hxxps://drive[.]google[.]com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing

Resubmissions

05/09/2024, 15:52

240905-tbbpaavcpc 6

05/09/2024, 15:49

240905-s9jbcatfkl 6

13/07/2024, 12:36

240713-ps1mhstaje 6

Analysis

max time kernel
145s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/09/2024, 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{2039C9CE-D338-495E-B607-3F8F276E2EA7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
3904	msedge.exe
3904	msedge.exe
680	msedge.exe
680	msedge.exe
2852	identity_helper.exe
2852	identity_helper.exe
1268	msedge.exe
1268	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 1248	3904	msedge.exe	81
PID 3904 wrote to memory of 1248	3904	msedge.exe	81
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 392	3904	msedge.exe	82
PID 3904 wrote to memory of 4860	3904	msedge.exe	83
PID 3904 wrote to memory of 4860	3904	msedge.exe	83
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84
PID 3904 wrote to memory of 3268	3904	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaa653cb8,0x7fffaa653cc8,0x7fffaa653cd8
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,16619649028178719925,3601752911416707696,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7808399f-29d1-463b-8b90-e836ab8bfbf5.tmp

Filesize
4KB

MD5
b604b5cc7aec4e6243bb2d739cecf688

SHA1
6edbf834e2035f16c79595e1d5d457cfece58a3d

SHA256
ba736b0a47fbc74dc29b93938c1a34112326341fcfa38575dbc31514bc6a386b

SHA512
8b15986241f2790d2d35451a8f19228cc5f0f538ea89faf536bd2b8d536718038b7d1df958d926c5f814322271b4495577ab96ca39535c301321729f7b2f5da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
4058c842c36317dcd384b6c2deaa8b95

SHA1
1085ddb12b29b79ffe51937ba9cd1957e5e229b4

SHA256
0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6

SHA512
435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
d717dc20ddf09d562cc7d4bddc69ea5e

SHA1
3c0a07ff93171250557ff41c1621eebd8f121577

SHA256
5b92638f93b754c48a8050863fe38abcb2ac7397979bf3b9dbfa2ffecce2383c

SHA512
07b48be4727a55e34ff097e8974ba14251436417edd64b3876b09cdfc31220551ab12f6f080af697e23b6cd9afda50ddbbbd00df53fbd538893b62fa43173e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f2ec440c04a82f54c29a7765eafa4bf8

SHA1
356be61258ab723c980a775578da84ef5723491d

SHA256
e6c8c3f01c185b67a29e779c94d8aec1e29bf659bdfa44f3b8add183b125c255

SHA512
9914489a7b39c2b72a9eed4980fd100de1d744617390f3408f5861dc38315b5659e814b101b13d22a9f256b53df74e101ad29599e898074c815a10da7582d0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4fa8f393be37434e66244a46b24bd4b9

SHA1
dd92e0a79b7cd8a92d297d6f3dc114afffce68fc

SHA256
bd52bb0ecb5ddb39e4e280ece36d944285585ef4841286cc020fddbbd026c177

SHA512
e8ca13d55a81a8cdd13fc1cc1e780f6df2def93963311496b358323cce92ed4aa673de66ac55dd081acca034c03623b17d106828068f05770020a00f6b791c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a91655f4166a650bc8da073d0d09874

SHA1
c707168e2e7effe016e189b5f98739d9bf9f9670

SHA256
8be261d4e0ec2e2d5794dd9aef4343c79fe54d77b92b6d885747f519cb95ae1f

SHA512
b49f105629db9fcbea85e922a0e562b488f32268cd4bf3dc8ca0bc321d8eec69f87311bb7d3e053de74d3d5c228c51e95c525b7886a40a8604cd285c38b61823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f5fa3f7d2d01edc09d953e04beb3691

SHA1
4fdf5af59b027d3cc3e9c20de27c84425ba0eeb5

SHA256
0b1302b14c018591df6585461cfaf5b6e6a677474f1fc99accebc617907abf41

SHA512
521f5d02945a87de167e26440f6607401f4d26460e853460a5001c9ffd1c2c1005c3a44ae265288f718de32f1e8382bbfc8df4f7549eac0e829e73172f8e4b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8304d70fa00cce5f66c7046dd600bb6

SHA1
200b4cef56fd6d66a76260eb56da571338ee5861

SHA256
e2e8ddd5cd99a98f1975798a8f998ecbbb62e9430e7eb3b441ca6904cbe45d81

SHA512
ea8532a894703fcf07f96266ab930f2b0a4ef7570bdf60338eb6f99723d7b5e0d100ec1c957c8a4e2bc1cc7021d2af40008371b785def0238d0f8f030aed1c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3ed2c6f5d52c10a185198da992b704c6

