hxxps://drive[.]google[.]com/drive/folders/18R5y7hMsFGFlqDnkCBBbApmFScYEFtw1?usp=drive_link

Analysis

max time kernel
135s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/18R5y7hMsFGFlqDnkCBBbApmFScYEFtw1?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
3040	msedge.exe
3040	msedge.exe
5088	identity_helper.exe
5088	identity_helper.exe
5092	msedge.exe
5092	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 4300	3040	msedge.exe	84
PID 3040 wrote to memory of 4300	3040	msedge.exe	84
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 2384	3040	msedge.exe	85
PID 3040 wrote to memory of 4916	3040	msedge.exe	86
PID 3040 wrote to memory of 4916	3040	msedge.exe	86
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87
PID 3040 wrote to memory of 3764	3040	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/18R5y7hMsFGFlqDnkCBBbApmFScYEFtw1?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffab34b46f8,0x7ffab34b4708,0x7ffab34b4718
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,6715301246100355939,18361595003287918112,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bc2aec0b802cc15d8750d5b79974e490

SHA1
a63b788b8a901e47ab97c5352d02c38175e97ffe

SHA256
ade0e88921bb5445a4b81a1534287d5d59bc58fa988a74c6596c642f58c0f878

SHA512
61f7a64b56c0f41747bd321b58a28e2eb884273fba86907ffa333150806c4bb67fa731f8276f927480ae441d6aae56f7c5a14709dad7ca6b6436603b733cd12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
be1c4b08c3471d7392a160d1e191a13a

SHA1
fed99c2f204bcdd829bced99cc9ecafdf20b9941

SHA256
0316723d0aa0c94f1722f2919dfa6a9577f114dbe1faf122b521710f6c53cb6e

SHA512
628b0170b1c35b8ea008749969d1c1770d5d7dd69e73c626f72c0fa833fec6f4dbf39f925595488f000798b970418d38fb5952f6af68578ca50de7437726a043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eeab64e416e22e9e6b023112bdbc1d1e

SHA1
afcee4e327ed6b253b3211bfbe90b225a3aa835b

SHA256
05416a10106350af34d803c3bd74fd4469f07da77df1dd08e1b220a051333d34

SHA512
99dc72c265a4950c7055c268cfcf09e6201da5feebe3fc34b206be8503261790beb48b60ea4f2e4929035ed33703e7785d9ddbf3c788bc68131ea2511a5554b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b93484a4f0153a1bd1639ecbcbc7e327

SHA1
8c5ccbf9031817684f837951eb3b203a8b6a7a2e

SHA256
b9d18a58f38a47c9e5cad78ed6ac9a4109c263f5855af556de9eefd60b36069e

SHA512
9991d0430a94e5fde8a3034b41bc61c0d2e82e3e0fb738a8682340b1b0897a3cd2deb24ad7363ab45dd9a4285cca0dd65ad7746aeb4aefbe0c730f134153bfdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c810d1512ae7301c9a7bcb90bbd14d06

SHA1
2b245f193154c0103664dcbf9da142f04df60f64

SHA256
47f6e10c5be8fddc1099fdcbd3c625d3fea9cdede522cdde58c3517d39aeb104

SHA512
ddf0be152c1e8bcc6b025776ce24daaf36722f35d3b77939a1d25d83ee2d4254628087442a8ce95d3d216d9f45304a6a7f99f52ea9e25febc60f544c5ea2c813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4853a7932893db3cdd032dd9c2a96f21

SHA1
c59ab2af48a08a4284bfbf58efd1688bb563474d

SHA256
84034efd96f93ef3f254e13cbda787b76fe38cce410968d66787a60eaab07c89

SHA512
96c18f0530c4f6d4ff1a71078036d8562514ca7d46d17bbb9349b64e9768f87fba37dcd1ab69d846fd6d9a84cae65f83dc25ba947fe03e14c0a0a9d38fa8299e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31bea2a7a8c420da50b068d07ae33df6

SHA1
7730690d32758a66a74891632f8e76de0e425c59

SHA256
cc2c35129b2a24fc72703793ab39ce97d334b81a4426b13f6f2283b72d4292dd

SHA512
402d1906ba8f59a5e396230bddc643496859f8a41160e87e880c76409da516390c9e95e101a4fc8e070ec7deb6de49703b490a6290ed837c1f1f40c0c3cabf2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f365e325d05e876e0f9707371389959

