hxxps://drive[.]google[.]com/drive/u/0/mobile/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx

Analysis

max time kernel
1728s
max time network
1730s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2024 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/u/0/mobile/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
17	drive.google.com
18	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4552	msedge.exe
4552	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 2784	4552	msedge.exe	85
PID 4552 wrote to memory of 2784	4552	msedge.exe	85
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4172	4552	msedge.exe	86
PID 4552 wrote to memory of 4936	4552	msedge.exe	87
PID 4552 wrote to memory of 4936	4552	msedge.exe	87
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88
PID 4552 wrote to memory of 3172	4552	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/u/0/mobile/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa67b646f8,0x7ffa67b64708,0x7ffa67b64718
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,8650407694954462077,14922975439185275906,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4b2ee18c4ed86d009e7d178995d93a1b

SHA1
d257ff2518d18c56944bf25b2dd63ca35f96a7ea

SHA256
03207af911a3f0d2b0e3100f0d64030ad9f0c6dbfbaf8eaedc797604f4128a0f

SHA512
efcdeb6024cfe564c35f2629754948f34d0e422856ba854525dca43a7c46f8eccc59c9de7fc829a67a17f7c3722c6015f6b226890ead9e257c722834723209a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
1c5160a690dae481dddd13aac059c8a1

SHA1
e632affd3b46ac1b78948b9c0b9f79f706320716

SHA256
a3dcb32574d76332e516029db03cc3203243b8083b604c8fe458150a39d41c95

SHA512
dd948a9f52708a3f254364765980d5c2a107644b89f4004c2b8da4489b67140eed53a99bd65b45deb4e9f823bae9caa6433e060280604ebdc020b5e193530fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ced967fdcfb72809564bf972cac8edfd

SHA1
3b29fc024e6d1d4129c9869cb52d0c24f6ace442

SHA256
c9be39b5dfb6a5144d5618f8d02a4e34a525092959b6f1fad9589ec3bec893e0

SHA512
ad77d1a65e8752b457449b9338373f91784f9e67c2cb4c856a7d19b6a09a1241650920b425af8798d3ecb53480ca91d1a4bb85dcc8615e36c1e911871aa1d55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
159ebe7fb08322dd22a9753c80cfd0b2

SHA1
3d1a0a826ba19299f8f61e60101a0a2bc96b7ee5

SHA256
9ec135b548d3b64e47e434deb84a4cd22b3c7fb8b93eee1f64f3ac957ca8e00a

SHA512
c0ac76593c9b1d6424858975f21560af37ee7ed6c841cccc65477cff2c4e5c3a4108394e1080156580695707fd0da2615570e5a6ae26cc50e8a0f277ab971e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f6d19ab80e871f16a21fe92f879808fa

SHA1
218bc18b08f4386bcb9d97e30fe7bb49c6e1aff9

SHA256
a6f6b2cf120406bf24597f865866ada004dcaa4091bf1fc8f095c6c69f13ab6d

SHA512
ecacc5624e9e49f6be11d50d0032bb6f5f2c039aa972247fe684ebc74f94a1bdbb8cef729a8406b3b6a085832c68ef85315b99cabd40e1164fee33d320ea27be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3a9bcf7eede5e686f36e1759c870d8bf

SHA1
bb3fed855b9612166f30df3d7ba7ef5f5e3313bf

SHA256
0942ab66d495afd3b885a18d4ea623157b7f8c3fe55bd6e428bbf9a8311a4e64

SHA512
bf2e98fe53cb48c1e3cc57c47d3f9c3db7380299f5434c90fa969be5b3d7a0088e32056dd6d67b61283c772d2a3e3f9df6c0e037f9662d42d795f8e8d49eaa69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eb923ce9760c97b89eeff91ff3a25f4f

SHA1
b0eab7e4cd9c254590dd9acdda977613bce87b42

SHA256
c3e43011660128d695cc12a8ca19e7af945cd4d286f270936f76504bec6a9032

SHA512
cfd8e8f9886adb9a0522fc21212004614b1bfd7cbd7254a42a48f1b2c7dd443e19c1d81a37e9ebd0cf606646e5ae865d7de7770ebe1c3aac4729168fea89cccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
33912749e3c30c0a04c7a1d8e72c0724

