hxxps://drive[.]google[.]com/drive/folders/1POlHyeWh5wjNoFQ8VC6i-8AkCeBEqwS-

Resubmissions

18-09-2024 18:10

240918-wr9blawclk 6

18-09-2024 18:07

240918-wqklvawbml 8

Analysis

max time kernel
1727s
max time network
1729s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1POlHyeWh5wjNoFQ8VC6i-8AkCeBEqwS-

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4428	msedge.exe
4428	msedge.exe
4456	identity_helper.exe
4456	identity_helper.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 4448	4428	msedge.exe	82
PID 4428 wrote to memory of 4448	4428	msedge.exe	82
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 3832	4428	msedge.exe	83
PID 4428 wrote to memory of 4380	4428	msedge.exe	84
PID 4428 wrote to memory of 4380	4428	msedge.exe	84
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85
PID 4428 wrote to memory of 116	4428	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1POlHyeWh5wjNoFQ8VC6i-8AkCeBEqwS-
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa33e46f8,0x7ffaa33e4708,0x7ffaa33e4718
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,9102072871702949563,10646590242765766781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\558c3ea6-809a-4148-96ae-c1a9e4621a6b.tmp

Filesize
2KB

MD5
e51ef1bf6661a44473ddebf4c17dac0f

SHA1
9454cd6bbada9744a898f1a63af2fd542b69a9a0

SHA256
5a7e362f16dbecb8d260d7d5c617afe31f7bbfec43707513dfe211e81eaeae1c

SHA512
15e774ab66557f08a697fd7e9db4cd6a424f00f624f1922467152af348c0581c05d0d5a6096f43fe1ab5999701349cf62beb7e4f74b85f8eb44771bd7b32e2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c2edb330ab13e25f88ae28c44ab1f869

SHA1
c60de8e457e9c37980363e5fef9fe5c50140771d

SHA256
78bdb190ac6ceef76706e20ec9b1eb96a303c3c045f0d494e826dee7b20d0574

SHA512
38ab1657049c5b3e562d162c1c12e52ee638782171755d49c5144082a0845550a7518596c73207edc45aa72e4d6577def38c81e44850c575d92110b4849930a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
1503af55e38fd9e4bcf7514fbc64cd41

SHA1
d034907c507f42a081d44d2f394677c39a9b9d6c

SHA256
1efd28c95f692eb480df39e94358d1a8d81bc1e7611363985a42d965b7407230

SHA512
78f6ef49d8e6dff1bde91fe280cd1346a610f4fac7438d32204283495b26af2f0be16f1d34bd2ce3c6720cc83edb7edbd2fbac2d1b6ef82fc36f8cf85f53db1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
49659ef90e891d92d7b028e68331e089

SHA1
4fc2c92cee16ee55b8ea342bfd6de0138de1c070

SHA256
ad26fb0b179eefe2256b4ef3cdde2f019625fba88e573b345e931b0be3bf2d55

SHA512
fab7a4b285adabfe8a46a49ef41030b131068517a895a767d28e14dc96760c02129f5d8faf36c8943c9b672c667e39202b881cb2ece47c8175c4109fb9ace881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d9386250e5e335bb346060157a2589fa

SHA1
2761ab7e9c3e9dbe6a7a9cfa8090ede1b3064e6d

SHA256
91515ab632ed80b5c40945f861e415d2e0c40aa15c39e6fca4d079d98f5ff72d

SHA512
52374b37b54bf7990585e4141cb6859df17bfdf92e86a377f075469e902cf3b98b01006b8bc90c5fa7603055d5d12aa10b4a1c2869e24d8d156e811f5d61ec3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
df980d67d76fb0045ff67f4ba48c2076

SHA1
86c9479b2456c0cb9bf0fef042654430e30024c0

SHA256
747af2f4e9949987293e56d9306b3c322ca9f777cf8f3a1dc3a89c82d135caa8

SHA512
7b136b32c611d3e8035f54a86dc99902868c0afbdf355436e97838026f311238d8529f5bff774d2d562b2de6b02de5f4522c0306476193fc8eb3bf1ea93b70d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
733a93f8a7536e398005ae1717405097

