hxxps://drive[.]google[.]com/drive/folders/1xBVeQRTC3KdaTAulU-7-KJ1CXfKzYuI9?usp=sharing

Analysis

max time kernel
900s
max time network
421s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1xBVeQRTC3KdaTAulU-7-KJ1CXfKzYuI9?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
145	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
5008	msedge.exe
5008	msedge.exe
1420	identity_helper.exe
1420	identity_helper.exe
3896	msedge.exe
3896	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 4760	5008	msedge.exe	85
PID 5008 wrote to memory of 4760	5008	msedge.exe	85
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 1324	5008	msedge.exe	86
PID 5008 wrote to memory of 3488	5008	msedge.exe	87
PID 5008 wrote to memory of 3488	5008	msedge.exe	87
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88
PID 5008 wrote to memory of 2896	5008	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1xBVeQRTC3KdaTAulU-7-KJ1CXfKzYuI9?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa14a546f8,0x7ffa14a54708,0x7ffa14a54718
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14371151965309936758,2892454851313831260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c27947a8220498f4d6de3d0a4cb110d6

SHA1
7e185c7a763691fc086c63a455dc7d2ec2e14e41

SHA256
195d40b6ba29f976783b39cceda9cecbb4d03915d5aa498dba8e1f1397b60109

SHA512
65b6fe5ee90e98cf930648ee2f690edfc15a903b916cef5c8f3826b28549807fe0dd9f10ca20c79f53f1b2d83a843eb9a884183edd8e3b6a5c4894de4b297030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
48ca985a005dee5006a95c7c0ff8431b

SHA1
7aed8cd51e5b05d39c3da2adf98610e1a4d55cce

SHA256
6ae6df6ee00e223d2f3c12459b41c50073a493a12b800c58263495266dac7842

SHA512
a0d1c21554f9513aa48f963900abce2faf9c499cd97ae4a29a33d3cbce387d8ab9feae6a4111aa2d33ce97783a4112c7cbf62f5d9f4e182bc007ed85b7a4c95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0847233784154a9dc6ebf8add1a6d0ad

SHA1
c432e3a3a371cb2fdd77982debef69c2d291beaa

SHA256
60b167e842c37a8f3ed305c6c548312699e514075f820c170d187a00ad2fe99e

SHA512
bc3e5380a68d37483cbd81eedc7c000d9589b90927d3204bc6c8cced85ee694177ca86f4a4616adecb672e54a94cf5a21239f0d5bcfc92941f14961379046b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d4d568577e6b800f55ab210b53b60aae

SHA1
bac062f9dcbdab2b764b6dcbb3cebbdb8e3e1906

SHA256
7a6f9ab47125a2105cf35b383e55f168373fb403e9d3275079b2c5a28236ffec

SHA512
65670a7a4588772e6ff293c2b64d1c635da3b76cad18b985ce59ea97294e109f19765f2478c38309505018e11c946585050b5a25d266db88dbb3eb6da326c762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
86f0a05c0d5fd9233d5c1ef914c722fb

SHA1
528889b9db94ec4402197ba7121f7081bc39d9e7

SHA256
38142b7d59d448566acd98d30009a0d3d0988f3e1ae8443036f5821e6537f7be

SHA512
6997f70400de842c0a5eec34dc256c6ce14bc2e4ff48a6e1f7527098254b8e9d1414483101660cd8d1aabaf6dbe33ae025710d7122ad9e0e105d44628a3fa298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dd03314ff72a02c3be9408603e7db880

SHA1
0e1ea2ccc08cfac6cb7efbe738796c7439f566a8

SHA256
c327384483537bb3a3d052956af09063493d3b5c24ba17ed6abacda119819042

SHA512
0549ca54d44ba2b81f5d87ef875a12dc8994a69590a1062ed3a5219bd9f9c0fe27858785bf515bb2cbb041485dc8e9de53f1ce1f8149bf30e881a28ccb763662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
66cfb0d822576aee3a5277033c2f2a92