SHA1
a9a524e9b4419ea5f80a5ff6f22bc96d38d68201

SHA256
40ebd4975075312364b58f7d1f88c0652644e6a4b8a618176d0da0f80301b60e

SHA512
59fc683b8cc670641414dffed35b2ead805bd70a0a37594d34d1f6ce72e619bac05d2f8ff7e1f0625a1503b7c7fa053357061a4070fc63d70b03b55bf97ffc77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
963051e0a73a636d8987d3b65aaa4a17

SHA1
e5165647199f639b9643228cce74f170db1e9663

SHA256
ee1bc5f2bed050d6dfb9afa9a1ccea0d867744e8d04273383c2b92a1b6ed9cc0

SHA512
7a0cd1286a4ac4e803c00fd56d24868f51c19bc18359623132c9e2671e233018f4844f327762a0dc84cf5b22816dcf716b928a3ff8fcfdc1860a6122a8ed02d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
53f04f616d8126c8e1029c04c8cdcfd8

SHA1
efa77fbc9ac3a445d65352f08e1256b4dda50c40

SHA256
b9e5ff594a63f1cd4159558ac87d378ff1b47a5c386a37198155b35166e692a5

SHA512
1d3c50b3a6b96e2f21294ef1ae45138ea3ea215804d262d8a9d90d68c3d60049e890b596befb6d71bdbfb7bab4867a6b3c20ddfbd05b10593f15887a58f8f8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f120aaaa85698d0b114a2f3cf367bf14

SHA1
5239f8bfe16f5ab6dc71beddc9bc1a7198bfa93f

SHA256
60df845f8693ed6b506356f7332d10a6e89534729a585702e6b9c07f26b03e21

SHA512
521185d43b01ba66306b84eec3425fb19b2aafec2f80b639c86926d9f62eae421d1df70035fece25ccdd41a54f877897f9f6cc940d80f0bfb4688ae12a841ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4b9fff852e3a8e5c0f78d5a34c179c54

SHA1
81ad6f3d6d61a668b27437f8b6b6649e45944481

SHA256
f90aac8d3b841a2b2108bdfbef930a965c885aa9ad2a9c7557acaf1a86debc7a

SHA512
b76185f94ff9719562596cda58cde01792c4cfb98f73532e184c2dcbd251aec818c07fdf2dea4d6433d980624e22fdc0c527442057722998c3968a6e07340ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
20c06e87554f785827e74b8585a6c16c

SHA1
cde2abd7b8a59a17b97bd29141ebac14cf50474e

SHA256
19c70b61d2b24c086de80cd54a49d81a92a38404b91d938e2d6175c3e2dd437b

SHA512
97686ece1bdd3893fef693c56867e6dfd36a364ca9c7abf1c73a24418573f8575985020802be13720f26a809d97602f30a537aa101dfbe13b49b69fe74e370ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e330588f0c1b648475b9ebceac21bf97

SHA1
1ecaf1d89cbe636895e08d2ba2c6524786287d76

SHA256
9c2dd135060a9fab9aa4255f2dde43f4d7df486c2052fccf30cfd4894d781304

SHA512
e9dc594b45bb92be93ecda245c99a17da50f7c54f002e463afd15260f6409f5005b4c8e3ff91e8fbfa8dcb0388e3d6d363a6b764950f78a2f7f3c9f29aa4360f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
10753c7d375caf63cd3b66dc08dd8ada

SHA1
24cea8e86f3801f9b50b176f4835487da0efc0a3

SHA256
f907e07a369b396d57198fbe290f544f8f282f3d2c96ff9c907bea8bd2af5ed3

SHA512
b0ab6476d622033f2d067cbedc2841cc2558c0c4010c539cb72c35adea97e8192f030d55525b2fa0fc31ecf1a2de0e033d74424c2747a1ed2fc0ae662f040855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1f05aea29f07bf2d9dc777817f038f60

