hxxps://drive[.]google[.]com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view

Resubmissions

05-09-2024 03:47

240905-ecltbatdkd 6

05-09-2024 03:44

240905-eamylasdkq 6

Analysis

max time kernel
142s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
2996	msedge.exe
2996	msedge.exe
1724	identity_helper.exe
1724	identity_helper.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 116	2996	msedge.exe	83
PID 2996 wrote to memory of 116	2996	msedge.exe	83
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1224	2996	msedge.exe	84
PID 2996 wrote to memory of 1692	2996	msedge.exe	85
PID 2996 wrote to memory of 1692	2996	msedge.exe	85
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86
PID 2996 wrote to memory of 3576	2996	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac07e46f8,0x7ffac07e4708,0x7ffac07e4718
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3568 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,10208648363679408770,8806318232717811890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\30a64591-7717-472a-af4a-ac6978068808.tmp

Filesize
371B

MD5
e845f97bb417b2e5a31f1510302f16ef

SHA1
f297adc26fa4b68c954a2fb7733222a1423ad67a

SHA256
f4ece9886989de7f70f02191d5dde1c006395cec53274f528b58dbe98f59c7dd

SHA512
69340a63e70d74faa4d864ad47879c075c1624179bed4892e126b19176bace8c06d3078e82df15ab0a9e9fa65de1f3b8b15262a0a2a0b3b6d184856a89e499fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
28KB

MD5
4dd36552638146f0db4bbb586d77bbc8

SHA1
40eedaffe7ae31d329d039266ac9d0e684abf7c2

SHA256
f6834510e1a68c8ff59e74df570dff297539a877ae77f26438a729d7b4a3b140

SHA512
2f2fcff9cf628a64b0d92944fec0665d2ab361fdc670ec62cd69d4bcd48f39d93fbce17f60cbdcbc51752b536f6eedad2913eaed2f193c80bf5723284d366c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
720B

MD5
d0e4e7b21c0194c235993fc7ba8f650b

SHA1
f6b534cfd1d497b35336698ec2090976b3f1649d

SHA256
f079f9280c309b2676f9797ebedbc049711cca1d6638bb2761ea4d9b758d6969

SHA512
215afca905139273d5550b74ce05817d5b2bf3cbb061a4ded5f3d218c7c86860363ea1f6bc3e45ab6ce4c45853bf950d6d01c855799bcbfe533dfd0586e7882f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
34cb1935b21b0c537cacab22957c1d4f

SHA1
2c2269b5b78ace2d095de0e15943c5dc9509381e

SHA256
20a894af3e3f67e846e85e38e3275b43017fde6b92c79ad215d6de4d60854f86

SHA512
46ba774ff74cac75c9ec3e1f8cae5c96d6ecc775c3796d35078ce551d982a37718b7defd7c0c6ca1f6121f2cceba6a5b5e6f3a6673a3772966d8ce36f0cdd104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ef557e2ba9730428523edb98ca8362ed

SHA1
f07dd51d8448927975ab2aef94c8c4d788cdcfbe

SHA256
374e5612ffd221fb4b867bf3a7e80799f28356b40e7eac5043d88487d63d16c2

SHA512
2842641674bd4fdd049bcd6c2a0c31f4d50b71c3a1f9733800220ab2e1e599e2c150ac15e9f3cd7a3c201f9a96bb602151532ac1ec3b5b5ac58013b6e0bd1ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
9af6d42808d88d459955be20b7cfa45b

SHA1
a0a4025006fb5b1e6ddd65dabcca93f4237a2696

SHA256
6473bc187eafc5577527e602fd96c2a8be0b4c3b0cdc31eb709ddc2c5a602827

SHA512
170c4cc1c8afefc58cf9ef5ed1460375b2b580ed11e77f823407144d46e6c9466c447699ad2b44193d51e25d00aa05a8d52d4f0c6c3296ef19ca34232b0f17fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
366d706738279c5c6406d1114c1a0d87

