hxxps://drive[.]google[.]com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?jm0z0JBMiv

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?jm0z0JBMiv

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
3960	msedge.exe
3960	msedge.exe
3364	identity_helper.exe
3364	identity_helper.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 2436	3960	msedge.exe	83
PID 3960 wrote to memory of 2436	3960	msedge.exe	83
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 4240	3960	msedge.exe	84
PID 3960 wrote to memory of 3756	3960	msedge.exe	85
PID 3960 wrote to memory of 3756	3960	msedge.exe	85
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86
PID 3960 wrote to memory of 1500	3960	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?jm0z0JBMiv
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90e9546f8,0x7ff90e954708,0x7ff90e954718
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4861366112395092518,11902843299806303065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\522b2402ddc94a60_0

Filesize
289B

MD5
9a037db7ae8bd796b0b8cd60945e0ab5

SHA1
57e4e1304c4cc592d74274ed3bcffd529645dd10

SHA256
9c0c9ee5044eab390dbf4acb55ba84fab11a0c4b406fb8d5f5371d711a83f0f5

SHA512
522b7b18d3804090856e70a8f420d5360545863168d1a0fe043bb7a85ff4d361defefaee728fba01db088ccf828a93384fb57bae8dadbdcf5b9e39b6dacea876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf9d5101e93bbbea_0

Filesize
19KB

MD5
b019fdf35767619bbeba0c9084ba8073

SHA1
68bd2d61e28f6e01f61147acabb5faf9b5cf8a31

SHA256
9d486b03556e8bd47432b2e99d0e7e750d35b1644d547f27584fc4c88ff02ada

SHA512
d24957933765e553ba4dad6649f1adef09170546316955a691b0750d24d45bc1dba59ba9208feadb5df87d93ef9c04a47e59b731b27c3aa1166f56c06053c2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4fcebc974e47fdb_0

Filesize
335KB

MD5
5b39a97a0bed0e7cb9409b4d1b9c9acc

SHA1
e80172566108d3ab2ffbe4eff02b8346a52e616d

SHA256
35b3e1d7cb28ad207d102ffe2a6b41c3d9decb926f013d535a9cd819fd192b33

SHA512
dbc5828c00ea0be407505adc9a24b30546490ed37c05527548edee94a4dcb1ef5dd659bff4e2b795c807ed64308b10293ac26094e2f8f6f87da36e45ad198b13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
99d507c90aefe5d4fae308c1bc2dfeb4

SHA1
ed2a3b5c2389af384527e0394e8c2bc2799c9237

SHA256
cfd849dc85fa3e5ee4b69de18e88ba22faae3be89abde3745c842f68c1367acd

SHA512
25a045ad74352e741b946d3d63cc39e9c5789da92bc2f8767d90f87f624b399f6d6edb9b70f8de0155f9a3710815f0fd17e0c851486d1122e32481f7881f8cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
1663447fac9207e3fcd922b416a8efee

SHA1
90c88adc4e05cd12ee486cdad58cb7330b9c9850

SHA256
cb23fb6677c8921df3f192d34ab67e2417972098660628e3697681e01d0995be

SHA512
35b7247c1f17693fe9b02b167f2e7af659cdf8930d6dcfc821502b5a3a3329af4d3c14dc5ff1ca492ecf3ffd63a0d5eb40828660b897cb6f1486ff91a6374421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
97ac546880bd637b54173475a64223d1

SHA1
5fb21cae3851b79ca2b5a582244b4ed937ce9cbf

SHA256
00ec437aadbdd4f251c838b55b4f7e1ea98d5fb691252915236a52a90321d23d

SHA512
f5c2564268d2260b430dfe3d480dbf0138656f91a15355bfdf1cec4ac713a32d4d588de88183a22cf873805f526cdea3abca742e2bac4f2253ae2d84e1064d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3b57b2cd6070b1eef46fd99d0a9ccfb3

SHA1
8ae4d42cbc06ac5ace33e6209815d561448d7e86

SHA256
d31b78d26d04b128008e48654c3f751ee40db3a75ef5c6bdc610c1169e312b6a

SHA512
f6e09a9cd1e4ad777c777ba8cf4250a0401f9af66d9dbc69e5ce115c6d4edd5d9bcd4526d6f2de95491a83b0cd409b47cf5242cfd4bf4dda93527d93266a9b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
9721ea12f044114167e38c37f5266548

SHA1
b599f115e0b6855bce74cf02c274e973b3716496

SHA256
4d26f1ee28f602a31d63ef5a0c65676bfcaef4748919b687a4b7f98f32a77af2

SHA512
5ed52fa917813b42b45d0b0592b6736672ef7c2e65e5ccec3fe60994558788dcc4bfbb283853c189dac070dfa82e6e55b0be07a97f6d5361d67d8dc2911f5629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ef2586a17b9d6747ff0ef29644e547d4

SHA1
e045de3f1f0cbaf63056d1601a5b3e8ff811997e

SHA256
7549639f1644956b6d3cd07232e6552679c60272f95ce39a650264359f3ca0a2

SHA512
5af15c57d8c66e0e810ff5dafdf93b7df65c43220ff04ecf3391b67b2b95d690dd14cf79e7d479e16edfa1378b0937eebff4c30fbda0f43d350b7d9a6d0ff5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dd0b9c10b4124cb60725bf8ca1934c5b

