d4d

SHA512
7cbd5c01c07206cf9013d4f96b6b456c9a3a2d03e30d803d7bcaaaa5ea3f8da150b3b3176a1b0b935c60b45b93bce72a8b3ea2703d00e1cfbd9d484da2a7c1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a2c75b984465341e37f6cff769c303ad

SHA1
9fbc5a291323d4084ace33a63308593263c74ad1

SHA256
d4ecae90be85144636eb2f9422b065fa0d4aabcbde29234cf45a42e2135a5ef0

SHA512
5691887ffaad480d1a34be7c3aac5587ab4af41a3adbcab8c99fbb57a41f8fe9e4c9d478c7edbf0412e8cb82c2fd2befd515ebd90973dac60415868e3bf37f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4867d2d6e7367649040e3ef4ca88d73

SHA1
e6c56bd35465451a39b9af54e565f48f5bd75d6b

SHA256
63440218f1850a60321989602f0344a2b32a03b1f901d221de0ff2e2e63bea69

SHA512
a8d05295f074d020c59b7309696d15710c129fe8eceecb464a1f4ecb4a1c01234457944aab29fb944fa3778531c3e576fa95ba171132b19c3cab87d17d45c689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1343e4cfebcfdcb95c082cdf44cf9ac1

SHA1
63e7bcfca9953ee39aa40e183fcdaad6e579ca1c

SHA256
62427686d257b00929761c7934d1a820bfc5d326adb49a2b0b967921f01aae94

SHA512
9882d63d9ab9a251c9da30d9d2b521f38e977dbeb2362c21c92a441ab1a0b204409ded0e86a5ddd95a3976df51469d84a834da619c8d3c92267e776eccb30baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c95b2add93887293eee4a4153137bae

SHA1
817015f9ab0573bcf9e65a0a534b13401724d318

SHA256
4f8b7d680554f9e33c807f1f42d57324cb79e627f8ee024b76340ab032773732

SHA512
7f2d68f865699cd70350374e71d338fbcc5c88ed56e580484d7ec19c30abaefaecd49deb5c845e0152197d8b5c9ef6d375205721cc987876728619f1ca39ae01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8ebeafe7b2479fbd5c5a488fe1020a45

SHA1
b1c0223ce4cc5ac8dc0a347ac0b729f305cdac57

SHA256
a84173fcb65581da122eaace433b8beb6ed799b965289c46d26b03e0db61b5e0

SHA512
41197dc20454cbf7fd2ef9b39ce1a7c52388bd0b29d0b9361452a40aa9e3a030f9c54c842729980f7f9f949c9eb6c6a856edd4ffb610832b808aba5735557f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0300ff9456d3075e340338fc61985145

SHA1
48a1b8e47844d40ce897ac5270dc9ea73454799d

SHA256
b38802059eb948caa6d59e636b5503963db3d860087fc09c70a44d2b95845c42

SHA512
551e5e31a44b230c14be90ccd22a22a3a314ee8265894f4eafd0f7db98404093a08974002ec740e37ff858b4b81b527dcf5f66a88edd1566bfd6b71730bf8884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3ec8a8ff8f390076c259685b0c1a570a

SHA1
63f160f656b4203245d76af9da4d138dbf22fec8

SHA256
5e370674883e8cf5682ad2fa1ebc135c393abeadc2d1eb63a641cbf64a97e071

SHA512
4d76b340025caa14d500d0a0ad6be5c105a93dd068b9bdd7222ec232b6d036d5a9961745fdd68aaab0e18bd48ad394199105ef8eeb01cd552377ca52b0c0689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d68934dfd20a7f335be93c7367d8eac9

SHA1
74ef40acaa4b95ac00c67e74f05f8bce48c79888

SHA256
9ec17f2af1e6a4c6b23926b541f5a79f67da47162c79165d2f3baf4c564065f3

SHA512
0481a9c25bf0353545798b68455ecfd52510959aeca85f975d55e7fe025297f2c10880cc3bf1453b7f621ef1f06932f580a22112b84f544068deade59fd80749

Download Submit
C:\Users\Admin\Downloads\2d59325e-5bcd-4e88-a35d-5cbc9336b666.tmp

Filesize
132KB

MD5
a42b93cc659cf1fc89600e8b0f1a6fdf

SHA1
09705c324bc0c21c790ab6b246740ff60ad43fb8

SHA256
2a1f65e18ed9d0b4feb035801770a352e8f71d2f99fd56b0d80da74156e4850b

SHA512
4d8f4646daab9dd29b4883be5456cce7b633705ad1fd0376699f3b240f1926e655857a1e6880d39dc6fcca11d74e4a414b2748ed74887491ce41dd6068fc777a

Download Submit
C:\Users\Admin\Downloads\Downloads.zip

Filesize
27.3MB

MD5
0c4a484570940bd4ccd59b89b42f2744

SHA1
c3c05c5b60a5923a087ea28e9ddb6d3091083c6c

SHA256
ecf6bd50affd1daf6fbe5334b8ab5adcf27503ea26d73a5031803a33b8ffe6be

SHA512
a45202cabec55adb024d30d8f657f87412d9499fc1837ec8985522f434e4e9c5daa1566b42db26d778c443b2c4be416855fc44aa72ccfcf6e2d97c50c08f71f6

Download Submit