hxxps://drive[.]google[.]com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Analysis

max time kernel
1731s
max time network
1736s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
4252	msedge.exe
4252	msedge.exe
232	identity_helper.exe
232	identity_helper.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 1972	4252	msedge.exe	83
PID 4252 wrote to memory of 1972	4252	msedge.exe	83
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 4532	4252	msedge.exe	85
PID 4252 wrote to memory of 5072	4252	msedge.exe	86
PID 4252 wrote to memory of 5072	4252	msedge.exe	86
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87
PID 4252 wrote to memory of 2784	4252	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff925146f8,0x7fff92514708,0x7fff92514718
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7959545481870542282,12694545839299267784,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
141171e3129fb1e427ce228eea1f47b1

SHA1
4d18613c52677e212eacd77c7d541a019af0a434

SHA256
0ad9a98bce8407b2e501606c0e6de3e5aa42ab4253d123b1c19bfa3854b32214

SHA512
50cd6395deca3b7accf52864a8d8c00897d23439f8208524744c96f6de2cae60aef20325acbca455f29d39d71c8fb556d3763a80512b2ee9bde55a18d7e14894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f377a93da30066b109632226fd08e549

SHA1
8e4be7467a96853a6f1fc2e44da04e93c22fe585

SHA256
c53637743cfacf49e074529e8bf497e24c7b2f2e8c383edcbe4c2efa41adc93a

SHA512
acc1f7dd01863b9064e84d5a450fee1d73e7e13bdf7eaf672ee6324065292f0aab3a8167a90cb060de2596ef8d212f68a8975890c570317598c7d0bf8ebc29b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
36b8473868eac8fe636a8df23f817743

SHA1
11d652f7dbbc0011200fa9a586ccfb16b32d5651

SHA256
8363b389af6447310f26ebad339a49c04b270c46bbc7318c68ecf69de3ad13a7

SHA512
065a49db64521e4a8de1f25c661efcde6320cd2e8df24b8fc74dc4decfbefdde8db35e9d64c2f89123ad958d22529309c267f2bff94af21b0aa34bb144266dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4332a2011a814aa6f2ed3b4a3bf9f2a8

SHA1
94e273976b5f7b2d81f746bb29f0bf7ba4da91c9

SHA256
c566b1b5f464c4a6cb772e921979560eb8aec1d30b7b9a3fc7e1cb2085a3631d

SHA512
b11b1fda408b93786a71ef800f1baa5c96f048f0a8446cb152042cce16b0231276bf9a78d400e5765e38c5e0658aa656c7a2284634e7f75dc985da9caad997e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d2434812a50f712b5b7891b6c62d33d4

SHA1
7dcab7ed29c14ed4222981dfd0dcba42ee100780

SHA256
1bd21d6e79aab1b8fb5d9c26a6acbfc62d2f7b1845f914283bb2fd77bed91c5d

SHA512
31092557f7552a83b179bc8956967cc108fa791db4586297fd26875eb81ac3b065cb87d82e98009bf6a31ca0612468e6f2fee6a149bac0783f0a2134b272af33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e83b9a04648910256b5edad85f3933bd

SHA1
bff09e1f74075dda9b788a68287857a763a16273

SHA256
24e31addb993d4fa83c0f6745e05817dda6447a3e0dfeb165d08666d38563582

SHA512
8dd1d1acc3f9ad8901f299bf42aaa3afdd2ef706d91753613bc94e2aa4cd27546fdcf17ace43e689b457066b6eac50f35e5aa22f070f921956ae0b3281c82308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
393db79208ef2645a131ff427f44dfbd

SHA1
3a3d5c184b3061275464acb3980fd01432b4354a

SHA256
6c171cc40ba9c1f3fdfd595097cbe5970f236aa6c75078d5c3ae3a10e65370dc

SHA512
000fc57eebf367c6812088e6ae23ac073a11450e3f4eb51d54c4d035d6c0419801437fa9728568490b0a839300377db5ef95dde73f69c8f181e1dc48604f019c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fdeecffec518a481a2fbd39d1415b5c4

