hxxps://drive[.]google[.]com/drive/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx

Analysis

max time kernel
1728s
max time network
1730s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27/08/2024, 08:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
4964	msedge.exe
4964	msedge.exe
452	identity_helper.exe
452	identity_helper.exe
2756	msedge.exe
2756	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 3352	4964	msedge.exe	81
PID 4964 wrote to memory of 3352	4964	msedge.exe	81
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 3824	4964	msedge.exe	83
PID 4964 wrote to memory of 4432	4964	msedge.exe	84
PID 4964 wrote to memory of 4432	4964	msedge.exe	84
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85
PID 4964 wrote to memory of 4764	4964	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9faf33cb8,0x7ff9faf33cc8,0x7ff9faf33cd8
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17618430276463068995,1853132079364355028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2c9695f8ea5943d1b9bef3b748125656

SHA1
8228cc9247a73b02a1e549305373026582cca32e

SHA256
23e23222e29d807c23e60cc75dcc315197c3f39fd620f418d6f43bb8f2a42105

SHA512
9c1df32edb94333f2fdcf55c2df51a30402c94091c50f04affbc50ae214906a2b42e30df6bdcc0c78eff607bac8ca5e4152cc0432ba5924af5252462e5c436ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
10f22308177c06dd3dc6338d7439498c

SHA1
7f4e14dcfcfbe0b08185726c7103867e6a816fbf

SHA256
02be7badff445e825039e7be98da85ad43e6f8b6f8767915d4b00c3e5c51671e

SHA512
f7b6b31a91bfed3a2c5303cb0ed3b5e5345754def0d804bc6fa657d9f3a55c6a0f35c82bcfc10b289219cb1b6a2293d98919a927cf5b40d7eee73c1d35266a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
29133bb6767c97a7e04c2a122fd5de89

SHA1
1d4879c34dbce1638d9c23c13f446f5431b9150c

SHA256
05f623dd90b2c0cb8692559687145313a0a528e375f98e2f7dd0a9eb73bc70ec

SHA512
0d4dc307795917951c37299fb15ff3ee22af502479d84610d30a99b9dcd155626ea9aedea1372eb9fa7c2d704beb1fab6b82ae9a3794786a1c599eae5c90245c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6114e4e89521c806a3d26271a50c0f1e

SHA1
8538d0a25f461aceea6f9f6827960babffa6ee80

SHA256
da9a4892909cc926f8b11c5a2fd3dd734c33b3014a99d967d872b8972b223c10

SHA512
3e2cad2ead63843f18d475bfa184cf5a0fa0b751a30bb930381db9fd1c810b3988485ee6db3658b6d307a33fe674aeb5ecc0b7ddae1ff7407eb45c791f652402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d52bac8f9379baf11cf23b901b5c59cf

SHA1
2298ec60703aef8d41d7c9bbb8cd53f7f602ce3a

SHA256
d1eedcdb4e55aaaa3abec7799a496edef56648a0448f9fdfacf00266988be6c4

SHA512
3d9d6fd0075f275c254cf16991dbff73858d737145c5dbce6be44cda004c51971fa791b90d5a5139c38605f90b2b2ebeac57767bfc1355c7553e4d5f6a30caac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
82e4c43e5170d7f169dec713fc63573f

SHA1
07f7cf72ab33e965d0e9ee7d726a3f25defffc3e

SHA256
5f4a02bb7f5933d18f8d80f56f31935f6ac9b9e96828e5eb92c6501efcf46a0f

SHA512
44e72edbf3af872da7171e8e875fca015360ba16f293168152758feb910bf4740fe8520fc616d182688ac6ae918ea2e4128024782d6d2a5042d0d2809917f9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
400404a09d038e881da2bb508c36bfef

SHA1
a6dd04c2dd78e1de9bc88114ea9b657ef23192ec

SHA256
9d919649b263c1363a6af99afa7327d8e980f21a0638237b6d1ad929fbc9ec30

SHA512
7d8170ad4b0840d792e6604f3e239ee1fcd67293b71ecdaebe758f637ae056a583ad05bd6807727c083333a3611cca53115676a83adabf3c24ba6b3ed635ee3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6f6992ecef0a6640cbb82ce6b672abc1