SHA1
2b782249f88a957a1a9bf1ff08af93b7e649f0fa

SHA256
91cdd4854ce2ab569c3352d78d639b11e75c215af4487387e81a3a94d7401149

SHA512
1e44b26dc809b02a61535238c1e7437afd1eb0fbdb2d959d1091d10f4f9d689af1b69e57691bdeeccc54661a0f7f96dccf8a4057781e7868c9bf01ab575662bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bdf0eab073e9e8596f2ef91605ac079b

SHA1
26c791b3dcc6a3074b5191eda9cea514d3a52313

SHA256
9a3cead22763a3deecc27ef78c0ef714bd6920eb20fbbeb82919197a79032204

SHA512
1299c894ea31a8b94c1cd8a3aa0e998d69b889c8d47dd841409356651cd97ec8d60e19e4cc75a64e90206842fcbe33dc1a7d192d23b123993a9efbe5c020c707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2722a039a9c4038515968a6222e4b155

SHA1
c6c7aa233e990e274c1ada22c2dfec8925edb42b

SHA256
4d07ac79e6935d6c7c42da7be055cb799a4711f9658fd4d14e8bc5b07ecf0279

SHA512
4d737945c2b07719a970c724ed174aaabb33e7073b865fb0e9a1b103b4ce4b885a26172bfd5565474935e186dacfc73010594f8d64be7c4eb0d9603b4c6a02c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
24a37ecac52dcea0ad10828ff427c565

SHA1
4f51f35ddd0929165a0bf2ec9be5ba3ae3204699

SHA256
4b19dc0b8e50d2fa9d542b86e7296fdfb9385524286c6c67328835e91ecfe8e6

SHA512
c43a84206ca22c51e68b471c80d9e7fda9cda54ac5d32fcf0115f0e85024dbb54216f9d3c3a337f7bb26f71c74d966df01e8f6b995ee98be4dd983f015fd637a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9743ad7e4e1175e2131d6ef73529f84

SHA1
beaf032a680993549bbaeb917b79d4c9bc4ffc56

SHA256
4989a547b3c8922ff9779288dfbd55fe2fe721317c698346f9d77937f73f6dd0

SHA512
0e79aa9040b6346a9e40b1c4fc7441b54bc2432d6b2d78de1e7cbf182f70fca24bed42ade9035af5f6b6e462b161f71f40844d0038f2d678fd9110f7f1f62c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38f7daec7a032e1f3c0dcd4594fa7e2a

SHA1
d6d475e5ea1a8be4243fb12a3a93a901444cb6ea

SHA256
6d86faff3ce788e300913a2625c5cc364b85e7719b443bb6b8caafecd56e082f

SHA512
0953eed5f61f5be9d74c241d74db97cc8a3d11c1cdbc71f5c43ff45697814cf882df709ccf5bcb87f822c6b349ab0e91eb8c45617e1471b7a01cdafb97cc80ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b895432d3f911eae3e08abe665f1de19

SHA1
f0bb4fd7767bee65f520041d7b3b16e65ea5634c

SHA256
f0ea03ac0ecf97676ad016ceca531ab16d2e5dbcd8530160746c0ddcccc12ed7

SHA512
a37aa065c6086b174d615b44078b611c3c067889153d450182dc59335bc9c70f33a483592ad422b811e3f3a480acda22cdcf29d58d1163dc95a7a8bf61c92365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f3f.TMP

Filesize
1KB

MD5
e72f77865006ea0fefc64f1a6561198b

SHA1
a649cb361cf8d782c470b28538e55521a60da791

SHA256
19a57e7ebeed457724daac1e410adb97b637f988496dd4ba8ebe86e9dd9edb89

SHA512
5edebf2bc88433c77cdd6b1e25010a6439c6b4cbdd5c354809d73f3799c1268627ba51c18628a720ab45d7ab96aaac54e9ed9bd2197098c030f4e78bc0239aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aa60300d2dfe549ccaf595c6624c9826

SHA1
ee1537a815a011415cd4b4ef9b67bf6fe7fe5944

SHA256
7040102958ad0000005f6330cd67e47bec32263b9c9597cf477e1f206115e913

SHA512
f21d505c194ade34b03b6b95d31897dcf9f5bb8391e4266f565fa389394b8d81b24be007d85688a1b11921f6b48ad3ab260cb631a113769aa731d176ec6404ab

Download Submit