SHA1
1abee7160d25d32e49160fb3ff33e8b778916bce

SHA256
aaa1b3b392f4514598e4f356b804307d8e3fbaa3de286bdb96ca12ebc761018a

SHA512
4f60c092a43b123efeeeb0ef886847e63693838e4be87aca36905a214d5e0f0c147f6b8732bbcdf0fe36c50b17750cde9d25a10076c97b406d9d2434461bd061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
25984e795b35dd0d3d3840fef02bcdfc

SHA1
66d11873a0866b242dfbc2686b0fbfa0f6f92021

SHA256
0024b05aa6c0f92bd7db36ebf82a357801a0f8aa8ffd19458d4bba0c46564a28

SHA512
fc877c8919e62894f94ddd9787ba6bccadee43d4a908ee9320d06942c47c5289310ea40a6dc01eb7f3fa3d1f60219c9255881533fcbdd5a565e02eb16c2432bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c2b744192d74eb386735109a64a61884

SHA1
6855fba5b46d5dbae3436b394031ba39e2dc5296

SHA256
2a9896c67bbab99b66c3d2f39563361363c791842c3480e395dd6cb5d7f6f9a6

SHA512
0074e343958e4475a4903243ceea0c4c0dd6b5ac66a7fafff65b76f54838fb91b9762bd7526e176b9cceb041e3f7b8a705b292c6623876e287d1443b94092221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
40dd274b32e39ec659ecf80fe6821faa

SHA1
6c25345a0283e6b277f9460de7235f96412496bc

SHA256
48f6bbe83992df10eb56f6f4d8c63ce1e6b23d5ab15061bd7e331cb31a5e3e9d

SHA512
a2eb6bdc990bceeb65c8c47482c9c4571806d8320369d45bad7765db1afd0ba80f02ecb3b8ca537b261922f5b016eefd77ea23d48a9745eea2ea78f3385a5ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
00fb76042abf942807ac874d50ae9359

SHA1
cdd40f4003f44a83abf8169ebbc69b291ab5c4a8

SHA256
026286fda31061f0a8218a423a0e5376e3afbd800bea85562cd4091e2ebf2387

SHA512
351da10f32b41e655017e4a24788c9a55c8a8a460a352c6e96d68e887cf8c8f04dc581521aa35ebc3f8f51d673ba9935f478fbe42511e586e8fcc39820cd40ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
00b285c89b2dbaa0567366c8f4ec662c

SHA1
4c9ca34f56f83f5b33df3c23266bb2f0ef5d60cc

SHA256
1c20301375b2cb1f9ce3d0ae30f50f0a6dde895673833f611cd40b2cc852d582

SHA512
091999c294b59f0b463cea758686b2a98247ecd19e6e632fb7ea1e116cc71fba258e6ff4ad72df91e77a2edfe71cc259b054d836bbb25053af94a4e018085ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
62fdc83d7a7902e8948378b2393e3750

SHA1
5fae6af48b9c45a88b954d48390a6817afb70405

SHA256
aa8fbe29cfd9a2d2d2e91902470b3cbf0cbd17237e993c65a4fa22061f0ece2d

SHA512
cb6c2bce3e1e311b7d121210019d57535e975d92ad38224e3c2011656ab006b4e6a446fc262a2eef680d7235d3a0ff4a5ba694d2e87d3a1384b093bf2d554b5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8df82107aeab3b7d2713bcdf8d724a06

SHA1
c25a73bae84036f45ae7676c6ee62b1b74ac0a24

SHA256
8e31db78895bfbbb80d6c8d61726cde1900e051c5b2b1599082b20458674d36a

SHA512
915118a25da1b5023bf30c925e513325bcf8e2f01d614e882e85f8d7aa0d33f80c1823a95e56128db33c1e34ef3d9b49a7a25147dd36d15bce2e058bf25791e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ff22c3c1a4cfc5e369f38f946cd50d17

SHA1
ee3e2dec6f4427a2d779a8ef122b570841f8bcc3

SHA256
46ef819f11c82b25208f750acf4ccb1b3d48a62e674647e302ef1d3dc8151161

SHA512
5b802343c9bfcf42ec8bbff9b1f7f87186bca7ce344cafd31a2edf34c6280ac4705386ab11c3b6e409b54dc3c92d3320e6c2378fff4fb22ea2443128e3a52138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
21a22960b5cde8472be90d063254917c

