hxxps://drive[.]google[.]com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Resubmissions

31-10-2024 09:12

241031-k6b4vswrhk 6

31-10-2024 09:08

241031-k35l1awbjn 6

Analysis

max time kernel
150s
max time network
157s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31-10-2024 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
8	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d21c733b-24e9-46fd-8687-9a08ef6a2feb.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241031090909.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
4052	msedge.exe
4052	msedge.exe
3296	identity_helper.exe
3296	identity_helper.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 1692	4052	msedge.exe	81
PID 4052 wrote to memory of 1692	4052	msedge.exe	81
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 1224	4052	msedge.exe	82
PID 4052 wrote to memory of 3964	4052	msedge.exe	83
PID 4052 wrote to memory of 3964	4052	msedge.exe	83
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84
PID 4052 wrote to memory of 5080	4052	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9ab9a46f8,0x7ff9ab9a4708,0x7ff9ab9a4718
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:516
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7fa135460,0x7ff7fa135470,0x7ff7fa135480
    3⤵
    PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17051329388293899724,5263657808827446275,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef84d117d16b3d679146d02ac6e0136b

SHA1
3f6cc16ca6706b43779e84d24da752207030ccb4

SHA256
5d1f5e30dc4c664d08505498eda2cf0cf5eb93a234f0d9b24170b77ccad57000

SHA512
9f1a197dccbc2dcf64d28bebe07247df1a7a90e273474f80b4abd448c6427415bace98e829d40bccf2311de2723c3d1ad690a1cfdcf2e891b527344a9a2599d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39191fa5187428284a12dd49cca7e9b9

SHA1
36942ceec06927950e7d19d65dcc6fe31f0834f5

SHA256
60bae7be70eb567baf3aaa0f196b5c577e353a6cabef9c0a87711424a6089671

SHA512
a0d4e5580990ab6efe5f80410ad378c40b53191a2f36a5217f236b8aac49a4d2abf87f751159e3f789eaa00ad7e33bcc2efebc658cd1a4bcccfd187a7205bdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d060c871a355912ce9de2770051f9930

SHA1
e4478a25c418b566780ee8aeddc045e844015915

SHA256
ff97eb8e7baeba2dd0ec5df73f6e6efa5be5b574df938f5108ea7f420fc57a5c

SHA512
2e95696b450167a1ac7cd73915d9aa8111c1a5b5bec2ad0fd97fb9de4dfd2df3adeabbdb759a0f7fbcfff1177cdf300e70b41deac3143dcc052e6ef0218718e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
07b64312317232fd45ad4bfc94912e03

SHA1
1bd32cef4ee0ad0c0840d1a2dc4ffa7b3453771b

SHA256
778c5977d3a9bcb1be0466b876f0840dad123688c6f69691f49d624feeb5f987

SHA512
59cdee4ea6190407d119f2ff7596d9afdbf16da52aa3e9b3cdf7182d1b31dccb184cc824bdbb4ef7fb22b57a88cd426ad053370e3587fd45af66fcb13578c982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f15154524018ef8250895945e6896b1b

SHA1
6aaa068b0ccc26f8487df3842a07c81ae21f39d6

SHA256
7a89db929149fa9a0266e05c9eea43bfa6279e296c3e5f3aa042636ee1c158f1

SHA512
7069aa28f5a439a74375d343ef1c8745205aea0149bfbe71c8885f5498d94e94ecbdbe8a08efa7a85576ae892b3e095210304278f809d7e2a7d5296a1f5ca774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e16860f5ee6415202876be5e22789438

SHA1
fcdee4f18b1447d75472d18b466e30e7c37b3adc

SHA256
ed8001907ac59b557df361932c42cebeaaf04f6fcdd762a2952cd631054c66be

SHA512
855be54700790acf716152452f5a9bc565b8e4be2a40ac4ae9593c215935a87b4b91b9540dba34eb8151bf6c74a1ad7a1a6d307712bb7722815917dbf6dc84e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70e2fb673930433fca382cac9ed54f71