SHA1
664e7e3420bc560234583615f3ed1b9bcc7861ec

SHA256
b5cbcb2ab51bb8afa21f1e247d706c2e818bef157f3a2dd50387fe34f8ea3c96

SHA512
3cf780dffedeedcd2cb17478a26e2783364c1a94ffa0cb56d6068dbf4a63828672412983bc263cdb0a2745186e1486befdae755ab0a650b3fbca751e419ada2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
704b73c16124b1bf271e3d997028664b

SHA1
a7df12c393fa9de98a842ff6c116c220e3d9c819

SHA256
7dac37d9129a341231478b32e55b4ec62901cab5d287e1614c55a1a618122518

SHA512
3bdbbd8ee724e4d0f1709799c518d07ee175759b6569153a843747d9054c9dd175a452e03c3522a381a3b21ec868c5f3df9ebef3585592bfde206d21e5e46ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a34244970871385d8fec20b17205ceff

SHA1
9f14dc4a901350f4d93ad97d923a7c87e3b3f82f

SHA256
998d301203d9c4708eb8c95a212a8b8263534d33385d8da2296984c834707ae0

SHA512
e262227345327a477aa9415451f71249ed73312c519297f730314deb0f460482ec02f3a564c46e03eaa8b35e7a8f758af6936a45c85cb4cf000e75ee5c76702e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3b576e989d1d38815035a3c3b1998811

SHA1
e3ee7ef8df1ca9d7607f4d47dd7c021a3801df37

SHA256
bc4e62f7aa684023472754317e5783b81a01196bdd98e09969e2db252d55c7b7

SHA512
b697d7655dd8d3306e1e861e03262efaefab0db8d7cbbc2cebb87f47708069f598ce12428cf184ce6cb033debf753b8a591cd3992a3a1a773c6a9f292db37d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f583c40f6d9f72fd718e81257c0c7b76

SHA1
152f6f20fa47221928a3fc3071607f78a4cf3391

SHA256
b80e08fd8bb312bbdd41447e794dadd27b5f849d54aa556f79f37f52ab8d8a74

SHA512
272f24438317925752a82f3119168c57dbe1ee36171b3079e611413de44df3dd44e60c4c7a4649f58af6bc9a6595073cd7f1aeb53881de6120617b09f1b9c4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
db493825aecb17377f262cc9645591a1

SHA1
668562b8b0c5f928944bc1b047fe166a714b87ac

SHA256
adde8ab0daff850c619bc7a9340ed906aef83870bfc5906911ee6c87856a634a

SHA512
7f7a331d04c0cec8c082e335397b3a80d5d7468a2cfc3484fb3f632f748987cc3c73e2d3761e35eded7491221fdfab476c497684a2f416acc01e41f02b906b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8da62d2c195d1a715d246bf3601deff7

SHA1
46346a34d2bd9d5c6adb89a7f738e3d3b2e4d45d

SHA256
1ccd034118740d0c7df470fe3fbbbb0ba64ecb7f6e4625687680964a385991f4

SHA512
a0765b76d958e9ef5b8569c82de9d88a5e2e7635cd2fb61c7dc6341a6326e879e4fa3813bceed0238004299a393ecba9d2e15873a6b1c828a24c311526e39247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0d91e70e72cf195135b42cde6b8c99cb

SHA1
4ea9b580f5c36130792c45e7bdd353103bac4d74

SHA256
8cf89607363c69848fb4c7f0b04695b34cd4c0ba68761d09b8bab61e5d66569b

SHA512
2742b701a9cbac0035d66c8b41554a2d02a47ea426f7fbef4f517863e2813ce0e5eae2a0cd3af5a2285e6c10d96862c87c5a9b54a45a22278556808e62d83a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
90f122a0722362415657894645c4eb78

SHA1
b764970a5aba3972890ecfea9eb3fd99b93d085f

SHA256
5dc263e504c610a54be7d81e7dafc1fa5422ecbba830fa823a59fe51325b12ae

SHA512
68a6d94dfeac07a4ae348fae2a7b47bdbffe355e187a39086f902f7a819db22cacb38617d0a99f8ac4e5eae63e51b57f3b52390b7131e3d5d56cf058123133bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
49f6cea72c6d4f4756c99a1e9a3bfdb5