SHA1
b2f1e9bf4b81175796028e8f0ffcf517943c6521

SHA256
00adf70f626b6b50ecdd64244dcb8f042ef8b9f40594aea37001d414d9e4e883

SHA512
d1e28d59c84a6e9192c2ba9314322d4de9da59048b72ef5443f77c11d5f76701ac98c4430919232af95b62f5c0581002761e11a293ea30608c047da199c2d939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
121ff439e83ca8eb06d4d22d54505793

SHA1
dd485a7d72c96470ef8c46a9b73dce20f62fff76

SHA256
e8c9c0724a66131b4fdb40489af75f688bddc4d0610266312d9ec48b8bb3eed1

SHA512
44ae6b35c1044c058ead654558374d3ce720d5df6e7c2b75999ef03fa2f52254d177fbdd5edc2574fd4137c4c758bf1c823350c9c310d07ebe4f5963e8f9d5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b88efb31770d760c4aa6b92bf09ab254

SHA1
b4ed555b92c51512dbb528d661db31dcda92368f

SHA256
5c260b70fcd62f89b909c7b1e0937607f2d53ea0268e1b31aebb2d95ce1ebd96

SHA512
23445ec7f2efa4fcd09f8a54c65c98ffb80756bd08eb37db7155099b5297fc879d54bcbc247e45882b1a387b0be6625cb67fb3a6e9689dde462afea6da80b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fd77cdfde92563232d9b2310b4a8177

SHA1
d1171efd3addd2ee07e886d2ef4b2112b50ed9a4

SHA256
68270876a8b927eed983c5009025660048bbf03b67648ffae8d02de8ff434118

SHA512
7d59e8f206837f34c9146680210a986e48291ab45821f131ab0766de9f0e5fa7ccb1180d320816c02a4b635bf8cd158ff5d30b888cbdd69fe7446d3566cc6bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b113c7484f57a5944746a4c4e6bb4e9

SHA1
611fa5830b841dd961b257fb900edf1c9a5aa54b

SHA256
3cf1f8f84e129f891447fea4a4c6978484fb9992fd7b575c7efd18192868d6d7

SHA512
afa3e9d4209a81bf8bb1a95791faf66033a5341d7d43505cf9534bc7d57793cc5a0bdf0b68b7a1758eef98d1cfcf17e54034d2e5e22306f17046293478dff56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
032f29eb8d977bf3c17a0ed14e30bf18

SHA1
4c080f1568d533cc7a2d370c83680f233a692444

SHA256
73ca7d24c9269321447ee590558017c9dd0b59873ffe3fff8ec291a23fe966c3

SHA512
abf1003ad6b69c5ff72e088bd40fdb3279444fd4b8483633a235d9637b75f50f21414e30dc12daa584b9f0100abc92b20010030d2e0f5ac24bb1857c7302e094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a3e3f46dd500493e6fb1a59eb5487c9

SHA1
d8945a415e809b56414314982b1f0dc0ddef4ddc

SHA256
7cd538c8e906bad75da5bd06bb55b16ca910a45dc4755c275fcc2513bfb5bd05

SHA512
de89d2e3b1ba78dcaa791d7223c696ea6a903c8c8dfbf1467e2133df5ed0a2427bd649b87f17b5966d5d7772600ed689eef120603e1800abdc11796a8040eaf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582229.TMP

Filesize
707B

MD5
29cb7a1ff6d94af432dff30f9342da58

SHA1
c7c853c95d5ecd641a17dd5812265dfba29e662a

SHA256
91feb9d28feb36ee2ff331a8391d592587884a7b26aea31496cccf8c92cdc3d7

SHA512
b00330be7fc63cda0f4cc10f2be865e6941164a8be58c1ee12ed488fe884fbf015a20b917a02f44a9077875ceedeb43c0cf782cf7a1a4c8108329111665ce759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e68d6e9d5d9f7aecfdcec7baaabeed4

SHA1
6c5ea1fee19fee3a2c23e05b0ff1efaa26d49667

SHA256
e6910215b7c46cebb9ccb23f2c62ae7b0598015d4eeb9c740fe467f00b126699

SHA512
695d0f07e5bd83c80e10b6fa0affb6a5e7d1ad3b3db70d381855b341e326bcceb06af12df1b2738dbe0bcd203197ee4dd4d747ba611aac6118ff67014ea86132

Download Submit