hxxps://drive[.]google[.]com/drive/folders/15r5-2GmY2fIttXKG85Or4WgPg2Tvh0lX?usp=sharing

Analysis

max time kernel
1728s
max time network
1730s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-08-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/15r5-2GmY2fIttXKG85Or4WgPg2Tvh0lX?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5800	msedge.exe
5800	msedge.exe
5308	msedge.exe
5308	msedge.exe
2444	msedge.exe
2444	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5308 wrote to memory of 1444	5308	msedge.exe	81
PID 5308 wrote to memory of 1444	5308	msedge.exe	81
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 1352	5308	msedge.exe	82
PID 5308 wrote to memory of 5800	5308	msedge.exe	83
PID 5308 wrote to memory of 5800	5308	msedge.exe	83
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84
PID 5308 wrote to memory of 3792	5308	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/15r5-2GmY2fIttXKG85Or4WgPg2Tvh0lX?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff6a013cb8,0x7fff6a013cc8,0x7fff6a013cd8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,10948582079677480574,543633688156274830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2416 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a750a68b7a3a8cf216a268f9e9143326

SHA1
60de8de5942011bf7b94afb7ee1f1ae1c1002481

SHA256
c2af17d76adc9d0ebd18a98f779187b3489126a984171becc8c6b8d48e45e29c

SHA512
64bc04d5c90d96ccb07701f40438dcd25ac1aa956a78983a5cdd508fb2f786a3e5b0a1a4cdac02ff762fc18bc2e37f8db4c23af72631e983723126e83864136a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
a569d64c947ff07cae6b582b467b0ce0

SHA1
c426c25ee3c0471edb7fe3bd8c54733cc99e9a82

SHA256
104ad20cf66190aba50a042b46dd111e8e0e7799a33fc4847bb7688533d632f7

SHA512
02ab5e21fed5d56639fa2f3beb14f2ad0b91509aeeae01eb426773a9708f5f89dbb029a388bad63900e8bacd582dc26cb0deac7d2397b2c4be00223fc91c9722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2c226b863d6f8473c80c38b5a8d27ff0

SHA1
c9a55d66a88675653fcfc4789b93b8296bbbe053

SHA256
8219cd7f5e82342f95302a3e2fcf30410b21eb096d74f3a6827c1e5c92745a8f

SHA512
be6f04afb3e767d9db40becb96ad3a247471b227d0960249fc8ca13e2cb3a72df790c6252944fee20baf74b67c3e32304c1c900bbbbe9e9bdacdd1ff246576b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c82f03458bc81482d05384c1d426e8ad

SHA1
9e558a19f82dad6b604419a1acfb34956394dd1a

SHA256
c7c0ffbf1f8bf4258d9ffcd79dc8c5cc63a0d24e8c9f474b2a902fd0753cb74e

SHA512
7d0231e775c9df20f85ebdf444d29d2444fa933152c202fb78a566e8854fb816358d011cd81ed669d28582ed68b8a8b860a6c81578ea5af75ac2c43c957b1183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
608e4eee52886a290fb8e15f266ad503

SHA1
d8190a8f3edf6c05df2afd40a05d243151006495

SHA256
47cdf19d870bbdc1db7c20779a88a64e6f17f196989369a6987b12305c57d16c

SHA512
643772d0765490f1d05c3c0bea92e3256a0beba0116763e5823cfd7cb8bca263cd57602d571b7152735c6f1c6c75363c0d0f422b2fa46218f417bdfe78ef0c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8cdb9747ae85a6ddca8095518f4fc905

SHA1
e6ccb68811f090d0f0f8b50029601b1e2101b7b1

SHA256
2ffead71ba8d0c63a2593d38b50687e6040d170ae184257cb0c46b7afb1d32f2

SHA512
c6ad49c646b611f6456d4c2f179b4c2635a0f7ee142764a4f5168f68907e3216f48fa9193d9e0df811fcb93061fb61a072cbb4647577a64d4957ca45c35bf944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2704044481a12c10493a3eb7eecb743d