SHA1
2bf04c5d52e27da313be51ff27d708681bf9d00f

SHA256
c0a4ec1457d1f66bbc922c70c27f9e71ca458ca2d5d27830b2593cca99501c5c

SHA512
7a77a063e217b1361eb7528e101247b83129d87a7eb2642d48ec0e34c6e045da1d95f4249da580662343459299e16ed78ffe2761aade547d189cf880f0754501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b4c018f2210a1e6161043ba78f844377

SHA1
abb1cd67fa8b93d01173dba19626daedaad2d57b

SHA256
c59db871fde4a2abde794283fe81ea5d2376b531a0be07c5e91f9ff52a93cc20

SHA512
7940b6e95e9493c3062c28ae1f3ff92cebe91395bed1127a2419391e1389d38e5937ca157a565581ef23936cd585ee6bffb67b8842d2403c77eef11b769ef189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
40fe585b48c20030305505321ab25a63

SHA1
cd3f2a85d3c531ee57e6df74fa2b483ae83b0355

SHA256
b377d6368234846161656852a5391e1ceaa9011387de3bae7677c613d30a64d1

SHA512
90947d0d37336266cbe2179becfaa7ba21a7215f7b3b628145065eb7e221444ec626c556916d79dd615e106a131d84004f43ae1d0cc580db9986f753c1046bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b78693403dfab521480a95d6c2ad1240

SHA1
940dd2f88ed8d6555b62c7ce3fa88742cf49b1b9

SHA256
16bb1a5d6f1ae4ed90d13be049d2ee10c26bc29c87a7c230337967dda690b9f8

SHA512
4fcdf67fa6a23cf1964b0f04e3a9f116a5ac3b1b3728178312d46c092b62cee6ad10ccd7bfeda47892b8b38860949bb01880ff3f08e488c1552ca4e28b2014a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91098bafffbba4803bc4b93ecfd84f14

SHA1
177adc0a65551396fdab18c4fbff164a82a5c917

SHA256
a7267b899e13c121a7200e8424cc66d468026917ae9ce329dfaa07b2e2c9c8fa

SHA512
eaeefae5a8d8bb044532035825288d055f8837751560578af8ef7ae777dabf85d56a2db59089f2236207daf51c6f5241406553c51313400453ba415876d554fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1d0966cf1443378ecd99109d25de6b4f

SHA1
a16ca521a7aa103859410694db3f889afae1745a

SHA256
34aa446ccfde68fc989eeda06adb406f16e77d4eb2329fef994548ce75cd5350

SHA512
89dbc253ee2c43058c93aa02e0b835efc35a84c524fc1593bb252471cc60eec7eb01acbe970c9a545cd1fd476f5cfe28703ee3b7481933c06af2600ab0f9670b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f3838ab80ff24b30a4a556aadde09d1

SHA1
fca3c0d3eb224f118d526dc0c6c133591ef120a7

SHA256
e5937245d7b85ea552424f4bcf62c223c0f907252fba0cdb9b35aec67dbb590d

SHA512
a3f4f9a6758dd824fd8e943d2ea31acfe00937430a5df60c7f953226deb1f7d1c7df1dfac0429d3fa2e272be9731c0acb2b4fc07da0f72aad3033dd2f01e1625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97d440750ca38ebad0c14cad563cbfdf

SHA1
4db5d03478b18dd128898eabf11d1d91d448e8f2

SHA256
058e7a99dfa47d5fa2f29e4453d00eae9c0beeae3504ffe043e7e4c3f42a7125

SHA512
c3a1dbe6cd71d470a1613730465cca4abef8247dc3efd4351a4150640e8c2daed43c988ec4612c707dc3f8f78f3e56390b7d66b5c31db9c2fc50ab34f3db0d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
52581d95c48f4c14a030f6cd94f85504

