hxxps://drive[.]google[.]com/file/d/1XzNLj4hOW9wph4K40ujmEFIVdYk9uDJ4/view

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1XzNLj4hOW9wph4K40ujmEFIVdYk9uDJ4/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
11	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
2000	msedge.exe
2000	msedge.exe
3616	identity_helper.exe
3616	identity_helper.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1604	2000	msedge.exe	83
PID 2000 wrote to memory of 1604	2000	msedge.exe	83
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 4728	2000	msedge.exe	84
PID 2000 wrote to memory of 1544	2000	msedge.exe	85
PID 2000 wrote to memory of 1544	2000	msedge.exe	85
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86
PID 2000 wrote to memory of 4528	2000	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1XzNLj4hOW9wph4K40ujmEFIVdYk9uDJ4/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92bda46f8,0x7ff92bda4708,0x7ff92bda4718
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14625789728083003357,3669883835761559658,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
6a802e53d01e4e654976a7da55c9b8fe

SHA1
30d3f5f7d3be0a448254cf9593cbdfc4e382a8f1

SHA256
66e4efaedbe87a6b17b88f3021dbabcd42e5032ea8986d2b4f3707d12df17e59

SHA512
48ab1917074e2a97de2e04c007ca185cfed7ee7bfd77b69dfe68046da078a5bd3aee9027ce0d4a74cc5821df94944329d05da13462a5de81853fecc07b8fafd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
d5ea563ad251f04e6e69965ee0dd593b

SHA1
1f0f0d6117638623f1dd84b03f6775c99f6142f5

SHA256
394c9a9626c7001fd5825a44cb8fc827e5d95c7ce6627ee5044c980a99eef970

SHA512
4e30c1dad519ea6f8b35320de2b8358c42714f90280506b6f92a8383b4fdd5ad6935baa8be98aa095eb986dff2b212d87580db486f615a47a2627094e00da592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
206d5a6f31295230031ca12e21a1e9a6

SHA1
ec7556a7300aae8346c2050accdfbb3cbd069b96

SHA256
1d0b19135ccd1891a8b3cbd6b2156e7f03edc14a16278724d4fa6028305e773e

SHA512
9b91a870e16434a6b973360ae6f774eea226fad7caa33aafb589e30fafbb5763b15248372ac290912f0e4b922c0662ba4b8f4cf1f5feabc8bdc211737f19de30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
85bdea535c23d05ce6a540194c53a69b

SHA1
a400ff696b5ef173d5e73a6d86ba64f8fedf0183

SHA256
098b497ded5bf0c67fef18e026de3af9c2d844efc7ec2a5422e060dd803c89ed

SHA512
2f411b7956656868dd321a8d98ac148efbc824ad6d702d17f12b1dd33ea6366e36108b29d0a9ed12ad6a461f0921dad770e6099748ed5109f3024d3f8dd95199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f2f93d878bceff8eaa3f95c0d940659f

SHA1
ab6dca0cf6dbb6fca9468edf6b5f9789def73af9

SHA256
b927fa8b9a8658c20d0d29a514f5e543b15755008a08a217092ce0d29eb8dea3

SHA512
c598e678ba4f8d5172471717b5d31fbb4e7537d85cdc70235226eb94865941ee9a5619a06446ac8d802c7ec09ea03e1e46b195644453a43d92d87c2ca429956d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7268fce896e510d6f011c4f4a5dd342

SHA1
71e83928952f9ca5cbc33804293f94e0c3d3347b

SHA256
eab663f004024f5f76271a0fa015240d1295f3dc1eeac2822e8a0bce3a541db7

SHA512
90812229d93d855fc9ecd495f3e5b2347eb421205efbfc79e6ae0e5a4e22b5a36ab6d68164ed2ca4bc251dda9daaf2c2a8777ec9e03e74bc19c6a7d33a0a6b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76414d7d9b997ebcc6dcde96ba973a4f

SHA1
75f10df58e18e40c02bc3ea89c498601f63d8841

SHA256
7f1f97e040eb23b5c61e61a00f545a3fd1e405cd981831a6b5dfd15d900fe2ee

SHA512
09a845598641db4efea0acac68d7722fa617eafd6782135156a069d114f0af240403b5d6a592b7ebc0cd44b0be320165cf3575f646043c61712fb4b1d8baaa31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7ca31afc71de7f149d744b84a087bf5