SHA1
7039c812e6280805a22867a3a90fff43036875a6

SHA256
4ed06aa3f8011b1dd6e48a83f03079df7dfd70e08c7c57998228d5a2d99557f6

SHA512
ae62cb19052300e89cbc0b8e9ce2f7c9173ae2c0270a5e5bc83173a7bcbf33475d0474c4bd1ec42c987af01af278e888d2490b262f3490cc6860a00cc95d89e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c29a89bf1b942893b6afedb9674d23af

SHA1
31c64d17b2e5a070d20907591c9a00d294ab6516

SHA256
cb6e64792d63df485e7eb037cbf65b45f8bf568c7f0d86b65aea8f27b639a08e

SHA512
abfab50d2fa4f44888ba194dae761a058b660723d5e584bcbf40f12db83e2daa06602106c7401d2ad15a7af3f8f4ae27bf50910579839575fb59ff5ee83fc4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
102dc2f1a63cf80e0d5bad4e9278c756

SHA1
c5ade6ad805971179c9278196863ce63fc826b93

SHA256
420f44a45385967b45416031a559f5660c6e23e72e6ac4a5fc43589662a785dd

SHA512
69e15601524d53383877a4cfd5665a5e32c0598240fae56b0ddc86e0dc67575368d7d644a736eb0aaa57ec92079989b4554299a2d1c94eaaeb15022e72772d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c6b2be828371d9e42e6fb4a210cbd44

SHA1
08d0b4d46c38c277cf88ce56a94127c686dbbf00

SHA256
c3407131fb688b832371b5e164a83008f50877d80e88747951a56d5ef3218fdc

SHA512
88e242712cc7f55e1f68c59e768b9f8b95843f0c4ff6a11e8208ebee7e04e66bfd5b89b8fe36e5324f407cb596be752142e709479961933c44e9176d169049e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8fee54571ad2ba2415b0cdd6a47f474c

SHA1
ce22eb6df85b8079361a116b41e9e899c3552df0

SHA256
607f51f573087b91764007afdcbd23bb11a7d963f576f389c760bccf2bc6c824

SHA512
772454f246e5f43bfeb1a14e2f02ad7c3bc2f245da5b7c3cc26d0babc293d963411e4c15d90dafb058917fa8c8775c89f6059ea99ec43cc04c68f2e970b11acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fda9.TMP

Filesize
204B

MD5
b39bf9a65f5762c813d31159e917469f

SHA1
e04a026a59dfa5ddeae3cbd0c5a1ef03a30352fc

SHA256
2801a60325e82e8bf5502dd82d54670f4515380b8229f16e0bb62124e52605c0

SHA512
d03d0cc2481f4b83c3c6346cf1290b2e891887fc106b0388b9656d1ba66311f35a5ab9a67d83b86f1ae76cfe6684a847a2abd30b98524cbdd22719f2f078d01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
968a04d162fdb487ba55a9be2a04b9e6

SHA1
905fece25206697d31b8251550d22e2e1876dbeb

SHA256
4d72ac4a49652f5cf5535bcdb4b604d534447c5708beefc2773c18a8bdcbabad

SHA512
3385ee96dc6d5e6829f9e4cde546252e259fac4f05ff4af0ee33637b2c925617fdda7fff344543e2ae1d5da4b2e145f5408535525b6ce90b6636916515efb4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1eb419bce74b025889b5978bdf01aaa4

SHA1
0112796848ea58abd29898cdd0a8935db48c24da

SHA256
52f35ae7ad86f0a51b2055c0728d3eb3d5d26790ab310655e643bb20e18f90ec

SHA512
8b42ce7b8d236a20590703c59a3cfc57f5a3cfede3eaf57409aaa5478e1b2ab9c411c95b07b7172dbf8e35ce9804e09e5479a927edc982c504532e62dd8e03fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b4b6e6d0849ac6b254ee257af866b386

SHA1
825d99c80ff7f669b8aa8cead93f1818a96d869e

SHA256
168e0a8999df56dcfcdd50f6e33fd84d1c0e1528ab94eec0230b2589a0ed00c7

SHA512
b53bb6d67a333d0d1d655de350774953b95dbb769bfc06e46d9ea8b2a45f56429615c41e424136a23c92e6c93c1c2c8cd14c7f6267648ecf3ff2edf9b8690bde

Download Submit