hxxps://drive[.]google[.]com/file/d/1RmzieyQNMSM7vaDQd0jDHfXG28ylz-EJ/view?usp=drivesdk

Analysis

max time kernel
50s
max time network
51s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08-08-2024 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1RmzieyQNMSM7vaDQd0jDHfXG28ylz-EJ/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
1	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
1500	msedge.exe
1500	msedge.exe
648	identity_helper.exe
648	identity_helper.exe
1740	msedge.exe
1740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2404	1500	msedge.exe	78
PID 1500 wrote to memory of 2404	1500	msedge.exe	78
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 4588	1500	msedge.exe	79
PID 1500 wrote to memory of 2704	1500	msedge.exe	80
PID 1500 wrote to memory of 2704	1500	msedge.exe	80
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81
PID 1500 wrote to memory of 2884	1500	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1RmzieyQNMSM7vaDQd0jDHfXG28ylz-EJ/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8fa23cb8,0x7ffb8fa23cc8,0x7ffb8fa23cd8
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,4274057041439070432,11477925027038999677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
316KB

MD5
f8b0cdadacf8b57704bf8b6d115755ef

SHA1
70b9f3cecc92652ac663ed0c7b7267329f84c122

SHA256
d78894c2d123d731f07280c95e5e78abad887633b0b1030239b104598b63a341

SHA512
c61b43a9ee73ec7ce7336b232a07e9dfa299ded46cc55dbdadd3fd5bfa0832722148508a520976967abc52df55f583eee87b809c1747e4b8dbc3ed93eda9b113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
594KB

MD5
911a238f3c3d0e9c877073bcc00b17f4

SHA1
9f28f467339ed2c7c0b2e462e8f8b305a0be0b8a

SHA256
258cc20995bb7e66e67d4939604053df6f29c64701165634ac33e43d9d1e96c9

SHA512
1ebad6f392786f72bde86c74b11234232ae51f4b9a3d2935a91e5b2c505ca0e20b93567d3257f6977a4689f0e6ca1d32e3fc29d9ad0ede885e6a83d93db19ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
77KB

MD5
41e3bbe87340da30d483aea4d09173f6

SHA1
0b731187343330ce607917e3f7c30ae5d4546b99

SHA256
19fc3c2f958dc60df3f6ee423bd4249a9b6ce8c38dd2483ec297de740c0794e0

SHA512
99c99de7559df7f56ef92f14d4ab6dff99463be0e450ffe5d20091895563074aa3015a22668d2f6ac1a5455d4296ecbd9538427de4ee3f81996537a17952790b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
38KB

MD5
f62c23cfaddf3f4bb1450e304bd8baef

SHA1
b6f050e8c025ea9341b630c2a00dd532257c0af5

SHA256
c8f85288f5afdbe5c3cec1d15757e87a5e98818c320f8d6401cc43cda55aab25

SHA512
6f2c2d8f98bb5784e0b12ee2932f6ef2f8191a79515b2833e4dcaac4facdd996fa79de1620c3fb57e37d473839703adb199592baaad9480a936957bdec271f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
71KB

MD5
938e640dab142a9fd0bc386b38973795

SHA1
0fa6d957bf8c78abd587069bb6a44e61d6527a3f

SHA256
d7cd5db9e91fb47a14d82107840b2f535d65ff7e45e2bdbcc10ba9c52185675a

SHA512
0f433260fcc49afecca678d7a0c75b16afd369da53c2edf7580a40e1260bf12f3922cc399e7f8a7f1712a968dd31cfc5cd79b6b705a346a58b2eff4036dde4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
16KB

MD5
bbb08b8f186fc514bcbd3c558d8c814e

SHA1
9c0387d890dd729e8aed407e1bf732e128d1d337

SHA256
cb1e2d9b9748f9405e8fe22d83e383c08b276a1ca52b4b4fee78fce29a8a6579

SHA512
ae4115559733cecfbca0adce85de2d689bae3f2a9ba673fdf7655e510d14ff3db45dff0c3fd62662236a1a667f12f2f4cf1b9efd2477a6a228a777cbe328ab89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
65KB

MD5
1f3cac23427e6a5721837ffa289797c5

SHA1
83af30fe82433fe7c838f253e6550dd9b2ed24bb

SHA256
152f1db3311965f75926613c7142a3b7bba2fc6f45897907f6a0f97d7898e01b

SHA512
a078d23423912752c297f0e9ea3d44cca18ee5ed7bf81314350e49051633a7d9beed04f2e671806115de96d9b08637b6fd0667d78408577e9d8c4a75baefc4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
93KB

MD5
93d2934bee8efb32846df3bd3e0429c0

SHA1
64edcac108bf425adb4df5886418fed52ed90c76

SHA256
f2d3c8cfb8601eb3dd0735a0792d264c166d4426a33d1d3059d883891a2d6d2f

SHA512
b31c94e4427002f51e8be23140c75fd70a6a097362e7eac5d05811174bcc4034c718c2b78305187b51f939a3ce1f0c3ce18718599359594b590ea6f2a3ed8df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
286KB

MD5
b28f9e673f0298baddea0f3037ff1b9a

SHA1
f0601d80e27692f7bcd63b8001a4c6df61dc81f3

SHA256
f25a7734630cd6d17d24c4baeb30eb4127ec6845503f95f5e2e4071669ff8757

SHA512
ec39a06e6c7497154c47941870ccb7c7ec76271aea582a233200202ba33d37cf64f97bde4d8232db8218f10604926e3ade1677ce90893d9e9f678876a594a484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
ea1466453e279a6e0fdeb53a3023c078