SHA1
10c6e09bb624e4193665b81f237e48751542c639

SHA256
8d4a6c9d15bd1d519c91bdeef7d2daacd0132911bc0a801c182e42456f6da832

SHA512
10989a14ddd13e2c77a2397e4bb34b13b06bbf38df1fd7dde6c901afed4705adcbc302a03452783a2245230fffd1b615076c8772c68527f1cde4a047c815c918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8317726a65a91e6ea44927b1f572caae

SHA1
8cc9a01bb358bcb00c8e2aee6025fb5a5d2a7623

SHA256
26674f4a670eebd8e92172aad77a8600e5e3493425cf7fa87637e7b9b06ecc8d

SHA512
31252ad3a4d087e8b049b55e157dc7c67c506ebaf7369998c822c0ba38408ef2b8cd16cd4dd252af264fa2e610f12fe74be7ab740c77de8585fb84ee4b2ab475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be8a202d539433ffc44e9cb014a2f2dd

SHA1
383a11de549eed7b6a9432705eedbde6bf213ca0

SHA256
fd695f5eeeb75baa8b9eb29ed220532962266de02b8d5c12f955b5e68456cc46

SHA512
8b3544a5b9e05e2917c44207e36f285153086f936970bef7f3cce0a861b68aacaa759c2fbe45e2bd9882d0f917b7b3207381fb078fb1e2814638132ff35c221a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe015d41bd167eccf448d5ba1ffd9e17

SHA1
06bb3e4d037adec46c402508ac83d57884d2557d

SHA256
f8a041764721e38ddef7cff0d0c25646d54cc3a2643922e325fb5a21cec82649

SHA512
981e7681fadb2501cc6bdbc622150d4892cc30ea50815eaf50950adae217b87960c40b8352eaa2afec7f5b26334445a41e6d0dcb09017721d12e44aa3cd19e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d5e3851671ea1711a7185d9c3abaae05

SHA1
c4e13bf9987a41f601228aa5bf0ec0ce08d7f07d

SHA256
a84e90ee93715846deaf21d80921946ee46c990246be672fc59be38fc395a8ed

SHA512
2fca6f8c06b050c80e998d6fc75514e78d55d50dc5ade54ad7688e9715a621be5e42fcc2661801e32a7c5d87f338444f881b41e4ddc70fa36fb5251267b1a199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ac6078f0215ccd32caacf2abd38b66d

SHA1
cd8a59dfc16fc09d56d50f82dd93e0b8fd023c81

SHA256
894da1c845887fcdb433609bcdc858ed86e4d81eaa94a6b057cc9e1e7b60aef3

SHA512
8ea3952bfc6629a8512d7aaff03d10830a16b545d49cc628f1057793dd4fc76ab706593b8970c6cd2b459a71970b8797f788f61dbcb055cef34950ed22d2c86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e566e6df7a73ffc2202dad4e3e076bdf

SHA1
e94b6b522f1c06bf995e22e2c00a51107d410f8a

SHA256
8032e41451b90bff3bf1e9158d01a8bf9ace87869ebdcedeab764a5512c6802f

SHA512
2c819adadd5a0a26a4d337e395fde738670f80f72ce6e348ad14d7572c5c63daa17bd36bca598b499b523615044ebd18597b3db2ab53439287b187582f927c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c1b62d0ad274ea28ef4e20a67dfd1cd1

SHA1
186dcda9501e4906678597458f8972116f3492c1

SHA256
2a542bc009632e3855fe689728281641b7a5242e64dcf0ac652aa20e002108e7

SHA512
0ea977d456ac4d3679c830dc9053d92889e885af8ada64f5013afdd54a7833dd7073efe08800cb8bec7ff5b6ac9b996205f4a973351260feb4fcfcc8daa0d95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f4dac620d5e5e9028e48c13b5acaeac

