hxxps://drive[.]google[.]com/file/d/1x5ha2yyloRCgw6ezFI1ZCXIse301kXg3/view?usp=drive_link

Resubmissions

04-08-2024 07:37

240804-jf3cpazdkk 6

Analysis

max time kernel
277s
max time network
264s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1x5ha2yyloRCgw6ezFI1ZCXIse301kXg3/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
109	camo.githubusercontent.com
110	camo.githubusercontent.com
111	camo.githubusercontent.com
113	raw.githubusercontent.com
3	drive.google.com
7	drive.google.com
103	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{17020140-6CC5-4BA4-9E99-B220AC82A4BC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
208	msedge.exe
208	msedge.exe
2164	identity_helper.exe
2164	identity_helper.exe
2540	msedge.exe
2540	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 2860	208	msedge.exe	83
PID 208 wrote to memory of 2860	208	msedge.exe	83
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 4804	208	msedge.exe	85
PID 208 wrote to memory of 952	208	msedge.exe	86
PID 208 wrote to memory of 952	208	msedge.exe	86
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87
PID 208 wrote to memory of 3496	208	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1x5ha2yyloRCgw6ezFI1ZCXIse301kXg3/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1c1646f8,0x7ffe1c164708,0x7ffe1c164718
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5008187247311618097,13548427844588915095,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e0fc56c-a858-49f2-a7b2-0a32e2339e5b.tmp

Filesize
6KB

MD5
8b56ac1b1a37dd9f85ec45dde11fea56

SHA1
0b85c6aec1b2610588497a9ddc4f072fe5262851

SHA256
61538a44fcccc837e8c0a9c46a36c6a323cbfa43fc6f3760762b582ed409d71b

SHA512
dff4a746599cfb31e1d13fda601f39efcb43709ad88b940142c964ce7182dc1d3c9fd8cb00ed5b7e4eb936ceed782a00093a5c4fa413a709d20608522dc42b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
fdd5f6fb7a57bf08595e76279805d0d1

SHA1
24c70320c9dc8136546f5fe504dec79e34d37d0d

SHA256
6c2cd31f0ae3c7b0f09d7155a0ad24bed6e6993f969576590dc70985c9474b3f

SHA512
42443588eef7b10f08a7274d49b4fe8cdd6b81280b09197ac03be119f814afcfad1c4d9c0de2c1e7785a797218b2b4120ff9a85e69bb7504a821234bf4fda1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b9cfffa2ff46c4c7c8ac29578eb81772

SHA1
a3b783fe685c8fbf1a8ae771b329af3931c5a484

SHA256
0e685c173afd223ad0008f757c950c63377f3e74ed993ad8aa83c4d7615f4371

SHA512
363b23950db171429cf14540eb28d78f9d91d32ba9fa08259d1e5c3654a099ca8a22c653569b970f1b45651aaf8b97e1a073ec7b9fec800f69df4ef16997f3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5fd6d2348052e302a14c7ea24f77be8e

SHA1
1f412fe3cf10c12c8b6f67140a0f2dedac05a2a9

SHA256
3a4770d099c97a701442940ada407650d2ded593b9d228865ac6aadd821ff79a

SHA512
6c0ddc89c29102b8913536d24fe38e77d93a753a748115c5af1c86c489c5f6b4105b24c25febf329672f09968cc5699d40c0a8b7a417837a3e5927b0ad64e101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
05a573182d668310fc76ed4f0428c110

SHA1
b00b120a191c3e0af8ca5c5e489fc03637e56269

SHA256
a034e3ec94397db9fb1d1e0678b505a69038a9d8446c9c062bb91c0ca2f40c24

SHA512
5d48ecda2eff977ff09dce8bd27caea465ea4aab148eec736d48dc623c13151bde3f1a931aad1696ab77e73fb15d291a13fe1ca0876d5c1d5610260aedd86662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bfcb8dfbba6aa75655de84839142ad1a

SHA1
da41de0be943d7c98419f93c24d11156cd6c56ec

SHA256
5b330c774d7f6214dc3d548cfd4d2e4772c995af6fde5e4663bc618b195d4320

SHA512
8eab24189c95a9976adc93d2a367cd1abd5beed4d07e0fafb977d9c967b9a194d91ba1dd1c8b5996201ed98f45669f25ec5ee6843d22add8184c9691439c98a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0044d4106af821b68568d0c3aab45c3