SHA1
e0ed3093ab38645f87828a9e96f69d0ec5008254

SHA256
26abae0d9549118755ed209264ad6aca1d5e41398af7f2d26364995c87209244

SHA512
cc715ea411f060d9af9f0ccb5802d72c628dc27ead11f754955f2bdc6fdcf8686474aced8c53c7a441507dad6be8c2de7b0bf153b8f1fc3f20e8563dfbab889e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8ad56c2cda37fdde99f806b69192224e

SHA1
f557703cd29954fdc72a57c75b634d742cdfaed5

SHA256
fc6550e44ec23eb4a59b98346bcc3bfe1c5de35f315e53d8afd7a636f671d8b0

SHA512
3c44a70a3d7c79a3a6b07d1ab9e9ca7bae69bad6d36762e14634c535a4e280313a1b3b8d892656ef8db192a2d15eeb443b037a0de1bef30003e24cd25b2289fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
93228d55d99b6d3b788b915f13ed19ba

SHA1
9ad2c587851e1316612401cb99724195f983274e

SHA256
52c4eb816a218d2eec4a669b8b1ef6c7a59661cf7597c14c1450c2151751e068

SHA512
2a6e274a95c8c38f19732ed792a0ee7c77543930742840556ab6d9b76bfc54d6def3d91e1be6e743b333dd7171c44dbe2ed97e324d7e435fe36021d51fb5b4d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fbfb6f602f84921582c17a666d7a74b8

SHA1
39a258d2eb3a9683df28429788e243c24173a8d3

SHA256
78806d90f73e075f03a8146419f0b2d2180b0be3e308d1ae99a9afd0d91f39d0

SHA512
0ab5622f0c0501692dab25072bc7e13fe614d4a7809fe4cebf075949840e98900a697000b92bd3be35d0eb6e929d47c6c845e7dbfeb06603d321898028552d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
95c8473f79a7c2f65d0560b392554894

SHA1
a3fcf7a7c30bef66e5e20bb9d5f1bbb801f621b5

SHA256
42461a6772fd4bb701642f8b6d234e4f2666676dc4405a60f1d243fcd891d7d5

SHA512
290e51af64bb8bbfc101c051cc0786a0a05e5e39dc9b345786dcc5a0fcb5ee1fea175bbd1df0593c1ead9e63a79cc966c0acb206ae5a33381d2318904a2471c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
34e2d4133aea0e9f30bf0b6628aa854b

SHA1
a33af210c26f485b32c9046e02b27e04be13eb62

SHA256
f5f1e334abdaca281f2dc42b7333e36a9ed151727862a919d567f98c7a71b72e

SHA512
d9508bc47bc32102fbb057e60bca83155f536c8c8b426065ebc4829942f732cea8315b5591b7872e1fab9d583451a30849fe752952777b9406d1263b4b5f2a9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
749900fe668e2116c69886345b78b57b

SHA1
8e0a9e8a50863290d89f1f273661c3a3b2f8a81a

SHA256
b62733f6f7f9ed194079358f13f5bb3e5a3557a59d947f69ad534cf10b8e97a7

SHA512
499d9d3decff2c95b8155483d8c8c286e6b5746480f8fa15753f325163dca9af430fa5d8d651b827b9689e83f8838d284a897ccb3fffe3a1e2b6a44483adb1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d0bcac03f5ed59aa8c1c4037abf34b00

SHA1
c6c739927821e033f05bf9df824ffe78dd81ac07

SHA256
ac4365313a531a4b8f2a9f2605f3e68b3f0d7c15802704b46b227f7eff015639

SHA512
3ed0d7cf42bf4b291f13692b7d094f72b0c2edfd3f4058c3a7849386b467b8cad3d61367f5e83fb3653c61ac756f39a59b00f46c83bda8dccf51c4c265950f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ca63bb8c015de4a9bcb62891b33469ed

SHA1
4c7611ae2c2463009e7aa236dab712628778691e

SHA256
ffa05980bb187021b0b0c8980a62c9c59630b216fc3d8c353dc24e8b564a4828

SHA512
e8b77d38e54c691d6934edd70fb56d51967d8ef0cae9a718125520f658a85e51fa1533af022184ee22f2724ea5dbf30d2dee15879cec9ef5dcb09b09e0a8a9bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
61c8a37740492873b50eab574cb2a261