SHA1
bf7eeb132ddf6ad660c2dac0c2c7a5f4bc3986a7

SHA256
caccec76d5d9bcd3e8763b105feb5dfd6ba7c408830abd24c1072ccb7d1c6bad

SHA512
9c7903005298e69806546adb9055995770619068e7fe059b8e8484474a87273e92bb3dcc66eaff25fa26ad19ff5adb6b43007f00ded62105e11b1721251ed832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e37182aa7b0e6614f308d9f4fa0427ca

SHA1
f29304bcb69f06455fd08a02f71dc898fa481bd8

SHA256
f20b94b34d921edf577f53fa54853ae9559e9bf1b02a2b924dd10290e57a090a

SHA512
4f99a11eaef6e73f3bef4d61101afbd9cbc417a912c0191c266ea90df1605745891422bedf247043a9fb1b5a59c5184ccd5b683d1471d19c5389856ac297e702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0b9477cbdf2a9c77f2c00ef44d766652

SHA1
cd570f978644305cf33d40ae74fb6ac881accfae

SHA256
eb27975e88faad1e4f40dffb72354fdf6b7a769aa3d1f9e4c0b90338d9b2f18a

SHA512
6836d2c35a579d573c06e4466f2e003f36ba49c272066e4197c0015cc6bfa56f3b285f34ba74940427eced03264fac80dde34ed825c87b4b78cfe3ec64d894d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7fbb80b2389def67a3c3aee49933e24d

SHA1
6b5f150521d9193d975976487c131fc6d51f480e

SHA256
6812011609e4862fc28a006952ea2f008202bb7af41649de51f6178b4f4f2f65

SHA512
0ba6eae935afece982d41513b30948bc403a8b4c3bc1595b224d79f2103bf9a3abeb5d2d89c568c568c539342c4a34e3748039611fcb03d9b81bec407d0bb1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6948db4a0f0c2547e5677e0aab4a4a11

SHA1
0b71707af93e77668d4f59e169f6790b4d0363d8

SHA256
18ccefb8c5c6fee0d17610f19e4f13fa2b79e478d76bf50fbe79692b126160cc

SHA512
1035740ce1af301bcd5a5bcff128a348b3ee2227e7b4fc6377f6396a03d18db56a28c4a1d2154ad2afcc721807639107675e5f096109a805a63479ec53810048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6023c694f297908980b608ad50733545

SHA1
d96fdb002732735d9f0a98ca239668fc7d00d4e5

SHA256
bcf35ff070d020a72fcb48266317357ec8b1369bd1a043a8da70bd12444b26f5

SHA512
fc4b141feeb5a43da67443bebdc69822bc053d40f745f250071396d9d3cd7aa6ec8fcb3ebfc7d7987057a062da52ea1d1783a74019f13f6fc20309eebec6542e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
909f4cda4aa69e87fb06c104d99e454e

SHA1
bedec95b6ca006cef33ad06cab9f7712bc54fcae

SHA256
e2b653791e2985b6534407985dbf51ee1e60e100ac3b85043a120e4094ed7c36

SHA512
64f553b2da6276659a6f600ca2cee81190023d4e7682f3a62c1d6f5d30faad34d7ead5bff81544a1ba1e7800c1a376882c0d1cd9c85cc60339809123547ad13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0006a60c466f6bcec5661a10820d037c

SHA1
8eca4d1c6e7a5bdc3029eff25052ad163db47703

SHA256
d527d384677968127d9a3335b010e2a9440e4687d11512acb6a4a825dc87e089

SHA512
89384ba8c7d991bc3eef2782e15b35934df54e532fba5478527b3b2656189aeabf621d06b1826146a3a9d97ac82581a227256bd7d247f5f87157f745bf876bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f79e.TMP

Filesize
204B

MD5
da8274380b081ff5264cc3ab4634a050

SHA1
951aa61124596cecb4879ddb0a257f53ae3f6b6f

SHA256
65f18a429689b904e2ae46486784991b6f499d66658bba4c49c1ea35c640075c

SHA512
2bb98c4bc38f9aa1de2ab5cac949af92168a0777624f87651c9ca5bf7f4c9d5182f8360f6bc8bb1706889b5fc1bdb60e50f90bd9fe4774bfe5e4778d4085b5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
efecab5be24543595ccb1815a7d12945

SHA1
59e36f00221920f8d218a2fbf06e40217b0e56a3

SHA256
6e877f416a25a17c1bbab9ebdddca1bcd3c856c2e9d2c8df0a199c455cd4635c

SHA512
9e9eae4869db5f5978de2fedd8c16b057875bd3555ac726a54d079fab73c30f19321ff5c191461454de2b9dede0369427021a2a2ba0980160d4475f3805cb726

Download Submit