hxxps://drive[.]google[.]com/drive/folders/1fRLYeF_tmgTaxinr4su0fFwjWG1wuG0a

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1fRLYeF_tmgTaxinr4su0fFwjWG1wuG0a

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
232	msedge.exe
232	msedge.exe
4212	identity_helper.exe
4212	identity_helper.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3324	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3324	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 5056	232	msedge.exe	86
PID 232 wrote to memory of 5056	232	msedge.exe	86
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 2184	232	msedge.exe	87
PID 232 wrote to memory of 4292	232	msedge.exe	88
PID 232 wrote to memory of 4292	232	msedge.exe	88
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89
PID 232 wrote to memory of 244	232	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1fRLYeF_tmgTaxinr4su0fFwjWG1wuG0a
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f4718
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13202779969407106297,14753626899077725635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
28KB

MD5
4dd36552638146f0db4bbb586d77bbc8

SHA1
40eedaffe7ae31d329d039266ac9d0e684abf7c2

SHA256
f6834510e1a68c8ff59e74df570dff297539a877ae77f26438a729d7b4a3b140

SHA512
2f2fcff9cf628a64b0d92944fec0665d2ab361fdc670ec62cd69d4bcd48f39d93fbce17f60cbdcbc51752b536f6eedad2913eaed2f193c80bf5723284d366c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
302KB

MD5
e57478f761c945718eb8dc4a3ac73bce

SHA1
61e25ca47bf797a44b3a1bdd2b9da12d69fbb922

SHA256
80b0870ee1f48531f05659f1b241d801a0f843d6cc15b259e71b8329507d729a

SHA512
356826ab88f8addeced37cf9460bd6d8cc35e48d87a1e8176c95a3c7a56ef47ee48720586a08d4f72a845c54437800b9ef86312e11b55680447924d9ab482ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
d89f27e0fed3cb7241227992c98b21d4

SHA1
1d91bac53c39c19057d21fd31840802987a15013

SHA256
0aa1359ac243c12048ef91b34416a9766da9138825ecc280b9664970bb9cf65b

SHA512
3d51925a6898b440736f37bbb0391272b63d49857a619e66cfe095ce4ab10d68112b8fa2f628b47384ab39f89932ddb17af9cc482f6177e6bfd00ab44eb72811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
75152e160fd04470ecb0ec6b6fa913ca

SHA1
60687c19f53e05d2e5fb269ec20665d4fc6918b2

SHA256
c60283c6a66d817b6ee7001a24277d5f8c47945cf6e15274d92f00e91d5e0d63

SHA512
78fd4821ecbba9cc09dd35fb875cd0e1e11d7e5d07d87642605b11059489ee3191aefa350271319453b1f1125a35c1b75ae5d6b4689f7486322ad232edd4abcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e759fae8385126a83513c15d50c9e6cd

SHA1
d64b909513ef34386bbf91091eca183bf801d051

SHA256
9523904759a51e23cf024773ea3bb5321de2938182a3d3ac265cf2914d143451

SHA512
6577d39444bc53f989e40ebdb7b3b12c087a78e61aca1cecbb0862ccafe5d0f3496c4952bc45e5cc2e20e9e159cd81e3c67ddbcb72c986c02e0f0c37664e14a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
756aa9a8dc3bd6a02978a617ec494d2a

SHA1
d1a6c45f91930b747189464856c9cae9165388a4

SHA256
5ffa5a6bbe814991a13c75241558fee877e8fb470d32883063811434234079b1

SHA512
fd1d77dd9d0be2d0cf709eb61049f7d71863befcdecbbcac0f5d9921a1ef85c6d5c0494030654bc1c54333f6552940da2f169a17b79ae93e3df75a7a80a7f183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2f906a47d3c0df850f619c8b5fd3940

SHA1
b0d82db3bd092210f9d4d5d5b67837ea9ce11dfb

SHA256
0a4e5fb7139f24aecd73ffcc8e97c212be4152688fb2c5c785cbf1fb91d20593

SHA512
402bb770a9de15211e9faf3a99067140de8edab2df39aa86323d8280e309d2cc1590128755052a8325bb608a880a3d131f18977fc359d36b98090761befd4d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c752ec291a76f11267697c645f85e63e

SHA1
ad325445866bff2bf3dc60c571bd1e0cedf1124a

SHA256
f3e347d38117bd5c936d74660610eb8f1391318b6b5fe59b744d19c91fd56c6a

SHA512
4f84cf374d9f2ecff6505083ae6cbc85cb55538fc06c0ce056153adee1bf62452e5cd282f905248468ea967be7123c453606c2e08733f5df481821b929c8a620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
985f91f62838e32dfc3faea96dbf25c4

SHA1
431489842973a3018d73ae19da96d659663bfb36

SHA256
851af30c64c8803b3561bc9fbd2e33eeecc4971a143dc24894de825eefafb03c

SHA512
9a261650d9b70cd3a864d3532193706eb948e5fe372b871cd48950811cdc8be32135bdec60997b51cefee1228c39d202c0fcd2ab5b19be0ab23121c6175ad398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\8cf8f4f9-352a-4b91-8d7d-def8f1c73d82\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
2ab03945d59ca4e9565bf594aba383f6

SHA1
a36705ca4843742c00b4b9cc185d780ad08154ca

SHA256
a8d9a7d3eed4b83b3f24b4a8413fd04dc0cd3f3cb68c2eb8c18c0d5b77934dc3

SHA512
e2574a643a0c627c2e736f9cc254d207000730e758d6ff0c96e976bd8144e4403a801aad6adf7d58a6f6938f31bb58df4dbfad0c806720f582d7267f57f72cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
33B

