hxxps://drive[.]google[.]com/file/d/17WC8kdyMaeBUc5vP3ol1zKMGHXepwRuW/view?usp=sharing

Analysis

max time kernel
165s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2024 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/17WC8kdyMaeBUc5vP3ol1zKMGHXepwRuW/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
4388	msedge.exe
4388	msedge.exe
3904	identity_helper.exe
3904	identity_helper.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 3356	4388	msedge.exe	83
PID 4388 wrote to memory of 3356	4388	msedge.exe	83
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 2844	4388	msedge.exe	84
PID 4388 wrote to memory of 1856	4388	msedge.exe	85
PID 4388 wrote to memory of 1856	4388	msedge.exe	85
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86
PID 4388 wrote to memory of 2544	4388	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/17WC8kdyMaeBUc5vP3ol1zKMGHXepwRuW/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86db546f8,0x7ff86db54708,0x7ff86db54718
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8478277975031373806,12323597422187241968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0a217574-1a6e-465e-a949-f0d3bd2a9330.tmp

Filesize
11KB

MD5
9e647f84a67f372c9ed819a61506842a

SHA1
eb9de2bec8d48e9d7209d04c6df8aa2fdc01f091

SHA256
3690a70652c82f386bd8f557328ad8e299ca63156ca87ff45300f5bb3e98c21f

SHA512
a9314013a3cf1e4f6f68ad952547776042f2e24f5ab253ce336457c81a673fed08678768113592c202e21a0928f7bf69825f6c1b5aaba4d059867ba9b2ec2c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9394a51aa27cb4c89cee1b50fdfbcf5e

SHA1
34ad78e2b8907f4dbb553a47ea94100ec48d5dc2

SHA256
92a043068e9d7c889f9c3440c200efbb6708c4ae5bf07e5ff57ee9a4f68d4899

SHA512
dce06d940c6285bde917f26100c4ff776594c2525a5f0aa5c630065210c56b2f9700a4c563289f18ed9d577f91246fe5ab2a5ae0f4a7905c6509122804c259a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fa3b078d0c5c3775dde1cac779c267e2

SHA1
f59a11c8ffefba6464757ed26fd1dec72e9e2386

SHA256
c1f1a961562f3e16ca0bc1820019202b64359d98669b5e1646076d9d2f8cf2b3

SHA512
2998e20fb6b6486d685ea591df5aac751fcff54bfe6880089b3ce3de9c085d0f749c73d5225b2aa1a6b19e7913f9172b218179d3078b80733d54d0d4db22fafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
38d5755346be1f60afcd0d192ae3fcbf

SHA1
259baae46423c6284f991f3ed4f59701568b8466

SHA256
5d17def96a6ad4607aa5bbc9b8bea59d8680520526ff345085dd52032353954f

SHA512
1c83cc339175b0d59fa69b9d1a8a6bc9fad5661051f31e2a262d2867fba8a9d92929bf67c0ca371773f12f8578ba43d39a047a0b55c966eb0d48e1eca4466c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
734244e6ff87cd9fc6b6aa2890e8d49e

SHA1
9f99e4e98b12a365158cd239e02544ecb86f57e1

SHA256
ef586c8696bcc8e09d74809d2d865ea851f852c7d29cff4b8076d3d5e13e2146

SHA512
aa283efe131b330bed2ecbf6c5be61d4bd826fb3797ed489ed659e8aca158e6a64dc7b0c76129ea1592d6eeb37c9f0022f9810d0536adaf40d2f97f40ead4ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
80aa9579f88e55892c21ef8664d0dd57

SHA1
5b0fcc0931ef7120962cc067548c3f5d847ddbda

SHA256
e06cf2a8d6d16625dfa6cfee504107c581683d3583825e166d415068188525ee

SHA512
d8fe825294ea900cfc64ca3167928737b9ef2ec45164b281e32d60cc592c81f0626da8cf9fad4d3ab7e5574d5180f1bceb2444c35092ad9e589791e2d3636b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2064db6fe6aebb85f82f621fc8b2ff82

