hxxps://drive[.]google[.]com/drive/folders/17S1RqO0FRTe3IO0_qavwf1NLetpffngX?usp=drive_link

Resubmissions

05-08-2024 01:34

240805-bzgw4ashrq 6

05-08-2024 01:29

240805-bwqptswhqa 6

Analysis

max time kernel
1777s
max time network
1783s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-08-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/17S1RqO0FRTe3IO0_qavwf1NLetpffngX?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4208	msedge.exe
4208	msedge.exe
2188	msedge.exe
2188	msedge.exe
3484	msedge.exe
3484	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 4832	2188	msedge.exe	79
PID 2188 wrote to memory of 4832	2188	msedge.exe	79
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4032	2188	msedge.exe	80
PID 2188 wrote to memory of 4208	2188	msedge.exe	81
PID 2188 wrote to memory of 4208	2188	msedge.exe	81
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82
PID 2188 wrote to memory of 2956	2188	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/17S1RqO0FRTe3IO0_qavwf1NLetpffngX?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd7183cb8,0x7ffbd7183cc8,0x7ffbd7183cd8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5202844797608512150,4233896179989781904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3dea2eff-cef0-4535-940c-6a5526b648f9.tmp

Filesize
10KB

MD5
21c52bf95edaf89c287b5f3b42511a76

SHA1
e3881261409e1f12be6113ed864fbddffa2913cb

SHA256
dba3bb139702ee14e6056ed1afa72b2f09400c6f51f8fd3ad604725924b50500

SHA512
eb7aaaaa65bee8579f690706e6927062b1a7b64dc2d05e2d91527d0f8e6f3bdec91737d9cb82f39a808e9d04ca15fe5e4392e6db5bd69db6d9369d12075e6881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
1d973b904343fcc8a32fe7f26a6b72cb

SHA1
8e403931fb177e6d9cfb99ebed2a364a2be992c9

SHA256
da71bc034fa6747a53b017953cd32df063b5807ac95ba40bfd321bcc2ca05b65

SHA512
e2381ac44dfd5ed739ac0210e4efcc8b786452eed6c7f16b2d94ea5e7cc0243290ffb6757894ed631e612359dc390ef6ff401df29526ed60b6158bc11cb5c927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
786d8ac010e062488d61e34540ee7d40

SHA1
efb63e73ab64e6a110fd636bb66bceff8a76a956

SHA256
f89566a5048fed36d00d628816386d36ed12da25079beec44e8d5cee6a23927e

SHA512
73a2cf656ce2739a365527bd07244e54bafdce994b7865d1cf9d69d733d36e3bcb9ddafe4cc9f17e965db662286d04427d253d7fd08b31bc43c2047b07d50663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d1ca100b15264e68e54189bcb615f299

SHA1
1b65daf783df24732841b865b617f392f3e15965

SHA256
9b90a51fc685dbb1c47ba59f0daf846db191f444bf584a0ceb3a62e0584bf449

SHA512
c984f8618e74ac78f6564d05806c55b107e06da6cdff4a218934a217c7ff7d2382543bf799536ccba4ba13ef1e726b92fb47c65f5703a420891919de83759162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f4d4984b2d4124afe5ff6ce9981036d1

SHA1
a36cde43d5f0bac0b7b15900280f171df9edfd21

SHA256
6bd16fd5ffa692165b6e82fc875319ebec0dd264d85126b1fe019b788f67b3e1

SHA512
ad8bc4f587499a8ea2cc6052cde72b74af393721b113fa07d5f1e5f2757e9fc664c6fd66b5fc9dfdf04a1f31cfb30f214ec983ed6ca4a810a4f5bf8a3ee84d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f556b3ad11c175ffc7382ca1ef1d6e8a

SHA1
7ad0ee18eb41ca20d1ea14110b8182cb7ee7643d

SHA256
0054859a73e157b185688f5f105b2d542e45198afecc7453da52c3d16b10e509

SHA512
4348f250145a80b7511ba57dd7a827cff6fc4dd44e228c75293b627468d162af5ef0362abadb0c4333bda8ecb9a7898d7d1cb1d0a3ec6d95b164f4897e12749c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
15bdcc91a95a0555f5d6d9ea3f5c3042