SHA1
748b1380b334b091068c391d85b089e70a98e688

SHA256
7dfbafb3a0488b2cb50e6fa6b3865c04753b961c47769ca4dbaf8eb7f584f50c

SHA512
3d8f6abc5ce6244082c05097625ec3e97b164422dbf684473ac1d7c95347f483bee72b9a690652514ffc2085a2873fb1fd51ced90fed7d3234f136e3bb02c09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
80d14f7f41e63a67a529015a20300057

SHA1
dc2937484c4d9232f2d88ff93cdc9f68cd6bcf9c

SHA256
7637cd78c435c70d34212a3a01a02e990a844ee0ce82664992c614ad16ce8a5c

SHA512
c0473d60134ea0fe3cb0434accb83eae666b2554d50f2207d49a9e660c1308d9f7941bfd88047c4b68e2942cc703a40c86e975e036ffc94483ae278c73ca1770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
526ea9974a46e00431fd5a2e5af87ad9

SHA1
36eb7ae31cd22f5621ac23f96f96d874579456df

SHA256
1d9c3e7d7562d8ac8d8eb223fd09889e13e6a5f32f4145ac6e81adca78efc7a2

SHA512
03a2767f0a8ec761ee6f17d21572ad679b5828ae4c6104d5296b4fdb3d44b265d702ef24c24b129c16cdbe717b814ad6e3628d43b9ce63a1d5d32c02d3157d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c436881bf402653e215e8c67ce744d90

SHA1
d368c2ea98d64f372d63138383eb30a94e8432ff

SHA256
73ed742c9d67ec16d2fc58e0fa6be8c545a81724e02fdb353163b85a0461d13c

SHA512
49878eb320839ea786cd6ee5d3b6e523728ec9ff7d0a1c5a7971fbeeb6476824b28c0c60fc7a0feb08d595dee8433527ca07a415d1d8d48917c8e13c37a5484a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1c3437b5fc6dda66aba51fa42ac1224

SHA1
3c679e93c95e3f5bf53e42cdcab0ff94eae60e20

SHA256
4a7988244aa0f83a3d7e45fc4851453311949a29334d64f0a4c033a7059d1a26

SHA512
31e8d1c14743d39c7ae89b561d266a3ece509a843f76c25f6f10687c47b1ea5a7ab4705d1d4fde915fb3aee45e7b14990966e0dd89f30dec9c5adbeb076ef025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
847be0a48f542f9d7a49f6481304bba6

SHA1
dc4282702514e17a198249de3d0ef545eae22bae

SHA256
be95121324ee90d94c6ddcf56da6e0dddc3c16a5f49c1d6663a6f9163ffba477

SHA512
755cc21569402f2e3c6b3b6f2f336898d3f26e917f778607fc3ff3a33a780ade1ac95562139989476fee9c8840ca3d7e3c5ad2f0e3a4dc4daef75d41f5f8c870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c74776eecb6e8924e1dac6ea1c20a438

SHA1
aa2fd9db3b05d112f21ed769b61d190258f8ba72

SHA256
b3b3441d22fc627c303f7bbb183143d6deab50986be2c82bcdf947b7134e3914

SHA512
0ee09c93b4a330587c4b60dd62b80fdd060b444a9ce28221cb501b803b7915a3404e8690879b34db44fe773d503932aee8a4823c8e5fdd0f143ea1e7636dc09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0474bf469057541b4458122673822f7b

SHA1
0dfc11cfd6a8a2f04c95871331f0a86360bce0c7

SHA256
3daedeb2f0e873d53a0cc6d3cf4c3388d518eeb2dc20c7cbef2b4dce824dd3b3

SHA512
abdac5b0bea4a41f009cef03047c378fc14658306792283a172895f1e5f2ca70ef91e7c745b4abc91bbf5523f80769baf161b605bbf220e1b76fd7325e42f7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3bffc9e2c47abc648fba823a8a636cc6