SHA1
63676a31a1f13d0969f00b39e3d4ed0d5cd77182

SHA256
434de16985177022f1ecc5700a0903c4e798f2734e111db56009255bd6669feb

SHA512
f0f2e20ff6434cd370828fe0e3d07fff0bfcfbb2c70cf3df99f9b61d0287379c77f74915c8da6e6a968d8c0e768f4dbd585d4898af8de92733b5aa5ad8bd19f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ac8aded561cba3a3ae3294b829e37434

SHA1
5baab7b3c681b3e5f72c20a69dd628d99c6305b3

SHA256
87d9d6d2ddb9826747104ae164237a2279cede88f4aaad671718ebd12a166884

SHA512
f3d593f3b9f07fe370a95ce5d23a0e6ca05fbac190bfcb7c463d93819a7dab6697b0b7ca2fc84337b5e92b9f4b3638a4646007a824da8f5f72f7d288485f982c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b3dd6930116ee4f3eef2e3422b0db8ee

SHA1
c3ba1f923a55ea2b5482692361ae4254d13ff788

SHA256
72ffad493e73c5690c72024500ecec6ea8e63c8821305ae41d87b23604e92a17

SHA512
6effc66ff7a9e7a0367755465e88572b962c6da20937103952f8e7442b1b0433e743566eb58b61f9fcab264b4a2697ced2aeddeb1dbffcaf81460367031a603a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4963eaeb50805098864dfed92d4c79f1

SHA1
fd29c8502fd1d0c397c6ff7a21f8cc6d43c57ad4

SHA256
2227667af1c964f0fd135eb3cc83605b0708152fbd99fbe3058f7ab5433d9b9f

SHA512
7987b214806833adbe6a6c0944bf7ed312f76818806e3b06e642865069c75342c50840ae60bcca07c90802c4aa57fcfb9322bd2dc4f467c3e3ebe3f83f71d9b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
da31830d55191e9f6110e26cd845f352

SHA1
aa294b5e927bea29918995b7aabca9a1cbff46aa

SHA256
eae2dc3ddb4037bb8a057849d900650fa767c0d0a38423fa90a1fbe4acf8535e

SHA512
271f85f67e361ac4d35fa1819fd0333a82209c5735b55f57b83416c6a1f0bc840c1c78a8805fb18101683da6e326697655955f397e80be7dce1db2bab7a8319e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3364e62f3956a34fcd70bbd07d1e7896

SHA1
5d40af2aa6762368421418b5cebb33fc6217434e

SHA256
de0e930f85c72ada2b58d6bfd4cb52399130215230ffb8ec5cd82cc0e3bd373c

SHA512
aaaaa28fd8b2cf9b3a529c610a9a09aa151f08eec38fc2d79efde51bdadacef5aaee6d39ef3aa35fca041eeba8435b4bd8a0e0d81d806f5614976e8c3d221579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8645653cf1c4d33ad974a44324d3fa21

SHA1
7b388999c1185aace1cbd2277af773bc3fef9d4e

SHA256
8315548dd30afb800d254c85330711a107733b6c5b3f0a63e1e5125413af8ccd

SHA512
415d52da11b2bc4a24ed457eb55cd96b7e9e24cf1d296d163317f9a3084a51ef79b73a1b80cb667dd6fdeb643a42a983410e2b2276903565dab733c31e00423a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6e7b9219bb0fec5d34b90cf7dbe66e94

SHA1
54e4cb0c6611169a9d8f71e507638f49fe3b5fb7

SHA256
5e0649df496bf9fd88a0cb888ba8ae2541db694dfa335c4247d31ccfebc9b1e5

SHA512
82fe0b9660525e24dd1787d14c01d2a4dc89f07d4b898c5402d6e964402a4035c642fd16eeefa07f790cd921a61dec35d8baac60e5b2e93b14709d9b36ab4b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1456f2efab7247a239a6226f430d9ede