SHA1
05b62513ca7b41d8301cb43c4acd881e990205ab

SHA256
7c95c23c0d83dec69a7b74917db5e317ba3fabf79048fc3ea491cd0ab1042b80

SHA512
889c92fd1b6a828462fe1b6bf2fe928b9d6fca841291aa23022890cad7452d535eb4c68349e50e109074399aabe7daf99019b1195ab2f5109c33d0ed46a1da83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588da5.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bfefcf43c93d62e72521b9d78daa05a1

SHA1
b17f0b6f7d09d185f3d635696a1aa21b1a19eb94

SHA256
008bd434dd630516036dd729107347d9fcf295027fc537b0d022e866413b3507

SHA512
748d883069bac8823cc86b4796b6ca9e570eedd3cd1c1662643619749873db054cff1eeab0ceaa30deff79a7b5d6852e9491e3d91b74473e495c9ff6b527d8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39d18866c640fecf4ac233f8b280e6bf

SHA1
1f2390a4ffb6b70361bd1eb765817029624ae81e

SHA256
4c5187499086710fc57e1803b2db55904a3bc8aa9957f4684df28453e3206212

SHA512
4986ae1cb7a05cf7183625c6f9fbee6d24c5d77e4faa695bc1eb228f7448db2943c3ab30709d9cea5c7c8bd425a10d57e177dfe43e8293b27ff19190ec75330e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ace23317babf0973de4335a46df7e1f3

SHA1
ca3f87bf872b587e7d92e0c6ff7f9fa8aebb4ec8

SHA256
288f3e8bab47145146c790c391f1cc6f9bd850866fa769b8d8a8fa571a5dd5f0

SHA512
657800d6ab6b1621f1e3226597c1f9c32d5aff2cb9708ffef667f67db92ced333b88599ba876cc1aba0f31d187bd94f14f9b2587408907d68c4d44f416a5e028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce0f1bbee917166fd626c0ebd4832433

SHA1
d71b50dcc0a9b30389b3dc229da73b773fb08299

SHA256
66d6376770fe22f0ec1ed1910dcd52cd0840fc1b3351e3287158b9656c4cc5ed

SHA512
c10aac92f25f1c20fb74b89b6cad691e6553dc8eb1b04a0ee03f8e708e1307404779fc8afd45ac6032fc8fb5a62b4b0cda8ab0fd7840751a2765770e0c081a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e98d1679e15688ad133f11eee8458ee

SHA1
a4b1a83f0a3f2867954d3146d95d314441950606

SHA256
8aa7eaf918f2969424996a8f3575478006d9d74b308a750f996fe4f5f045554e

SHA512
eb34d52a8df4992444000a93c8d0d11254069b5f43a68a6def21061be03a538f36c42b2e968a8637f12b93235de3140002b0212aa2cdebe0950fd115c04bc72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60d82bd601d64fd00bb0373f5ecd65b8

SHA1
0e8bde426270dfa3ea285c2c5b7282ab37771d4c

SHA256
bdec91a5061c6a400ef33c2dca5b1d0c16c1fe9e464f8ec99a72442b752e6a97

SHA512
5ea1b33784438acd246c02c95716f72c78293bc8d8e8e6d71aeaab370ae9fc2063ba8ffa443bbfc26c96e45a95549b62894b846a459c986531b34a110d0be38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f76dc80e54cc17e735a07d27e2d8874

SHA1
cc9900395e56c9a4ec680955cd44834bbacd666a

SHA256
4e5aaba69b7c7cd691d310154cb88e7bf238d372b5e038eb4c7c5c97a2cfc58e

SHA512
b09a71936fa0ecc941c4c05ab8273e46ba9ed186c64f1e6bc2fcae754bdae4d2e1836a96d549c8ae021826ffdd99b203d3ab707c7faa42c3410cff8edde69973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
acadf580cf2656a24a5124b8e2edd978

SHA1
0b1b73fcee4a430da8bc3c897c39a093eb8ca509

SHA256
041a29e092ab8c60b5765ebfcce2466d49cd5a2775c02a168f4bb3864a7e11ff

SHA512
5ecc2998f34355e8c9bfb706966445289f711a1968396a0c5b14e9316f2fd77212c784aa1f45386f9cd3d4ebcfdc3a7eadfe5de4f850be050883c0c54a235579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04895a42e03733a0e1a0a2fc740cd441