MD5
b0195b619cd45d0f8af48fc59c3d7716

SHA1
d153ae8be73da841309a68f26d26642d05ac20cc

SHA256
37bb3e6cd75d830156a6934fa1d1516121b37b4a220705fe32adece7b7ed927e

SHA512
6d917a97131baa380386bcf2c83dffb97f832e85f9510db3df4f7cdcc35396da58e5e098fbcf3fa7867b7909c09158d091ac0432919ca685ca5c7966b88a23c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
5f5abd37f7d358541f9bad4e4b86fa6e

SHA1
2a622cb532534be0363246d9b8053ea6b4d67d3f

SHA256
f5ddcf23c5d7852b2d425d5032a963f4ceb17687ab739d0cdee343e172bc3bb1

SHA512
2e60752d722582222fe388a78a7197e34ce91ae8bcdd203ff0edfb345fce043c9437a2788f1dda3394d571426aade3c6aa2b7a468da68f940df6b138627c4df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
19928180b9e28881d6fd40bb310de299

SHA1
5b13e07f75b4283d397e596efed30f3235928041

SHA256
09f5b9ea82188c3277cd062f3b7e212ff7ffea6b924fec5c8097b27b7033a4ed

SHA512
aa6bf4c9a29b75e7101196063eeb15650114d0d6468fd57ff13eac55ebe77336bc581cd588d915bb2b8f8e65eb7d3b8d9bf6fe2fc3b3fb108de9f6e244eb2eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
37672bd99a03083f2300c1595a260747

SHA1
83b2f65dc0c8b53eabb19c467a66a0a4a4f14f09

SHA256
b8782ec096e6cfb6902c5c760770c0f2a0821a4224d8204cfac01a654f3fe7a8

SHA512
1616b406791707a7f5a0ed5927cc2ef4a22f215730c4ba41837cee15d86c86a6862f09d03a23ffea277e6a61beafd28e69c65c20724e0d284e12d8b291415f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
e226b363462e73fc2f5e08e1b70eb962

SHA1
8b3871ca6a2665aa8b86073f777ebb2cd664c330

SHA256
1294115c03247955297d8b48fa981f1d10592c49f0254fc679bc850f23652b92

SHA512
2d4ce7dbc89d2ef2ae7948e3e9c0d5109a70eb28171c3fb880701e48f2c0f1ab309a53bfb4dbe9126c686254aed68b89a534204764a6939d643ff03527a3567b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1056b1dd3d343c5f7a036134dd1f6657

SHA1
363012119b2ace6a65e0a11154bb11dfef86de8b

SHA256
b5b5d391933eba7f497c314f4df56cb7fdd54b967be80dbfcb971c11f026f174

SHA512
215ac6620833fc9f66bf24f0cb144aac7b7a1eee37c32aca85227d241e6dcecd2d8afcc0a01f54f087319f6f28e11d5189699120b1ab9e2cc22a4f874fead138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a229185436217e91f82d43b90a5f9d21

SHA1
43373d132aa05a0017b1317e1525b94586bc784d

SHA256
25b6fe2ce5889a6924ecf1e11b8f5d3331ce0e204f6b25b3ff1eafaca172f6b6

SHA512
7a8958f7f4054fb6c99bcf20c24420f9ca08ab1d78f5c6143b966d336aa0003d54fbe1e8383b5c00255b696dd6b6285229f699280e9344a6b33ee2f0fb0219b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c4e234df2fb36f1e4bbedb34811612f

SHA1
ac16f85d9fd7a668320af47bf884ef581bf8aeb1

SHA256
73233bd7386dbe96b4e18b6032b11dfa13988f639496b5ec0cc1fdfa47b720cc

SHA512
e3d27f4a874b2d5eef64acd32b2afaa29be15cbf3ea05e7e6003f03c4faeff155a4a53e6a51bf6fde660c179943fe6142bc3f49f750359ac592ec52710601c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5db2f4abb06bbae2389aff4a28cedf4e

SHA1
52154742dacfbda0e4b63d9e720b0ab2c8fdd304

SHA256
dba50fc0f33c489b843a75bad13bb1167d72f1fa172598fd6339d5eaafb04dd7

SHA512
4c55b5f783186f5035922c0261ae60f6de60602fddaa4ffde2df20ec3b70ce6b570d6cc0fef39537e5f6fd0b4832363951af5fbba39401d739848ba0f371fe8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e383d40a05daef62b8b0ac381c038e9c

SHA1
d77cbc5b9d4ef6259b44fee0094e96f6fed1097e

SHA256
17e6aefe435f641cf67f05b0fade45e238aed025f93306b2b8e0d8acdbc1f98d

SHA512
d3748115bd4082797160fb604675779ef1069e41418d45e167f7057857a947424f1cb4b4b90223000e5776af3a0e006be42b127f40a86700b3c399a3cf04dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5811be.TMP

Filesize
1KB

MD5
2cb1b9e4152017bba2743275dbf337bc

SHA1
9952c28d628f1b7a20ebbe7dcce41c10856fd0f0

SHA256
834f8f779ddd75c5d3b1bf1d14fc4413dc8808608634ef1897555bfd1889f5f6

SHA512
3a6637ccec3c546f25512ca0049e29f93cd22e7d3d33cf978fb58375958b0f8fa37a1d46c2d8e446e0ab538d4b4acfc3c183bdd2989c2dd7780212274c9f44ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e45259ffe95492266ecea5b2863db444

SHA1
0ede23430de114816c8894fc4831661e5d01c302

SHA256
1cc4f83e3556089b780fd94863ac8596cad4d18c284818165f0f602203efa213

SHA512
ce7bbf5bfa9e7d5beab1c2259816c3e6cec528f559b683b1d0d19a1a676fa6fbec34974f2f765ba838c24eab1f2b9824942c13fe4383a85299aa813fe4536847

Download Submit