hxxps://drive[.]google[.]com/file/d/14ZWI-qJ8ET62xOloEF6HZfzNmoaODZRg/view?usp=drivesdk

Resubmissions

16/08/2024, 11:12

240816-naszaavgrr 6

16/08/2024, 11:09

240816-m9afjsvgml 6

Analysis

max time kernel
125s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/14ZWI-qJ8ET62xOloEF6HZfzNmoaODZRg/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
18	drive.google.com
19	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{285315BE-0027-46CF-B893-B23140A6F523}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
2520	identity_helper.exe
2520	identity_helper.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 5104	5100	msedge.exe	85
PID 5100 wrote to memory of 5104	5100	msedge.exe	85
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4880	5100	msedge.exe	86
PID 5100 wrote to memory of 4956	5100	msedge.exe	87
PID 5100 wrote to memory of 4956	5100	msedge.exe	87
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88
PID 5100 wrote to memory of 3820	5100	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/14ZWI-qJ8ET62xOloEF6HZfzNmoaODZRg/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb062446f8,0x7ffb06244708,0x7ffb06244718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1834332831271415626,14756528104697038969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3416 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
1ec00f2e0b5d4ce1e762062e38bb149e

SHA1
3e3e5c5290eaea524420903f05914dc475027c18

SHA256
7fa8f1bb6daf089218a2f81977d049eefb6f8b9a10677bd0e15e8df62552aef8

SHA512
1f589ce79c99f7c83be011b0debc6dfbe7abc7a400bef47f40301e9eba9cf210e16edb5645e799f720207ecbbe2937ef2f696f7804a9560f1d9b5fe561b5f0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dc2e801ad5b02b8e67e3f88c642522f2

SHA1
013fd15544cb43166dcf2934d3f83ab565a7334c

SHA256
fb5b5ba27c7899546ab2002f5fee87b560ae6dc9d7e29887b13040401d79faea

SHA512
850e546d18230e21fc34873dfceb29b7f41946444fcecad4ba70b35facdf4556334dd284b371b84c934a8935b6ae0456966664567384c395e1a9d55150f61760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3a2904fed082fe0dfb429439777c992c

SHA1
9246e166c29a4d7ac01b1c15af4403c68a658d86

SHA256
814fc1ada7a61b554f8fcb871de5af17a5892cb01b2f08caa326589aec257bc5

SHA512
c37044be74cade78b2f408db3131b12cbca583b538928d955c5fb07610af5017ea537208bafe648c58f78fab72ced844bade364ba4aa0eaf1ed071d7334ef154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d1037d2fae066515f86b8f02ad1e5ed3

SHA1
6d458e4888b22e484b5fd7618aa418f65821df1c

SHA256
1719a40fb5d736e9d6145b4aff07d4008546859a7ea19a0684d4ba420a982b61

SHA512
952ed9a42173aa7505600eef19cae1d0b79f89b64a131d0d8acc1b55bccb859e94cdf5e2958468805dbabb33f818ec99e09232eb228852a61e1ad49b3e7ba029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb5ecf58b8d93d1a698c4898c6f4896e

SHA1
19979ec7a34084a1b289b16e28af40f7ec59bf3a

SHA256
c85d8dfb199678a8ea0fb5247b2ebf8343aa1106fbd60d4989e49ede9f4f5b9f

SHA512
88085c1103817f4e6f74948e20597ed2a66cfae861afefc0d9b37bcb666a438c9a1f54ff3047acb42d530a4ce785b782cac5166da4ff867870c71d56934e879e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ce40d909afd6636d3cae03eabb11065

SHA1
ab4de5e4c919d9ce2bf79d16413eaacad50d806c

SHA256
1781b4404dda66e100d51037fd59074977324d2a090a23b8597696009c46a040

SHA512
bc4211ae0ba15d7ff84af2625f847d8a55bb8c06ff4fc470693e60e6fe382865bbad004e7592e1d811de5858833de26c5340cd42daaf7d65fa48388841a64561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a47446098072651cd7b8752f8f001fe0

SHA1
2d2f03c2fa6e488c116e779e1fbc4595cbe4f252

SHA256
068e3ec2e87bb808ac882cf137b9a076876ef9c13094e1cf98d6514197126d66

SHA512
543a6a1708e8836275a1311660a4cea183e9ad5be226865cb89f62afa9e682c0bb27d0151822d89d4d846d6e05561958a42579e85fdbc8b7e1e38da2986816f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b43307645de4c459647c06a744926a7f

SHA1
c4c85bdf528ab9ad0997904d5327726589b0a02e

SHA256
e51d23bfe650ed7a90d3cb0954aadb7c9fb372e7fc3909b6d7066fcdc57c3eee

SHA512
75493be6fe3490fdeaf1521491e2e973a5270a4def6c696fa546817e8532d4e19a2838ae364708249a7e6df315eef0e6aab02eead05282af2ff59c0b948d2a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acc46a76cf8f2110bae6daf531fd0972

SHA1
3cb831c1c485951ef861e532690751aedcee1c09

SHA256
84ee2cf6f2529cb324898fdfb9d95c1415cc4979a928db952e40591b0fde2abd

SHA512
e2c461f4384b733ebc54ed8077573beaa395d8d8d68cb14e7b1baefcde25022e1eb46ed67d96c57faec0b28c5bf3a74ce1794e83b9e7b60ae721bb2363718bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e84dfb0ecb9fab4a37ef51f95455a788