SHA1
ca6c7125b61a5924f937394d7f04b5a72b5f0f37

SHA256
a71261e849441fd1dad957efce5850f55bdffcc2a2b09e7f4feafee3c497058b

SHA512
9583331316e1ab29472bbfc795c89417b3c0a20a620e173e71e7a3157171a174dd7d5b9643940493439b6991300e406adb36ee10df23b651862766f946e64501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
40cd76da14128e2e52944472194a3c22

SHA1
e8e7ccf81db90de13450459fd7c060257075854c

SHA256
9f71ead3222601b75355d99f2488bfbc15b94afa14eac09ba8b86f1afa32cad0

SHA512
2f7ab4d9ff0b05f31ac66705f5af63fa494920b491ae44d26611e95b9dc079e1e2d7cad58c9ffecb4e24e4cbeb2f52d096572c47805f789ab2241dbb11663bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3a9c3ff02270bf3a2e40462e26aa8ce1

SHA1
e56c672c5b1a93ba24fe4fac74ebc4300810a96f

SHA256
9f65c2639ab337d0bde6b6d133858f63e2b769487c0e3a71771006fe8eebaa3f

SHA512
702217910973495a10c2c7ede6b7542c167815374833be759d3fafc276ef69ef169a41bedd0caa2671007d5e163ff8adc3283c17133507e9834cf220c68e077a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7876ad74598933626b0986fd042a22d4

SHA1
69851ca0576e26d78fce2c0ba3180f55bfb1d88f

SHA256
c10872279611d150f3e571d056f5beca3c439b9e8a6b8352bf34d6887328d43e

SHA512
f36af5c92c0454ace473d0ab8bf92590169b027923c85f59122f617d12251eb1b3347f0a69de14059c90c790d328f2bfffdad69b4e7999ab5dd47cca7d3d856e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
83537adff8016000f8952a7e42608249

SHA1
adacac20550b049037c1c9235081f635391a77de

SHA256
ad1c247314a2b72e93b8420eabd07b189944a0e997ea1ebc1f524e9ea1b799e0

SHA512
12fc33faac0a5a0665cba6b5053af716040f9c5bc9553ad656502a7b95bb620785ea5293d5ac8f6baa844d8d40732396ef0037c4a0fb3595adc5f2fd0360678e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fc04feb68cc92d0a2cb66089b2872bd9

SHA1
6a1b45d2f5b547faf5f896d85d3c439709a3e230

SHA256
d011628e6c4c570907bc648ebc9eb8414b2cf3505fcdd9ff70760641bca9cdb2

SHA512
86a3251a8adc659ab9b696bf524bab903c8d67ac6a19a4e871eb7aca1eb119a43fe2262a5b2ddde7d3c30cc3a845d09970d5603456994b3acbe35283eb7fe21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
295ac2265cbd60df2877bc84c86ba085

SHA1
f6713622fba1a52646e812324e1b118b65f33c1b

SHA256
13353d1e38a6e61fb3e24cc204e8a1a310d6ae0abf1d009e228a23f15e9db485

SHA512
7f352f03c1c372a4640b93e470f324cd9d4445a76ab4b1b1260ad20d9c5ae2ae2acd4e1f55e7c5a42676fb77ef840ca916985109e4e1c98a4e8aecbcd45fa276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
404d0383f12704a747f9b2c9ff570a31

SHA1
3f7afb40a4d01a4cd626cadee8ddf9beb38fb9bc

SHA256
97860ed638026cad4c6c6ea52577ca43b054ff8fdd2ec3a4c3802fd1a7a3b698

SHA512
bfa7f03c679803abf5e5db300b11014b438ee02ccc272854d58596a787fb96b911c6ea213b18a8e79cec732761e9cc72da5b0e207c129cff696bbe4736200ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cc0657d0da65b722c321fb2e55c82451

SHA1
a93f32d06900da1ce8bc5b62bd6f253f0803973d

SHA256
06415a780089637cacf10b098eb833d0eb1aa32075531657c496c0b10daf5777

SHA512
b55059c4b2d1e3947e4a0691323b71d2c48d093de17975d3d9293ed39e236afd9aa9ed7eb73387c9c0160a6209200c3dcc6d91435e4498486116d3c72f216ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
947cd1e05d168288dd89f3afea35b117

SHA1
8b89970e609162b76919322116bca09b9a5cb810

SHA256
0ea78241084cccee85997f7c2ecea3ae4319516474daa1ae424a89a177575873

SHA512
a3b652834d6056bd7bf486717d96cfda1396b71ecf5156abae73398ee96e47a895f86c48d63c4630a0852b6d22da7f1c0f3bf565880507881207ff57886e76f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1c7f9a07127bb939ff0cb449c7f23fa0