SHA1
96452bff15b69f1f0d5135945fd8123926b56729

SHA256
b31b6d062070b4d5f5d48497621ae62506c11ac7421e87e9d231727defecaa42

SHA512
eb10895334b3ad0b1e19ea00deec62163e0abbe9b170c0c44a5bafb19d1f0facf59b58757b66aac44e054e8a2965f2ac4d3d5fd287d7e5f83a94c1add4277fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
7d1ace46fe9272c055f59a4948356fea

SHA1
53a33da6e6f518d5724b84f3bdd16eba646f20f8

SHA256
95c36749dcb33b70a9d9bf6ae02a59a4d2a33751959d8474c4aa25e7590ff74f

SHA512
337637eabb6bd415b08085cce1b06e624af60b6db1506c88d02e5fc68c80b0d8ed82242965e3e2ccef45a587cce5d520064700b90e71bfdeb44989bfb05ca1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93884bb2726022aaad3a4331bd9fa936

SHA1
be90888a3e8015570678482cf666342117ace19d

SHA256
47280c12cb0a7377d7c256b290b94909b63fd80e0a40627754ca23b6076a713d

SHA512
6a9a832e0bf5a36b8ba0a3aacd423023d3d9d5b9dda39ff40cea9d1141b3472e0b5e0cd68a2a2a8c84350e22262eebf1efe080f5602fdfb2fc95ceff7d092216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
89979d7dc7dbe8509bf22c9a476cd27b

SHA1
32327ebbe7ee017535fe5ca129e7ffc11079c323

SHA256
c8c23d693b0e2f39eae71f23e1bbfb984cb48f1abe4b74752373e3df8cd39e25

SHA512
d8005bbaeb1d3856642d39a00c81ff6e0ce4d49317fbfc714bd399ad6d85184a48c744003039c1aae4f3421acf008b0e2f51245f8e563b9400961aebc791679f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e63.TMP

Filesize
203B

MD5
eeef16f90f84eceebce212214fb7c4e5

SHA1
d3c4035706e1b304e8d7a995d5481830e160979d

SHA256
5b18d7a5b08eff73c27b8ee5a4366fcbfff02814e963af0877f1c9fcf6809d3c

SHA512
2411155b36d653c377ca0a5360d3a4f8f66dce2a8b3cd5216dbca56444a48de95735b93debbf870758d1b6f09eb5570fbb9d7a3950aebacc22654053e3753154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\adc8d72b-8b0f-42c7-b897-35f1b85b256e.tmp

Filesize
7KB

MD5
e2e1a7520bb6b1132b64d8bc4be85e53

SHA1
1d6341c8dd6b6b63fa09dbe0a22735883dfb9217

SHA256
89adc6fa06142fc64a34f85a1c1e77faa2a555bea19665fea5d0f55b96f90c27

SHA512
5af19dee8d47179cdebd047d0544ebfc4626e253b1e75a3cd33db356cc5a51e004cc3f7770451265ff1afae5fad31de01134dda99da5d1fb24c8cad077ccc5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90a95c612401f2aa11894517aa2ffa29

SHA1
cc02dd86607462f8248cf9d47850612f381bdd28

SHA256
9d2b58517c0ffe41821eb6a6d60f4cbf1eb16df5d813aa6609dedc0553ba2185

SHA512
f147027d3043fc67da8fe2b0c3ee39702d7f23450e2c2f39a19c16aaf9299c76c1e9b5293640aba9860a68666d0a339439719600bbf983145f09e3216c267cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f3fd991633770104465881625cb1ada

SHA1
ce49895d2d31a07b685f05fe582eb8080b53f9c7

SHA256
8a5aeba5922ddb1a34d48dfb0ec49e02f6fb4de78fa7140a430309a730db6c74

SHA512
500d5a5d826444bfe5cd4f04387f70ee56336629fa211175a573d74d79a94d5c9cd22ded8d37661e6ea93e0a54590a0f206b4102b49da8b1b5ab190ec86851da

Download Submit