SHA1
943ca583f7fd40192c952fc0a03278bdab8e69c5

SHA256
0df2fdbeed997e21acba5987a5530b0a6c9811a09acca9c3b6655982033497a9

SHA512
a756c627ba919a2d944d1a722fc5bee18a93e0661bfe6d6bdd0fa642833c2239924dc7df4b8b85e2f25b1b95f7568c57e66703e6a1b51ae2a48316e2acaed40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38a02714d8d9a9bd7ad34c1d8447c168

SHA1
f57613ac7ae7cd8753fc8bfa3cba147c0e6d42b3

SHA256
369e20357645d58456fbe9810c8798810e56384ffc65d72c0a72f9bdac66de1a

SHA512
07f7fb176fa6762c93f842195b4ee1dc3b390f6ae99bfb887aa7f8d0e492d26725b92205187267702345105fe1e8660756ac2fbbf5af3fd60613dfd42b5baf0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4894bee93bcd906ca7ead4ed3095a410

SHA1
85a742cabe4476b602d9e20d1ad2a8a85c18a9df

SHA256
8bb022b25dec1dffa54c2f4f1f3c4ca887d6c21b4471197d7ebcede04ced36d1

SHA512
39425e6db91eb939cffff5b7c14c4d58426b9c406b540a58007f8e97cc13f3efb9ee92a55a488c81d7d6ea80ef41be7b12c49bf90ac2bbe91770125491538e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
cbf3d28b4633ce5a912325db17ba6153

SHA1
4c139774b8369fc249f48b780c67c1502c054fc1

SHA256
2e21538bd3730cb1d2f7e08a7ab331a51aad35d4264b789078c14508517655ac

SHA512
047f28fc58dc94ee1197fddef65d7d17d036540329e2a699cc7af5ceba82ca2a3245876509bc48fd75937e834f7b2f2b1965ee76f2c26e0b8f7b1b3e0dc15ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
75d07465855cca1cf5acd87ea647e359

SHA1
86166905e93ed91e2eb1319ab2ecf0579e91f6ca

SHA256
06af6415a1c90f13294f791fdc5b0071c7d394789692f96415ed048a4162289c

SHA512
ac0de1046d76ac9cac0464c23a6d0447e9a08c5dc164e557cc8e07811b11d748a7475c42fba6bb6a64af80e38921d00aad64288cbb1ea2eb035216266fe46122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
c78e11cdd22b003e86dde006e29d7147

SHA1
2b2958aa450458585694b0fdbfb101010469ea41

SHA256
6647a181490a834b2d554505fbee755fa87fd3918bc196f5c403cf159819b844

SHA512
1001106f7ca014217b21ce9804563f06aa68886223cf088df733c30af9b023245fd9ab79c740003e415cbca0200f3c881098438e53fdf6c8db316b8c707a1471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
cd08c18f4931834a5d3f4c14783a055c

SHA1
8df37936bb04603b8af323fcbb141f56a6e89d27

SHA256
5df243a0bab9586e8515c114115124546d5f977c6c8605df816e61fe34f822ae

SHA512
a35e35b63c5d150a28cbdcb37613f7965b229e0520069f151e3907c6f0dbb66bd1093877651ab05c2945c8eeec0981cd1b54efa65f8c97a71f9b8116f37cd4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe641483.TMP

Filesize
201B

MD5
3df8cad3dabb11770f0d1b6ab2fca354

SHA1
0a1a22d08bd11c5ef262ba8e37e5c8ecdfc8285b

SHA256
634c6e0bedb71b59b16b4946f26d4c63ffdc0fcf21ce81f5f90ab4df94e363d2

SHA512
4aad4d5b5e37b6ee51d783ce9d320e699d02753827c23f7ce7afc4a867b199dd3b7055666ed19e100936af45cd7c8167bfe333e06939a46a5d14b1c6594c784f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bfdfc06a-e044-4002-a276-0533853224bf.tmp

Filesize
8KB

MD5
b3715497992b723d12edc352a365389d

SHA1
128c2466f228c750d447cf9a3aaa88d648f09829

SHA256
a7e0b4104187654c107fb8bcf3dad0916ea0f3b881de4fbf255e98b535ea06f5

SHA512
b98b847c519cf89ef9fbff33c3d8080502d62ca67002d4dd14327bd71428fceb42f08f4f63d68db7bb5f36fe733ffcca8f106d8d80498b876f7af266280e6790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4549a216caf8ed5e5f35c6c528014eb7

SHA1
97a2209609c93d041ec46efcff10af8e40db817a

SHA256
50cfb3e496a5a5999d00cbbc049cace0e3ebde2c6b4e7300c8876dc1ab551617

SHA512
6ffd189d5ac793192463150e9110593d6ef2aedee5bebe3687ce55e88e538c7e241aacb10ae049247abe54c74cac0f9d0d4c94922cbc5c6ff4ccced29e3e2b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c84056c91876e867ebbf5c5df228d749

SHA1
90fe5432c161f00a4322cdd6d2b6b5d1c9499956

SHA256
b2c35bfbf554afb16fe895332592d00fd536cb2729348ca3dfafd1005de3d525

SHA512
9d056cc07ccb56e59c2c806eb21454f25a1c48667ec62b76f5eaed758f1da459f4bd06b2525cb6bae02c7010de5014bcf3522e265d936e1e17894c828c20b291

Download Submit