SHA1
e4e9ae0d7a23647b70cc667fdcc9297f913a892d

SHA256
0746aba01096d0f006d53c4b423bde17e1ed9bb47eb63c56f774575aaaf0eb61

SHA512
a12b546b321f9b01430015c51df665b6f92981e32585cc80e815263735e0323f091c585acc238cadd3f1930c73a5961b850263c8248dd30a871d2c9d4b4cccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
df91303430a8787c309499a09a2e5d88

SHA1
3084ce51d81e7d8e472b82f3743e1214042824e8

SHA256
221e6165a0489211f9929cc91cea2f72a1d0d2b73337bb67e60e1438838a4cc2

SHA512
c366e6ccaf81a8d2aa85bc9da33935af68acf2b9aeed3b848bee60ae9a79ec95c5e1ed55abbce8e7b93d71ff57e3db0d645c2bb628e4b653f46a25b27892f288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
56fa91be5587e7b9a2ef525387bcc925

SHA1
8a324c6e1c3026fdef56ab88056b99e07af262a0

SHA256
8d6903d49f88a5a2f690b2491b1e37e250412e28688433fdb54f51bf84c469e2

SHA512
05911e8774815156abb16871a2ea68df7ddb46ee8fbb9147dc05ee49c2cc4b13e7711bd0f9236b9e22d02a175785694ab863efc968b686c79e3598bc488c6d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
59779ae9f2f0c8312178e6dee3f016ff

SHA1
86bcdf4a50676e1aa30b63525f114a380d8bd816

SHA256
a23a9a20b2ecff3569f698f083755bdc0f343bf174029bb793ce179f32a1c625

SHA512
d98302eb4ef5ba96de17f18bc89dc544b2c6e60fecd4609a1d01e6b670228d34cb15e18d05c513fced2961f09aa2d0d444335b14013358509988046933228552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd6762f5a434df29a78304ccce829f46

SHA1
f1ca394b1efffc32f64ab9d49436d0dbea1bf753

SHA256
58d5dda6160818db63ab6f47b45501972d71db47c1b3981490b53f3274b8de0d

SHA512
5a5527eca096f74ae928fa3b978b96e5ece603e3890cf030679c99b99b1585392ac6400fdd58700fba0b435ad546070a877989f0a76dc575cadf32a2f9f020d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db683a6d8cd711f4378ad080b6ce9e19

SHA1
1f0cb7de2a4a9a101cf30760994ec65f3560ab78

SHA256
f81765b1ff80a805da378bd927c28bfaa5c4ef40f334174ab8ecc6526d9684d2

SHA512
d6e8c7a4e9d3423abffa06f8b524a91f1a75ae9937ed22843f166d2811e9bb098c68e3c95f4ddc8bf65e76f64462787af2c0170c7fa607518998db49e08a6608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a087bdf31ce19373150034596795fd66

SHA1
90a97b07ba74c73445872e0b2eabb3d6585e7b69

SHA256
6c0a975f4a42cf5bf92b24292aa797e44a4c0d20bb9be564f2f0fccd96615ffb

SHA512
67e1284beb0183d4c7ef9503876f193df1e6a5b2fbb64c9943bee61ca7a9811aa451e23fc69d391b27f8c43835ee0c77888529445688a2c2de64fcf01aa72661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589a95.TMP

Filesize
1KB

MD5
397dee9886dad653296322ca012c2fe6

SHA1
347a7b242bff60b20686d6e55d3a9bee574d92f3

SHA256
d961afd7b1091b7e23c4d96e81f846a27fb4a0eec984bab051103d6632b9add9

SHA512
1d7d7e07afeb44e56e9f7fd63c14d735d55f78e734923b7703c0554160860c413dbfda64520c8d2c914d45bd98ce76c44a46e8cc6d83c9b807adaf41e14afeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a014efbba3e4eb6392ede67c9f83852

SHA1
a457e03f454fee5559c7e923e8500e56a64bdab1

SHA256
07ca3575aa2d974ba4ab8d3bcd83627e852c14134f29c9ebba656396a0f2c999

SHA512
42557ddca7448a5aaf492f67e66bda8b768018258a1ae3d00485696490d56a51c565947e777ffb2c5ac4d9321db30d0a8975df4c2dc259df5a88a9bc2f213d06

Download Submit