SHA1
c3ca9d2e8dcd001a3b3f122ce0d6b5d5b83e0e64

SHA256
bd97598d6c58aa427f16c1e777a1ac748757dbefab1b97415b560af3fe2becb2

SHA512
287c5ebdabb1e06e49f6fc3b71b22760b4c6dd6a5493fb7ecf39500e35b62ca7ba7ee427a76d7aa07a15543088e1b73d01b6df1ba0f0382cf137b617eca3d9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1ab6069bececd584a50315985a72139

SHA1
7cd0de5446773e2e95fbb9ea06d204fdd2668878

SHA256
45b8dd3cb00309b378941795adcd5aa9fc74cfae4d4ef717d5d839b4768e8096

SHA512
4c4ddf825edbc0106806f7705b73bdc41cc89da22174742d85f5e3d602607556b8d7149e96bf827ede9399b6444335925a7c359e26e60a56a8880a684c3c4171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3668b11348130d887e4bdd308b9f8c42

SHA1
7663910cb3771afdba166215fa2fd4dd8a6ca303

SHA256
74d791c10e0070d64cfae8a47e4d9cb1dac266ef1d8e566462e954e82a9aa627

SHA512
6207c2ea355ffac1b6fd20cc18314bdf5716bd0a40fb59c3d02af1284a81beb7a00477755b5d042340e9b98a5a92f6ce59037192af843ff8aacc97e25eeee093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8c9a2b544a01575e35d73f91b993dcb9

SHA1
34f77fab39734fb9d752e24c084bff84179205bc

SHA256
768657405d8f6887eec351f9e31345b877c465533b3a5b5a649d8c22d0a5d1a1

SHA512
96ab561cd56955461345fedd1e226fac0daf711236a0ce53558746d01106b1b64459c478d7a3ae7020c6a5c903651807d31720f0618a82dd7cf0a008149a99a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec48a620d7d4cfd096b365ecf1940b33

SHA1
15e32086e28a47b240c9774a005cda1723cec02f

SHA256
87b5446c2895e21a4e5fae6176cb18d64952ae8f3acb7d5922511b4fe19952ff

SHA512
f425fc9f12d0b505bcbea2bb8288ac8e13034e4c2eceedb9c7b0b50d30e49940957ffdef6d481c08f63857a8bc0bb7eea54f56f21889eafb15c7587f122e5a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7454ecdc98e30912f184c98cc5b3683a

SHA1
7eb779078bd6c19feb8bbec4c42b626f4730d18d

SHA256
91ecc2f4d41ead3d402844d0d424526230c37c2b9d8ae3897a766dcaa01b7ccf

SHA512
4e6a651fdad187414814db91002fde082e8a38502c50d5d966efa284f34c3d86662560d8498c3f2fba6d6b7da84faafa3c5f0e6105487a15df5c9b1689b5bc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
511053b72ed82aa7436aa57811bf1ddb

SHA1
b7dfb18792353c65e9074fa618755ff515929fb0

SHA256
00564f63d032c778fb66d040c33ee6c7d955b3dd03a90870c1c3d1af50266087

SHA512
27d4a58ba6f3b997a6ad34f3040d2e125d0bb25b96e2cd75e4d86e93ad317793b5cd52d42809aca8293b939b96cfeeed13db89b34be0cfc237bc50453515eb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a1e8.TMP

Filesize
1KB

MD5
f324a08396175a12a60e0bde806b9b81

SHA1
2a365902f603c068e8530d88049e4b599627675a

SHA256
81d0d09ae933265aa8db37448f89583e054e2c7de4e1fefa5995651956a6c8d0

SHA512
d1a6cb906eeac4c69d6688f40c1dbe1d1f6c4d42954453ef27bd0db5281280d521b38e1b84435cd7dd661abfaf245b4ff3a8f06caa88c147139e223ce49df2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d21923f25e0e816ebc7a08e4ea50c25

SHA1
9daf9840652556ab8fe659d5698f89f4fd4addce

SHA256
2621685010621dc2bdd461c77c3f791bb3c2e2f4d0cb29bda660db380c241d16

SHA512
54b2c21d4f26d84a0d6e80f8c3eac5f1aaff38f9298a563785b1eb2a565ff01cca2fa6406732ced1b374216c77d629df0301652af6a48c3fcb2d6d5751837ba5

Download Submit