SHA1
fc02f8dd0d9cea3e2a491dc77b66966ff84a6509

SHA256
fe0d9bfe31510a53af65a359d972e8b100790fe71fb1e16441bd89af87e34082

SHA512
1825d0aa24c62b2ff949da950aaa1d447f4bfd2084a121ae143425303e436720a1234ee0b2e92ae97a9bbe79bcb8e8759f7301409e47a7a276a80ff5798fe460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2508ff826605d7f6a53a515f407cfda3

SHA1
bcb1acaf034f483db0c674f726595da4bb217f65

SHA256
028a5aeb46672fa0f18b06aca76d00f48d183a35000bcb19b02ce8ab9cff6d58

SHA512
0048a8210581859260b7171cf857ac8c7a5eb2bbd597f2c8ff5426fb95f80f1523c1382dc996287829b1a6693e6a95bc3466762db0a83375ed651fb595e44fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bfb6.TMP

Filesize
1KB

MD5
e28f038c3a05307957e19eeeebfa0c28

SHA1
f7121bdb3b531feeb27f0a67f0fcc997aa7a2a34

SHA256
b3282408b29a07f8c30b38f78dcb5c61e92ef8898092ebe7292b34eeb54d3ffc

SHA512
ba31b50526f2c2c8aaccae9e3f6f9e07349016fd9eb196d74c127e03124055ffa413ac2ec0674ce99972d2b6091d8e4216cecd2a483873fc8c0c007d9b253730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6810ac30547673299ec4033e5602c109

SHA1
357f32709c34b31accb590bd18e256a05702bd20

SHA256
8c87b9394f36a67bbaa154032be43d1b0289a1196604925d49f728c8faefd842

SHA512
d950442963f0816ce9435623c99b5e1054f1e255a7dc047ca1ad08fe3ec5055b2e70f91c241bf0dde7d1a9e18537412e04b185fe6a209e863ba3b12b96edfae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
da53e937b5ff163d3e0e6c7cc68c08b0

SHA1
a695f146f2fa3b1e9c86fa5ca89015c5aae8d5d6

SHA256
29998194924b72e8f5bf3d3772f9fcc9990bc83d9e7a4d183e37f4337f443732

SHA512
d7788a1985249d6b4526db189c1e763e6c98728267819dbaf2e9e72a9a61492ef25f116560e7bb6f287b0f49d1e2bcb4163d2be4a6d22b55151a8bf95b15977c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
022eea25b36f9fbc2ab01bc50e23e041

SHA1
1b2ddef8755fe57d71c2d787803650f4b85dee5e

SHA256
8cce90dd23f410501f25b4beef1eabadfd2ceed9bd9dbc8dd885a2f0ebdbcf82

SHA512
d0bf1a36b91f2576e6ea228d751ed863c07d030a78c13bf3083404fcf737c0178a37bd7132bb1fca639868edf9fe2c6a8366b1ed5e4053c5fcb27a97be4bb388

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4f861c1c7461e38ed5321d324987c859

SHA1
132bbfe0d1c163ba23a7b9ba04aef4265201da99

SHA256
435846bbab60df7fba4d1562cb486e5abb7d4889ede8bcf7ff37523dd4f4aa9c

SHA512
13ab863444cb9851ef560d36598cf07c5bc578d8731cf26bccca7f56583d7f65c2cd73923ffde29cff6c83b4adcbb7c20bb19fb451e1d677e60334f4b2ea31b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d5ced5d3fcc6e11beb6b037507bdb22f

SHA1
a58d6f1bc736111127795a775fd82a79ba065a0d

SHA256
a4a14aba387f3d8c24d5b00be5439e0c465f2e2f5ef8d60726e6d77bb61c0d60

SHA512
76a2e1e4ea99946b88b6d2acbc3dcea4215c52a34de4987c30fe6b830d60fdb104dcb5736af7b0be21b81020931575109cc43704e05c78505ff3b6c0257b92bc

Download Submit