SHA1
ee636b5a37edc65819c7e2bb731fae38fe828e2a

SHA256
c0890e72289c89768d1f4760ffb99f26a7c9c0dfaeca6a29f6f7bd2ead1f2910

SHA512
f2136810499df1c474a4797b3097fee15f55a6f21fa0a8c665b89ed5c4832709dae4cfd7013af7a4b3fcf408996feacc24bf54065032ce71d4980835edafbe40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cf18340083bbc58814168508ebb83e42

SHA1
75c70a08a7a35e9930a4c6564b85aba632b4a8b3

SHA256
9e813838d1f7991dab475809a5ba8b520bd0d1b666fd8164a889bbd470723620

SHA512
89d6e07a0aa5f226d40f7c0e342e339c3f2be88eab006331c60d9ec63c694482e693a43a6933c97a4f6d1723d47383017fcdcc0d9acd0e7388f1025a6703033c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f7fe242c2b5047d0b6fb58bcb6fff26a

SHA1
17676830a65df241b79963b9d45cdf1e8aa10dc0

SHA256
81d281723b505f19112610ee668c97c0768629cab155d57ea0e5447d1aeb4b45

SHA512
f515dd1777b336855f2b12df3215c973e6446c2cd102ce0c21d8e20c7cddbfd96e2bdf101f813ba13c6d914ddc09648a4a21042cffc3fa6279c1e6e8bb237b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e869bd5cac9ba947e4b397ccd9c0e0b6

SHA1
4082e5970715bccf2b87ad77da9679ddee796902

SHA256
4f736049670da34f9ae8ce77d7601e5179c17aba85810fc18348ec1ce25976cb

SHA512
91b1ed8f3ec4231c3de674971b8307cba8d411039dc3ea0a7ab43b00b9f5ffb0721927c00e7f23711b49f65869abf4f6d99621fc0262880b26ae331d109a469a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
119022cc85bfdac4b9abba777915a532

SHA1
9e560ac80c2550f45ef345040dbde285708227df

SHA256
41a5fa1bc64189c786225027541a59ca78845f0fdd9fb3cb738cb5ee8a89bcff

SHA512
5cda20f2772bbc6d6ea1a29998450cdcedd1c8442b8245a34b302b00f49bd47c6694cc471f00440870e165ad19abd84d7af41602d8ed04955946560eddf6e52b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2dd96a2abf0ed6c16f609b8a0ac98772

SHA1
e24937b010cd292ff9c785492ec3d4576097d13e

SHA256
60e37fb595486ca7806edfd69445479e28b27cfa44da2c4dfdbd8edc64ddc27f

SHA512
6f0d3992008c950de3bd0fa4bfde9eadf409bd5ff3ba016e61a9ea1915262395a388346bfd14447c0206d8a65763df80316da56b45de61854eafa210786e7558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
377c486458cf82c23171eb7036e0cdf1

SHA1
54f7e755f137096583a0441033a1ef3cb8bb9c84

SHA256
0c994eb6f3fb540f28fd556d855e7355cac0c92e6d6ba1acc9b04096bf00fec1

SHA512
72c726d4e26528d89874c7a1a273a6b1cae7469819484897c2f1e5ef194e70538c5b963a7cad8514248054c968d212a13d22fc997fe678e7dd2028691922abf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b244.TMP

Filesize
1KB

MD5
f92c334f4e62e974ae4821c1ebb73f21

SHA1
d5976388e4a62de0fd9cd80dc1c5e5bc57895225

SHA256
04dd29a53106b449c9956a10faea2c188219577aa5ad3d2e640618d5c12ab805

SHA512
d2efbbcd09b3c9cc2b77eba46ac13bae05f121fcf61c92be3c9c7e4a67e2b1782be0eb2503528bfabfee03c7e48d17a481a76e37bd2b049a82247460ef8cec88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
329f4bc1d0114660827d773d77444a2f

SHA1
83bddde7fdd121a12c190742f26c5f550f9cf59e

SHA256
bd2c9836bd191328af88bdc5a2ce5741557b355b41bbe78320b0365d0a1818b8

SHA512
3eb932be2c0d8935bfc44c0882e896da19dc3caba7ab9e8d896e0fc2985ae531a6f5d8507b7535ab8d748730582dc7d84fd88e6584eb5b609d45d55161cef693

Download Submit