SHA1
3cb30b254acffa03354362e771239af7837a92c1

SHA256
44084c6e7480a6d05275ce64bb065fab2c84fd71c619b269dd08ee07522fa239

SHA512
97e649b4880ab877fc1590c63e383708030ddd984cd7e38f543a662f6d5fccf2068d093db3b8eeb51f241d89c53f630a9f0f2012daa3749551316571db5bad45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
513a41a19600364c56ed303bec746c3f

SHA1
51b4d621121a87e653dfe32b7a2b580e6dc0b6c3

SHA256
594c5b661ee56da82a7c1f7973075bb1fda194338f310ba87d254a9c6b08147b

SHA512
8c1fd699ce583a7ffd8fd8ad19547fca91ac95a787d9f744e94fea38654844a1acd8c4c45904eb8f50e874bef483aafb29971b4501a6fc97f53c5a559aaadae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
604e7ee23eb8535dd1024e925ae6eb35

SHA1
eef2330e68d8e4419d27ccd7736c0d3919efc760

SHA256
3d57580c06187bf02a24f5ca798f4a2d528d3d73d8a54524e98b6844e68201ae

SHA512
da683ba86f501cd35b988b5638b5e79da4604739310915dfa4274833994e2572547e3a4cd0a87f75c1b66dcff101d84dcf1cd23c51b3e8a07d4a1976ad0b1249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3501de0e697ab0466ff2555a70a8620f

SHA1
85debe4573a15aa7b3cac9903507b0fc15e0ae73

SHA256
56be7e2241183db43bb96166967ec1d52a97f4e98ec994a799236329a087bfea

SHA512
8eed7d4f9e4196bd751fe9cd3a2260bdcba8d65559b7e24d1a70df4474ee8221dc521c094c45b9581da29690060ccc8651186f8da704e720d0e8f2f302b0f46a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
975d13f95e573cbd369038fd205b806b

SHA1
1051c13a7aed291f8a2ddaaf1f16460a32bd51fb

SHA256
ede8061e4f0aaf4c208db299a8941db45f538b5a948889b65ba9e0ec8c20d381

SHA512
8343a5a0d2adf5e969ba871b054854ced88509d881af7cf44e4b6b22070a888bd355410d4a4fac6f9fe48322dfcc8d5c22809f3f8b95933c52490d0f7c2a56e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a418eeeee6bd384ff6a12768199ce2de

SHA1
68153a0bde0a1420f8ff5d481b5ddc2ec9e9c21f

SHA256
0c91880d4d572b532d8373f0b618b0672d20698e162aff1c8e656a81d33e6404

SHA512
7dc67bbd8f2d3a4e6f56ecdbb6e64390eaf2bcc966d22fca479c5637f082573383f97d76d91edae552a108fbb155525b3deae45ad584147e6292e401d439f0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
715eac34feaae793487dcfcb486a8b57

SHA1
c0387f15a773daa37be414436dea3af8cf3bc174

SHA256
6eaf941e0614e72964da82a2d4e6404231afa06150eb3dfa79df03eca7af76c4

SHA512
2ef9235b263e23076791d1c76ab05839a6bd6eac064d37f11388663a3cb460c6c86afc6d91be4a0b6884281b4d9b64e36524e92a07b6099d5337dfdfa2c75656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfa455f6a11919167b2a1b97c282efb8

SHA1
6cd66d801cc6b2dc472c0a1de888e3d65c2935f3

SHA256
7eb1ba1164b6bc834422730bdedd3eb1353099cae67a860ce30f20d7886fc749

SHA512
817ec07441ea1ea49d8114899e9f906cc2ac6e6f82d94a6d3fafcec3acba825b3bbc3b228c63a4041ff188ed7ff137cfd2625929c0beb58503fdd93e1535d9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a59.TMP

Filesize
1KB

MD5
6bfd9f975992cb71e109e28d14172305

SHA1
2e95b6d182ec2bf8980afe7c57bbae7f1b420054

SHA256
a58d9601a146eb5624c52df337eda939a086c1b778f08599825097983260e6fc

SHA512
d805b5d356d6103e4fe3f8760e0dde899b5acd08bbe1cd113e5eff09df16984abd5f5e6d1d88cf1b6188d8cfae2a90aa3f15fc16fddd756b045f58d7bdb574fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0744e8378a1f3dff01bbc5fb74d004ca

SHA1
49aea2e54491d908a9b9219e8b740c5b77812a7d

SHA256
37ea83d1821e43d46f9f67e496385694402a9c85587e8e871edb544e285163be

SHA512
0359581252154783696bae29a94f3c92b51c0a797c50b5c19cd5c3623ed3894fef8accdf36b9d99460873358063ca8864e00871609fe3114afa6e9b7a2e49390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63203ad7b3245beae549a3df04a61cfb

SHA1
d8a4aa3b7c9c61eb8733bd8a9359670576e17987

SHA256
70679ad061e1bbd58df261a2fdaa4820a63739bc2a8b6b3a8ee8e659cffffcd6

SHA512
2e0fb6ca925412df3cc972a1c79d605b2143896a887e94e8aa1e34562d8c0f3b504c395086c0bce45770706491972306311c9e1bedca00a839eb6cc3c800d00b

Download Submit