SHA1
5d83fdb1ef7f2315eac4c6267dd6dcdb7b2dcefa

SHA256
02629d8ccc4be04e01d435fd34a2965a83331252acf7ff78d1b1d75304bced40

SHA512
8772da6c52450c37e43c0d2a342e019b1906df5a4ac66f4faf37fa6aa1cf2d6a1fdd7828686a2ac46ff62c66a1668633f20b25346e7bfc624df458c60b8e1a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
afee61cbb241b195f88f7357e09c35b7

SHA1
f7a96afe203acf99247a6a89864c8338e55e635e

SHA256
3abd872f9acef4b02d59fd73d0a959af8838919ad806e1fabae85f61cee58fcc

SHA512
baaf644c62f87883efd0472f37dc1c5f363610a76f82c117dd8012aebb034ca898fbf342fee22d4d5bfbe14ae77977469f824129973f6d6c43fb86c300acef92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a6a7e503d5d7cd157dd3663c2c9ad49

SHA1
a364cd1c526be1c54f4d13e43bc428753ba49537

SHA256
8b70f0a3316bf7b0626562a8041217d188d1487072ae4a0bfa8fdb3f6e897cf7

SHA512
78b6ed4375a1d2a00290d937f4daf4332effd884c731ff3093d90e46cc235e0b3eeb1f14c80776bba0b83e42dca62d42ca83bb9d65c390efc2f2de9351a2c148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
414d6d724982814a40c3b9140e33667b

SHA1
7222a4fa938f15d2676f04fe00062a6d9b1f79ea

SHA256
3ab1cd50402f6097d07a761d15d83c0ce7dcde8efd92af77e2db82f6bdfebebe

SHA512
6a62e6f333db7f395550fc618717878c7626bc7fe2d0430cf7532534130a0129b2dde460f027d1a9b89151893744a2cb030d2154df15d816e2c5e8e3d74ee30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2fa48fce068482ff1efc7a8868116a3d

SHA1
e121758a39962a9f36169f6afc6de5964827186a

SHA256
d847198bbaa97d50cf6131ea93c7ab5dbf83f37edf71f3c95fe1014127943989

SHA512
3d57b2fc85690cbbd03879a895d85602ab9843283741d032646e54afaa30047668ec8c3f3a1ed9cd475975a5c2253be0b64120db618413df2293b8b14891e92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
34e6fa2e8418d921147636a1fa8fb204

SHA1
7f5b4c847a042b88345f25bbdb4a0652cb320543

SHA256
b625a1ea6cdfbba2b4758f4ed6eb93b2278879cd8628cf300a4b4d06162db99e

SHA512
7c04c7d3b744c01a7ea969dfa956af749bd2f5cb0a69d7878f7e4456d6447cb417013b86c0112bb51fdac17da2a3c59b3b8110ee40c8b03343ff8cdc899b9219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42f25d53748b05d2afa6f6641973128e

SHA1
8cccd4026c7aea86667fbd023f25dea743ddf8bb

SHA256
545358747110c9a748ed4d11ca4b96abcc20464d37b178efd7262305811e0326

SHA512
81ebc2e679f2cb4d374737cfce0ed551c8613db1b61f4a2c7f518cb986f8b39a440633283cbdfe8780c09163789ed41acc63f062ea3c3b1d9e930aa5fbefc67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58624f.TMP

Filesize
1KB

MD5
6ae0760858c4de129447b48cca65771e

SHA1
5b5f9b9552bc82aa1106eb7289819e18ebd5ce7c

SHA256
3ff7da003aa6cb31b285236eb7aaa1e7dac8db68f61403ca5c2a4265f678e18b

SHA512
af4db94fcd2ec75532e94315f1c6ce67518f1f7cab60ecbac8c3a4bcb5617b0a99733380027e3039c7ca2a59a64f665ebc5d06bc93633f50e9843ccc36bc5e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit