hxxps://drive[.]google[.]com/drive/folders/188HIssXvxpMoP6Khlgdn-cZ_Q1njjIQO?usp=sharing

Resubmissions

04-01-2025 02:03

250104-cgtzdavqbz 6

04-01-2025 01:58

250104-cdtjfavnbx 6

Analysis

max time kernel
1016s
max time network
1017s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/188HIssXvxpMoP6Khlgdn-cZ_Q1njjIQO?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
156	drive.google.com
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
3736	msedge.exe
3736	msedge.exe
456	identity_helper.exe
456	identity_helper.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 2936	3736	msedge.exe	83
PID 3736 wrote to memory of 2936	3736	msedge.exe	83
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 3988	3736	msedge.exe	84
PID 3736 wrote to memory of 4576	3736	msedge.exe	85
PID 3736 wrote to memory of 4576	3736	msedge.exe	85
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86
PID 3736 wrote to memory of 5048	3736	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/188HIssXvxpMoP6Khlgdn-cZ_Q1njjIQO?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98b4246f8,0x7ff98b424708,0x7ff98b424718
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5552 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9429810053418930211,11884811668590569972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
  2⤵
  PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1c1a46ce-b3cc-4ec2-b490-97173b296c59.tmp

Filesize
1KB

MD5
15f8cad6ffef991c1fb0b11d41dc4e4d

SHA1
f61becb07b32bc7a7af4a7a57334c7331d160d9a

SHA256
d58b15644fa80cc3020cd96631d612b56fd2793b536657ccf60c5f63236e3273

SHA512
c175b2fafe403cc6867f6e2fd6e453aab1e59ad1c3e24cce16a2771c3a43eae59543f3f8307abf9740b5c62bef3b6b114d830eb1851843b16b437f83d4506082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6f9723a5-1d57-4b1a-8369-d8c9f4ef76b7.tmp

Filesize
1KB

MD5
184a5ced725a5f280666a57840b1e24a

SHA1
80e4161e197dbc38c12cc67224582ef5f4927ea0

SHA256
fe93d52b679ba5c2cddededc40c941db6dacd36f5d58029b5396bfbd1ec8a56d

SHA512
4daf6a995651d3d6b023600f4c525d768191ffcc7dc1e1c01d7f0e29c0bf0d0535476b7fa468b74e0bfe9110eeb2fe7e8b916a371a24cdf546e04ed9bc832f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
79d637dbc6e65fb7febe0c8669ca7b83

SHA1
4fd2bee73106216c6b6f18c7a70b9f5ef502a88d

SHA256
faced8aa13836278d0e8110e4286e22954394a6702efee6ca9fd08a5773710d3

SHA512
db8a4660d3a877d040578cce876523bbeb569ed2f18b7b8b6d51ac462583ef310618f2ac743f6fe8f5354ad5829cf850acf353a9b3a2364fbebc084ddd09e436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
33550d197b247ce56e18ac90a03d0530

SHA1
87920aacb6b61089e3118e2b17781ef9fdfb15cf

SHA256
3d8f2e7a5a7502a159706f93d9a9a700bd79a7d3a6d0e2028aabf18fd2697683

SHA512
218de545348483546ddffbe788bcb3f1cd6243e1f17bccde1815d7f83ed2eeb05e522b806483d564c97f44a028f48ea87636eec4f9e5322977a32e7b5366a377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8e58d2e8f4da71c3b4d3f1965de39a6f

SHA1
2dd0c6dfe9b2812abd7179d1c9c8b9dd2c94bd1a

SHA256
aabd17e149d522b898a83dbef7029eae69e5a1c2544f72d4e632fdc93f364208

SHA512
31b8a6bfc37c0483e817b5c87f169d5eec71b21fd9c0095c039d58a9b92355a442499f452a18c8f7b3a321459c207919419e17a791340f4a497371b34d277a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
32cb5f8eebe54e76141fd16cbe91b234

SHA1
024229383a463d75ebb375cc0b8832b628e73db8

SHA256
2c2a877b3ca2bddd6f443d089ff00f31610e5343d954aeae476627cc5897dd8d

SHA512
2fd152725f4d6bc8a443456b1d38c053049361d067299f51b09a8572f8055eb012b7667ab8139388e290d787600236fb43f5fc2bf6d08b91b770dabdda5b8ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
010a0a12eb89634e0a6697883173a7b1

SHA1
261174a44808e793fd85fa76c56a5bbb87f655fc

SHA256
80ca15cedbfb179f212fabad0a7f4d87b56ae0e0c1f353f76c2db16ee6d5c3df

SHA512
84dab44f9bd0d6aca3d4e0040411f80ede6d4f21de543bdcfe93bab3d644eaddb09e522fb96dcb367e276b5645d69fa89b3d5c65a9988d259836c9ea59bb2567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c03064d4e250727a985b5abbe44d0d34

SHA1
fb57eec19000a4823efa3e58d4ac94541f161a6c

SHA256
d319e908b1ea9f85fdcec7a45c567dbc0a61683a88071f535ccb96de35d424f6

SHA512
002f2bb168f274d66337045afb6f62c1df99b3e339549a7c5e355d846a4e8853a68ca618b6d16012629010ffbcb7f9d23def1b8b294e9d57e3b943667c7bf416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7745226e3b4d38866abe96b8c4929e3c

SHA1
6a1ae3c6b558da8434f67c5dff96d7fc8de8d5b4

SHA256
0778256f1fb1053bf5912df66020fdc1aa82a863137e5732bd879f5346ac4d1b

SHA512
2254e8ff3b522ba8af6013a746ec5eba6c1fbc8b5bc24b4c23bd6279a18d68e50d939379bf25de5b2b35e978974ed1a19ff5f48db35ecfa7825c77636c789a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d63b5b5893a41b795521193b1907667

SHA1
9d3b75fe36daeb4ba9e538f9243e5a8a06880d0c

SHA256
42d552d56aa9952b34cfb825e945915e158641c39d7aeae69208a5a0eb8888d3

SHA512
f56b9ca592d5c816d5e358c31675fe43a8e4e2949a402bf8e3b8b35c7e2220f196b8ef461f3e146344bf67fb70390736f713880786d7aa5fe43ed872c28e775b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b4cb8ca8762d54e55f85203676e751ee

SHA1
0b6348cbc6b806e03462674af625b3c8c2785575

SHA256
802cef8db16593e7e83c41af1a297dc98ee0a4abd3a5558e3b6a250c2b44235f

SHA512
37e64cc4a42edfa7f17464a2ca970b020df3d7240d52914d922a5f12af0f106e2e7104be8acb97af19f428dcf7b3b5efbdb24774985d89c161c6748f0b2fe78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3c5b6d28b957dcad2995e50636a70a76

SHA1
fad37738f031e38941fdc77124e7723f7feb2f6f

SHA256
4665dbde55094440670873fb7e01f7393051c6919dd502310160de08e0eebac5

SHA512
31d1c343d2b945d03decd70e4bc5b9bc68fb611abb7a3f3c7fc479bf39b6b2013546d9df67dc31f1ef5c4a746ec116746f3bda6ec8e6ef0a1fa079639deb376f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5806d1.TMP

Filesize
48B

MD5
6eed1b5edff14504a6da41e9a4533b47

SHA1
4782925c17d23768016ea4b0714f5cb54d38250d

SHA256
a6cf3b003a0eaf69291958811eba512650df6e6aca96329348fdd98e431702d8

SHA512
f4e0b5692f34f98d9b9f6d08c3ddf547a54ffed8b088fe23a3d76507102e9e3d16921ccca5b90c82e99be0d0b419fc1844b0867860701d1cb5e0ba4a3ec3d2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a01f19544c098fa197df3bda0c4033ba

SHA1
471afde2a61e915eab6250cf0d8ba7de13500b4e

SHA256
a7313d925723123ca36ff5986693411e04d7784587c6b8bfe969a6455fa13be8

SHA512
05cc3d7e2b02c63cd7a1b3cd3fe0aa4d234d6b31b019a84ca9f344487258a2e49d6dbd1d0831f54338ae7187ad596bdbfe13b058311999a8f7096f2ce135aaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e8a66ceca27778e4c5aa637aea53d6a

SHA1
2cb85a2c37d415301ea379ee7fd7e30353b2fa7e

SHA256
68c5c4714420d959e07fc8320c0615851c9864229c54be3beafb53bbcb1d7abc

SHA512
de6898cb1fa296b50379d11804f66b3521f5ed6bad9b2027d9a7a6f16139d39581cdbf35a6cda71b2dbf16ca83badca86c3852110a1747bba740fc1a12acbbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1ab99a676ef1db3557c1334714fbfce3

SHA1
cf1c05aa39e15ee559807f4317f285108bc09a94

SHA256
a5ec29e8725d2b1003c62e7ee7d80372f8de73434b98e1e9605c4777d1006040

SHA512
e40efb488a9841c324610e56ffdb12f278c53751065cf9dc5083ab31e0fa2eda6cca061f2ab893056ead33eaf7b95b544f22ed7d2aaaa3477abc55d04db01436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af7b9759a4a62e26d80e72cb41b7c44d

SHA1
0db5491245c1d9bd0fc0c63b14cbdeb3d195c970

SHA256
0b7c7a51400e24deb4ce52f02c94c8b382b37feca85680838cffa0663830a293

SHA512
4bd26195d42c52037655c8a9112a7eca5959028aa4150a595076cce0a8dab4ec03a0325377d28e5b1e91e64b2ca3716f2bfdf05c7375c0f97aa9f93ed5496041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91bbff263d46e86ab6da9706fb6d5a71

SHA1
43daee7d42db4174391aad78750cbffca5de9ffe

SHA256
e92f9cd7952ec75e963142ab37cf80b76aa0e0c0c3afc66364dea0361698b3a2

SHA512
3d177328e5f88d6586cbabc524d577f3213ed0d3ae4ef8c374520ca6306120da134b762b4b8ba895159dc76137d36dda45f84f9f3353bc06221ae85d8281ec1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63f27c4343d8e31ac0e8ececa5ae842b

SHA1
1a48c791f1128cd49e2d8ac9c33aa6bcdfa7378c

SHA256
a1c64a73b8493198ab16ff2ba2ed4fa35912d268cc5ebf49cfc4a70c7eb1f50a

SHA512
4309931efe63fa3490767695a91a5af64104266b6c36d4788335826b6dfcea3d08a7d8a47074b457149cf02304ec487948c2e3008bcacae011ca54442c63a007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c21a8663dcf95a05210b5141b52ca832

SHA1
bf62c4d14ab52e07f86180ee67e61f6a683c36dc

SHA256
5c0988ff1a0f87d5cbb685cd18052d53f919310c1a64c2b93e7ff2832ac30c6a

SHA512
16f5cb06945a786c68fbadcd87171e87f6c715302b6a804f747847780351b715e84056d3e59fa7aec65d8d758aa01025b3ba1401c314d80a02ae0e1ee21f6f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b26961bece738c9e394e746e43012e27

SHA1
9bf05c1ac70f5da39bfb0b81b612186e949b40db

SHA256
800e1a44f1380878458863149735b7d7fbab474bd7d778d7dafc1176217aa389

SHA512
b0af6d912f7972e138464dd8818457fdbe12d7c2efccf80a0036037d49216989e092037da1c228e007712e51d63d383cd9e4925084f18ba45fa5734f4810d72b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2041e3ca176506cab186647223ee50a0

SHA1
f3310faf9403a5fa86a3a4613e3588ad128c88be

SHA256
bd5c36f124e1fb3bef7df5949136336ce9fd0216993780a066b094baa78a7656

SHA512
69e4365b63cf8c086760f8cae50abc78c264586d5aced069097f91aca08780e4941db7c6535b66fa7d1789f2b45f17424a690dc543c2e51e2418a7cf2685d5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0805931dde6992dd46e63d96e9cae05f

SHA1
b4bf4d75d3e928251c638f9aa02c26a750fb8d7c

SHA256
9543968f6458796094f5dcdc59fa2450dbd79b4d95d4a76e03ec4bc824f6475d

SHA512
596c87c807b324255ff2168c0729f34cacd4057e67e54b96f1b3a05e95d5bf958653b8412b572ab3c5561ed3fede937a32142f21922319e94ec368a49f1a3f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cebd39e5ef885d56673a106baef5d16d

SHA1
c9c89b84b80f6905bc5b91fbb95e5fcbbd6f0720

SHA256
bfa0104c465f1bfcaea20cda2244948a66f35561c8a3f203452e8be7ce98770c

SHA512
f2b2f0365e38b560829d5c10b9d4ca8e713e396f5b2561c83a5ce5382fcb4cd8f8d0a0a09c0bf633b106d4a0b85b1e71350d0d7692001c6620695f378d406b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b629e991e6c52db60cbbffc08e0c6cd

SHA1
0e4b6f5c06dce77f1c264927253ec901a75f06bb

SHA256
8a2541abc24512f2765569531043396ba851d4c34b6ccdf111624bebe993a6b9

SHA512
6321a617748fa2863318110b18a7d938a10cf506d189a801507ed2e84243fadec8d6b705b7cf15e817f0c37b27dc84cb598633135fb697515c17e73702d2a3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
965894f78b04860cb241b81e5168193d

SHA1
e5ca8fe8f91076bfd5545337226e9954af904bae

SHA256
09e92c8c47b28074ff89132d4ef71668f0abfea063077a783d16c05870463bad

SHA512
51c6e7bc1fbd918cab0207da9c502bddcd1fcde16ef7018369924bff3895c7330bfe151c457431ab6a75c652109195ee620ad550f1e82011432f7339d8c909d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fc03.TMP

Filesize
1KB

MD5
3bab389a961fffaaa2b108f401400e5d

SHA1
60db695517990e566ff32fc530a739a064eaf1b9

SHA256
0ce05bbbfd01eb3101e9538c2e06501635e09d5dd6a07095a8a325ce03a760c2

SHA512
762d35e1973174f50bac37b4fd181350ec19da9925d498456b3db8921b8e95888363f38e86d8fa78cc0099fedf0720d38c6ef8df0858e3dbcbf7bf113103d5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e6ca49ed-fdda-4f49-a31d-d317efa202c4.tmp

Filesize
1KB

MD5
935b5f6c9978675a1bdfc2b742bcd4b2

SHA1
210e564b4ef6a9f0deb66d23f35e41907d867331

SHA256
d3bffffb4f9117fa90631669c2cbbb0b05e3385dbf6902fa7229d12d684813bd

SHA512
97bc816318d53952334ccdaec42f84c4d20e944b6af5aaf501ce316d55e1aca9c75ee057819c065b5f78c1ab3db8e8e2cd7976604a580f6208d3f634beac8174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0b3684cf2dc9d5653ccedaa69b8950d0

SHA1
9a252ec13e0ff74bab03aa05f5b58bfc38d7a716

SHA256
0f9ff699e1ee1ce2127fe080f6f2fabc84a72c81ef18ff8af6aeaeca0acf5647

SHA512
25aec5479698af7872463c33e8c1ceb9b41723467b757639e938a54c1af223a78717a8647bd5ec80dec0be7f6845ba7f447de9751e5eeb50fed1bbfd673f0c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e2690dd3d1db92a2bffe885e57872cab

SHA1
281425d7481a6f40fcea259d0855e5f0e2515f40

SHA256
b6d44e480f53ec3798a3a938c6ca127aa65e5a2e9728b9a126382ded1d86d04b

SHA512
051c4d59a81b3cff7dfa7224c2fe47c44078a464685f985a25b0ebea3f0b57bbcfa6eac2079a24fbc58a5b09003052128a61e897854a3a9f555c2df48395168d

Download Submit