SHA1
df6947697821cf7ec2941a094449216f3a12e2f9

SHA256
12cbf6965efbc097fd753d31f5e19d2fb167f969a44b47a7d4e7e15bae420f5e

SHA512
f9de98f41d64504d4cd5537e0e7ad46faad7df4c057c21e1861a2e28c2a83e21de14b9e913f8fa5d659a4a1b95f280511add6a684e8fb2a8f0c457ef47737e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
132c31c2ded56cfeb2ff3e6454e79927

SHA1
3ee3b8e66ce6243810984a4706eea186f775347c

SHA256
dcb27624fe285ba76006d507805b25aec19cca51367de7c49de8c3f4de060308

SHA512
36d6ab45502cd24467513517b817fccf56f20d90dc1ea4602dd655559928a06f6906c50b7c6756e2aeb2ef2de243df889d0a3540e5d3e217415dfbb97e4a8551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8155d23c93b361b4647a8dd00ee1c65e

SHA1
a31fe53dc9d061f86fbd50544668f4d1768a3adc

SHA256
d5743f22b8f3990ebf884b4ab3fc9e5da728964a9e7b478c1203d42f1ce74f4a

SHA512
aaad71dbec4d36a248bb97b196fcdc3435d6243d31157e319a705f5615e9592b65ffff8bdbd44bfa83cf67d544a950b59399b452142306b77a736ef29c236762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
34f636ff520f20f4de2bf2ea0c7282ce

SHA1
ad9c436a41ae114f5eafdee00e0a9e9332712453

SHA256
f39224764700bb7fc0d269bc5b4c86b2ac20eb8b649798434395fd014779ce0f

SHA512
1db23bf7db289fcc894579742de28240cf23b957e12da670ea81f1f018b79338bb848a514272bcacba08bd0fe55718de99138ef3fa8b2af2b14c63310559566f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f77c7edc84ea518879a7e75e791e7637

SHA1
59d9a222d61cda7e511656059be1f21b71c743c8

SHA256
65efdf68121504840f10249da489f599f61f21a6d9beee0cc49849c904d8e9c3

SHA512
dcf687587cd112d4256d184f98a0524d7f8b2fe1af40925695afa1f9674e2537ef6bbab6aac22819b8547852adbc52cc3c1051c888f32f292a0aeb4ab82c0a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c51955a74283c7cb9eb687419e794be

SHA1
4a999ec401fd51b19e1a7c100cf56bfa7e0dc87e

SHA256
a39c012b0dd30db0f08212520a0a9699fa02bda4d6ea81667815f44d34c0e72f

SHA512
698169e1abb767e1c78827a11a78291f6a4563d68781e13328687a0fecb1ab7d9152ba39f3c3487f55b4478e6f8e182a957f64a418ef62a60cbea4b65fb045df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e42c272105761dde1364ced2081a62bd

SHA1
6c913be67971515012a9013bb2c7b68932e93e19

SHA256
33b84a28922b664db4ea79cb84bf91cb0f7ac581e8a3487156cbd6892008641d

SHA512
2dab91e05b5f956e19ab15ed73764b71cae440543df2a5df5579bc4cbaae3eab93a0f08b568863aa1a8fc0b90bab091fca1f552e38c02f2874b85c8326134e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d116.TMP

Filesize
1KB

MD5
73cd407ab5c9cc04e95ef5bb8996fc5d

SHA1
235f0f74ff1d1e34de8f7535e8710471f120c67b

SHA256
e67cf35769b9af8565137f9f82305bc6f576beae4f146a31d230fabf7ef4aac8

SHA512
19030bf93d10e7ddc6210d77e2fa48361aae46052042860f932000656f4eac1958d274f62fb2c997d459d0591a6a2ad1106e8f0fc86636f81d156f00ad7d8ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f11c7e06551597a71e1334d9c9c9d710

SHA1
de653c2a76f71e2afe2c57a998f406e206fb7235

SHA256
a271d82963c32880914eea0dcf3afcff3b32fb88ea20946a09706c29b7ba31cd

SHA512
5aa0382574237ee6f0e4b5dbdf07fdfeabe5831bc4df536990c2daeb0c7e67128ac25ce6c5aafa2a9396ac1896a7ff5775628f48abd0c85876ea9fd1a7b22ed3

Download Submit