SHA1
7c84c7943300b30abd8dabda9ce42b05a004e6d7

SHA256
a139313bddfa514c34998b79828419bffe846671d920ea80b2a910da2b0a16d9

SHA512
2185f5ee5739f1c11ef16d02d002c9bcbac68b841ac9a10cbc462edc01857467fc9c2891b7886250b738c3a5bc56a76a051865798b3d77ab89b8e28a1a9b03aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a39bc115a7e1720f15482dc23a21a417

SHA1
88900d347ba261ac53508f0ed0c4f36278575224

SHA256
a3cf4cb3e860ffcdb80f859b4e791fb30bd82dfaf0b6187d456e9c72f13c029b

SHA512
9dc118ac77b2ee4d97026b53360703cc8a36607d83370dcc97d3467a25be9539d6c2a8bf0c6dde727ee2fe938756c934436b8754210bf51d31adf4f8e286b597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7891aaad990c896b76e5a27868e894c8

SHA1
8a58e55c737a95c9fc7235dcb923678fe51c5a8a

SHA256
f3cd7dd4d31e83d984b7188ed565e0e10f5fdcc932af473f3d8d6f83a50388d2

SHA512
b4931c9b7857bc2e57d60c0d8f4c21359de80944d4e46a3562bbc72a08a7320cfe1be1294e42f7409ca76104cbd1fd299141eb5166a07e6599ab2c5c9b0e0de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2af0330b7b4a9ac8c112a031d96447f5

SHA1
fad008d68918bb12cc4dc13fec94083c2779f91c

SHA256
8dbef4b027883b922f8354cf459f6da3687fee29d13bb46efbaf95580944b15c

SHA512
28581e25a138de6b827aba70c4fe631e385beaee47d478ffab301004a92ed69a91cdcd3b0f5c511f12025af47e7a0b26bf35eff1ccb1fa6ade08abb3e2a06442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
3fa9db9bdb332991739ef1f8330483e8

SHA1
f857fcdc4c6daf15da3b8c6de83c362e8502078d

SHA256
9d1207668303177c56c68c8daba4f08c4487868a6ab4cfaf4fe1ce4a62eb2987

SHA512
3e5eead920ef35aa8b6410b1b7643fd6d4f2eb922ff97d4525f61907f8a6bf4c6749f68ec57a6679774fc9af1f6d3285da4bcba01409976dc474f8879b977acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
36b7ec3db556bc074f2c6ddf1ec3cdfd

SHA1
db60b4e090d9db323af2c69f878ce5208a7856ba

SHA256
a2e6895a7540ebe3590095d9cda971251fbcac05aeee568860f87b7f43d517f5

SHA512
cedbaafcfd294c83c460cff517e8fa825d5df36c578e45635bf41d42383a1260a15ba8b74a04d4b1e036edebef35e46f8fdb72e715bd73aefef22f5ab3c9e2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
782620a1b9efab3750384b07b25cc473

SHA1
adc69e40f2890c814adcc84a7cdcaa55422872fa

SHA256
7ef005f2980810a60a5713158ed24fcec940b872e7ccdd07035b083048af3b97

SHA512
8903d3ed36cb4c185b405e213f6801c6d151ae0ea482707a1f9f994ed1ba8d99c1fc23890343ee771c540589e0ba639d5495aa4cea53dfb405ea016b390c4cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c4669e6397e5addb01002ddef9f5645

SHA1
f6dfddca4b9141ef217869dd26c194ff6562e2bb

SHA256
1d47818ab52d6b4f427eee3127cb7b02bb338ad63d0a0e9ebcdd7170e48dcfc6

SHA512
cc4b98f2b3e9017b327280f2b9051052e4cac284badcc453871c8fad722a50d0b551ae3af095946cc5533a3a42ce0d226a57193efed55112692feb31ef4a1098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a78.TMP

Filesize
204B

MD5
b7a7c9c4e33606228173acf6a489d8c6

SHA1
364a3664e8ae1a80d67b1c069f786353757950e7

SHA256
187cab576936c5a4b6911ada81914d111fdd53b116fcb87ee67a17cccb43379b

SHA512
993f73b51ce8a80559eebce5ab3be07d4b04c712026d51deccc3103d11b1c884e515f4e12060b274199d170d2e8da37aeb024304cedc734b3fada59f5d0c6d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
81f9565e20c92973f10ed924e48c9225

SHA1
d6860eea662a6b7bb7f4540128d508595b3f602d

SHA256
fe910678fa29eb1e252df2ffac09939167738569116a8022a9229a085810db8e

SHA512
e855a6f6accb60f49d7a9ccf3f080bc41d617b4c98767e398d0a5c51d40f551be24b257bb4e45b5485a810ee0a2f48aef7f4cdbb3e1ae9d0a1f0ff2e3752a931

Download Submit