SHA1
ad61aaa9f893a9ae4ccb9df9be9414623900c540

SHA256
f5ff893d56c0b5f4806d9d46e439a95a0a802343087970a7fef6d8cf162e8359

SHA512
73e0a35ab5f982c580ba5c107a977204d5fca1dc4c46b56de6f7f1fa1b52c22e097d901d660297f97b5219b59d994f76a031322b53aa948540560ecebf8ca6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b24a9114d707a702b835e5b1b6b4ecf2

SHA1
e9be0a7f0806a582ab403e29c04c062cdb20048b

SHA256
cb03603c6a4c7725ff575e6ea3368b1252d05c1aefc7746f702bb7354b23b0f6

SHA512
225bae9a388c00fb6750cc757ba8df1011df874be000db954340b2d0f84f3cfffd3c562d4f08bc00ed27503d3c684b2ad74ada2ff8171d1fb74dd7f827e89e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1a048026148aad538ae86df259dfbe3

SHA1
b3ba675fd1b474f109b62a670c4e893a3bed4bad

SHA256
cc8293e03f0da7b80ee94bc9b1bfdf922c91e6d749bcff6f164219b60bd009d3

SHA512
a62cb060b6d9ba8ed8bf676434f05edd9c0fd6dd7008ea5e5d2c87cd6ae9b7e7fcb1a48c93e351e386b92cdc1040fcf01a335309fdedd096a22cca7fe60867de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a097cb28d682160966a5b78128197cbc

SHA1
01b781834feb29c0323032a19d68c85afb137bbf

SHA256
0513b91fe15a8b6135272e53ae0794907f2f5c8e5222535e8ad514bfb75a3080

SHA512
33be7b664118c50a14e4af05b1bbab25ee8dba7db96037b74b2618d5e4153ca9813e64f11a7be3bfe8673a15511e9494f58d85429a984516e13fb0d2e3c1177b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33c2474e4b7f5157abacc2bf164474f1

SHA1
6254dde1099f5120b66384f161cba4ec7d2867c8

SHA256
49b35bea1d102dcd1349ce47e0b52e98fb55e42e170d6370bbcae611ef78053d

SHA512
332ad01400e8e1b8b707ff42272e75cada9ec546fa9ba785cd7f2c7d3dd9d7ba4a166ac070beedd686c7f644d3ebf3e337f70a8fc476a2f2cc0f12cf5de8aef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585ed4.TMP

Filesize
1KB

MD5
bb7793f9f14c002fcc485ac2881f1f02

SHA1
cafdba34f20fdd832326be291eb6a92dfc11c3de

SHA256
93a49132601b66f7d5c0456cbab4a92cccb965ae0e0374ea18a4bda0c24aebad

SHA512
2ceb9c9c585cd23594a6715adce90295a947818142e2b0e6d27a5ce2018cbeb76a692a1f0dd9e00e60ec873ddfb44962b473dcbd9b9bf31c0a7edde1758a6b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
58663e21e2dc350d34ff89b83daece89

SHA1
fe06cadfe8bfe95f27b0cffa19904b78134a2a3b

SHA256
b70bad8042443e2e04636718614e926789ada9fdcd28aa5995e8d51c351ceb93

SHA512
b6ea59b00e8e17b5e7f4c0803c627aa5ef1b74a1c5248945d5327944600c21ee3120e885a2376adb0600079edc218b99c03b50c0d2f1113ab5be7bba484e7c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c059116d519d96531878736523a65431

SHA1
1da13e854f16b15fd59f4c14fd372ae521eb1d05

SHA256
ad02ed1a2a89b7091edf958392cad96126d23c9068ace97a5db7088e27bef258

SHA512
cdb124eb4ca40a2a90f20e5638f7a48265b1de9eed71015a0eb91f7b9b509ed3eeec5cbf69c09eee486dd02c6c63b610408e0e22a5eea807560e4962054d21f2

Download Submit