SHA1
02ef90745180fbb43484e28da93532e25d4ccd28

SHA256
6e129c7f9e9b3a3ceb0596ebbd92a7ed82511b02c5dd5b122dd49a534bb336e0

SHA512
80a3b4635445ccf526effc1a9c997aeb6649853ddcaef5dc8c31e7a916e5316757c2175e479a70cb84444af24b701856ee7dbb29a7c0e8b8cbb5a1a695819854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0022f114e183549b39606cb57352d50c

SHA1
b44dd1b2e310ea6f07d8e7e63ba414d688a05898

SHA256
a02276a9f53cac81c3b1e089f0fed6b5d0f400095fe9b6a99be29f0d59523529

SHA512
115891eaa55563b513cebd23f7ee1f15c309a6d2a7f7327a5b839718b237fae57e32e17fa0354687795d9adb1d398cedc6ae5a9a749352ee139bee8677e755fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b005540c3ff1f614e842e48dd71f7b62

SHA1
023b242860299dc278a7e9094c72c76c26200ec1

SHA256
9f4a9e613b5a91f580ff8c8d48a9a3d45006ef3c43cb61e79af28f76afbf0f54

SHA512
9028609b1bb3a0aa7f3b54b80fc89a21fe69880774cbdc48385191ca304c56028d68e3362978eb89c17c04f58be5026df9bfca1ab1da5bafd220775238726b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4745954cec5215e7b11820e56efb307c

SHA1
1787bd01a020bf01568f64c8fd036d2c93419c46

SHA256
5f95cb74b4e2b2d66100fb81c18bb01d2aef59152810e766fa2716fb963f444b

SHA512
b6c32f79b9acfb4962d69ec54b933d8c727df0ccd7510b40f7f23ef954f80dea16e74d6fbe829b0a7cd6fff31789ca2fc21c0bff99bb06a6487952c7852d66c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c18c6046e211fca223ae328395ab2d4

SHA1
2f32c11b2278297e248abc7affa0c7de93481749

SHA256
e2ad4b0f28e0279bf564aaa7d9da426d4369afa134e515035d3d828d42966e71

SHA512
8c9f2e02910517a1b058a76e4ad817862b4ae5e2e908b3b17a7c9d5bce5848bbcc124195a4fe6ad89b0e50e2a8ac47b34ecac9e5c20f22187df838fbc3144f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ebc7.TMP

Filesize
1KB

MD5
8f24d605bae86bcfe3a8848aa4423f90

SHA1
bab7f98a0a4c19df9b90eefb8214378e3cb9544e

SHA256
e09d93e47a42f7c25d4b9d2109e694286efd86ac3e8feb905aef180cf36d75a1

SHA512
c1a98e4c776d850d365170f9263d56dbac63ab215640b1b15dc181157894251b6c7fef57eabe9d760fd96daded068fb32d54523c0d1a6c611064d1e2d508e562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4601748737187e421584913c4591fa19

SHA1
cf306d3e8c9de8942f5148bc4b79f51ea1d61731

SHA256
aa617035c16ae116313e0bc957f7c609561122227424a299815b38d06c67c938

SHA512
d2edd96706451e0d56317ba7d402ae40c9798969a40ad2ceeffd4d0f705cf8b861ca69d4f94093028b0f0f156b98c358858beeda580fee75c64cb6d865ba1e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9c293a11abecf5ef958b4560241e3f8a

SHA1
5441f467182c6b2e4ae2e1408cd0f8e9b946e5c4

SHA256
63ce7811e653b8434965733f4c81e77d4f10576894236ee023ea83b2cc98fccc

SHA512
b8466bf4baa9a633e87e2016af254eddfee7d539e924f9062b8e8a10d54fed7e04350263ad9e31fb20ff1049b4088b4653c97eb80a8bd8a756aaadf1d45e402e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
67bccc9f86f69ff53a4e0bf6cfb4fd96

SHA1
4d54450e7df5519a5492dde42ed582bf4bb050c7

SHA256
e711137cd8bb9eee85956778192c14620f0c6c2176d7ef600b300716978cf2f2

SHA512
dc3399851612fd1cface8f21a1501b0c650e0d7be6608248048c8e1dc491c4ea546d6b129006dcdcef66a5680c03b95aefb52f683d9ee81e37e30172b175422b

Download Submit