SHA1
d7c51455ee079be6fbc4bb7ed800f2ff69669391

SHA256
868ef3a7c141d9a6d54d2ba5a4b29e697361b41d65b0d752862c2d27704332e6

SHA512
ffda4713c709f062d3c3d7c8c092c5f9e0a41750399cdb182668686a759ce79e1e6e0d40a5c178ad873c1ef88ffad70070c0fc1355138809f97fc87a28048a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
799b070db47c1b8e8f8a6ec8873a2ea5

SHA1
b241f8d9e051121108858594059cacfcb7595abd

SHA256
eb50778b0d26ed15c20190909ad50e33ad91fc009bf43088158544c7250672d7

SHA512
cd2bbd9d129fc6095a178970dc1509ae43298ee5239983356cbe14b3a654a9e9802f3fbff2213e24bfddad9bf59ed34ae4ea72f15cdc10db5aded1eb3490f814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2ca55b7460f1811fd5fc37e1461344ee

SHA1
4068dc090a2e060ab1f2342aa387d01158aa9a45

SHA256
040626b8cfaa2ae853a0181baf84eb748a9279b6033b3868c2c2178b9daaef95

SHA512
70fd841dbd7a3b6acd7ec3126c18103953264462d77f17b665ed94c6be7dafb48397722bd5e5e327d66b7d17aa0b871b06fabd3680f9650b40d68c874764cbdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3f1c3c74a3881f40e5d53060a95c0986

SHA1
60cb5ba71511d157261e1d13739aa18d6a653dc2

SHA256
85d5821e2c26286e1b340121c32533ccd5b6af380e4130c93022acf3b840eaba

SHA512
3b597b98403a41255aec5aa45c6b211a775a63b4808280c093e6518694d79d8b44dabe19ff1bf1609895806299825cad6bb7795ecf5aa3f32fcfab6ffbea9635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea181ce824ad0f2108e9eef4b5c4a0a3

SHA1
afb8bfb8d5ea4d5114adb6d4388b86e9716535ef

SHA256
73d120133b72e0f26a9d40219ab900a3492413c5443f2cf2eac16ec8f86329e6

SHA512
b31275ee16994ab8b7f3ccb8ebf9eb7624f4dfec656e7104e13187a42d75efa081a11fcaf9d653e23a770bb7bfc46f8e9ea2e288763d0a5c4e4d85a92fb04d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d9f94d1a1ff1512763ff2a041798777

SHA1
1b12439684ab76945701032a880b33a7d0e64651

SHA256
9eec0d9fcb05beb3c1b49f1a238269b262baa1ee753fdd547f50c3a9162300a4

SHA512
e0fee9327d82a2fecb9efef71263ce84b8ebf1e98525471d96a950be60a0dbe428896bfe58c00d6ba777816444ffb99c3d56237f63d0a1f4a7c74a79a6fdc90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b2d800ef4d2d64319244b737ea98b57

SHA1
dfef684cdbf90588ef6bc9dde8aa1c7e1a8864f5

SHA256
5d810ec2f7bb6bdfed5dc2b44e163f175c166a51b73a3db412a8cc3043b894c8

SHA512
7467aa3527bb43463393c849c0453927043194caa1b9b5c5b4f068872e49b3db0327636c9fd26a5b9a33d41adda7d6af29b863f00cb4d356260162bc93111647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e8cf1b588169f2e78d5a9f86f8eeaf9d

SHA1
89fcdb75e939b0734abc78d74863a93c5d0376cf

SHA256
5e88f54da113df244fd0181764c2941fe5c18520afd96184aaafccb23ba06354

SHA512
76630631c1b1f97bd73349af2b7001fa1ba35d2fe35f256dd403a3cec0a60b4985d310bc390a9173dd3a1f5856e94e33687ec84df067e74da4c1e06c7270aec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0add88efa811a2d58a67c652a592cc9

SHA1
2147693fe26ac63047f42f42ffcabbe419457b75

SHA256
9635e9c6829c024580764f1593dca537cfd88046057245f755e14ac1ec953624

SHA512
5c3e5acd284f88e69fe5a179febeb0e0e2a9a175214ca5535d06a0df5de32f398c2f1e56bfd91508359d637cfca4bd1269a9da126c39413f7144aa00e311dffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c1af9886c715dd1253fa54f856e47c7

SHA1
311e9b94815cddadcd6b6c8b7d6ba00141d6b220

SHA256
e4d391363a67b282b7f8fe6010410ee2350950e5ffbe113c14919c58bd162798

SHA512
9f96ebb2ca76cc9b7dc1a9b39b57fce834b568e30b1b3577318ac5584ec8a95439b439a4c9dc2567b09cd73edbd52238cff48ebc5dead1e6ba31d1e254273eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5803f3.TMP

Filesize
1KB

MD5
e192b346e3e8568de4f48890c5d2240d

SHA1
cf05228dbded6687fdfc5512830d7e9a527d6226

SHA256
e144936d93979503300261b15307c3edcd9c59b1aba2e97be9916d032609cec8

SHA512
24c7c7ee62d2a9c979c8f6abf580ce6f15df842e1f3eee5ad00e74be4d7481973711c7203be33e32a347c401054c6ecfca8c998e8922af14008a4f3813fa54ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ada4f5ffe2275a86c5903e92f54166bb

SHA1
3488a51b6e0d96d3d3a74ede20559a4fe2ae39e8

SHA256
dc3fe6c07aa5f8f1085af6e08335a6bb684cfe5e0840cca114a84a5bfe63a10d

SHA512
74e5d0044f699e72c2951f308874456407591cf37ec33afc67f2fac07891579f8227e7984294a2a0ebc3ee2e119b6e1d10f7c8d31fb91415c8e4466394bd11ee

Download Submit