hxxps://drive[.]google[.]com/drive/folders/1NVzGGH4q1Le3efqdY71-pMTbQQc_hcn2?usp=sharing

Resubmissions

18-10-2024 19:58

241018-yp1yjsxdnq 6

08-08-2024 20:08

240808-yw17wsyerm 7

08-08-2024 20:06

240808-yvrl3ayeqj 7

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-10-2024 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1NVzGGH4q1Le3efqdY71-pMTbQQc_hcn2?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
104	msedge.exe
104	msedge.exe
2376	msedge.exe
2376	msedge.exe
3016	identity_helper.exe
3016	identity_helper.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe
104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 104 wrote to memory of 4072	104	msedge.exe	77
PID 104 wrote to memory of 4072	104	msedge.exe	77
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 4292	104	msedge.exe	78
PID 104 wrote to memory of 1404	104	msedge.exe	79
PID 104 wrote to memory of 1404	104	msedge.exe	79
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80
PID 104 wrote to memory of 4764	104	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1NVzGGH4q1Le3efqdY71-pMTbQQc_hcn2?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc3933cb8,0x7ffbc3933cc8,0x7ffbc3933cd8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,3455440366819081636,1758763883381567645,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
215KB

MD5
0e3d96124ecfd1e2818dfd4d5f21352a

SHA1
098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7

SHA256
eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc

SHA512
c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f7f7c8d6d965c553128ceda3d2c7698f

SHA1
8af9a4f4c821f65f43075e229c8ef7af15572d99

SHA256
cee893075e58db71ebc9b1f39e130a750469e8778d807c37f6d13aa5da7953e1

SHA512
090e7dc08fe68ab5964568c3e81caa9c29ffee750bdb6a63642a4df52c8861b84bd2f4aad3e156f0312a171af3f81edef706ada3256b10627669c0a39275e536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8c1107a031739a89f608cd8e11c9417f

SHA1
238c1eb0a0547ee8639ec23ce280cb9c5d1614b0

SHA256
fa2b95e3b3255d66a232861abe7534b5631efb3735ecd0b555ba11bb5dea889e

SHA512
2e9e51c145ea86d195747c7e838ed692e4ea4c33101d42dae2969cec007e809d92bc0ac28202a0cadbefbebe10d0953e4d6846cabce5833e8d64d2678044a7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c438808803dc66cd281f993d5888755e

SHA1
710c44d722e33c1c1c10aaa3dd4235ed74136b77

SHA256
a556a10694bb1a2f9f5ee4fa0b28450ed5347e7758e5922743e6156dcddc35e4

SHA512
d8fa3c8eb29321e4b3952eafc922d4ac9d43f155319b7cef1b18ccd830a2874705f6024dc8038ddda559d2c4685c66c2163d48fbd6aebdeaedfac64d75527a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da488977208ab52efafd64c572e0bbd1

SHA1
89167af37c0ad67dbcbbef715cb478252bdb6b7c

SHA256
5d0c5643ddccf9db12fbc80e0976bd50964bb072f7838e710356597326f9d53f

SHA512
1e78f32cf9ab15d06f8ca003142669915e0573cf36ebc6186a416711264462f212694f4cac812053f721c0a962b10b8ad4258168ffada71f3b245c5802e7902d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e357ee31c37b0ce701f00e86c9189a49

SHA1
c3329149088b2f149724f62ddb533ae8a4092e0d

SHA256
f9631aee054ac3de08f31ca9032da893f8d6b565867d098f67423d143f2907f2

SHA512
38d50a633e96c26b8192eace413ca16149f84956f67ce8c7c2de8ee0df228871370826851643b9bd8d342c3cb826c2811e2cf1815bb9acf6b7127ee10b753760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e56a5b22acb57e2ea47e2399acdb7560

SHA1
29d0a4cac2d6b719cb7d8ccc1bca34e60fe5e3b5

SHA256
80c7674f48b90470f48b368bd3818ca94ef9de0287c9cf879b024aef8921e7fa

SHA512
70f7ef60fb50cbd10924bf3856c9ada27cbf9872450775e3b7a4775589fe25a4fbd6e9fb7f90c3ef3ed97405dc0aa0128adf244c5f9f8b5df9a5d548deb17043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e246c5df0d7f8c09c75600f50b9f22fd

SHA1
a88af004d2138bdf2bd97028b9ffb997c678f8ae

SHA256
2fa2914c33b3b2b188f4514bbe57309fdfcebbf306ee7a3342e8834fd027ec25

SHA512
0ac1e2076fceb9ba05a2fe81d54371d9f19d24e1b0c20ee14bded28d5ed656a6ccbe24e7dd437ed8c1d4fef9f370e7940228fc2519fe2c1a0c1406cb7be29b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
18fb982159efb4255a2db347ffaa67b8

SHA1
dd62474abe59dbe60aaf11c3152a9ce9d57799bf

SHA256
aab44beefaaefd084b548fb197d1bbe2c0cad326ae0d742fe8f3d7818aff2cc0

SHA512
8ff4a885a78ceb816407c0bb88c4f33d259ec1ea1d9b5337df3477b3d3306997ae95521858d7a3418d656c3cc6555459168fc2ae577351bfbdc7541233b5f05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e704.TMP

Filesize
203B

MD5
5442049e31afed3a70504d88cfcc0395

SHA1
d3570afc104cb5e95fec7a872b2f055b851a6f9a

SHA256
9ac6954c6e9556ee4f27393d3c175c759f23957703d8ef554072ef6da7d929a1

SHA512
15faaca0fe802b112a499f0a574297096143e386e19aa8517069a8c335f78d94f075800e7e72eb86899954f1b5e82bba8af6e16c212cf23bad3cf2b65d856a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3e5388fa9f80c602f5e1d1509ff39893

SHA1
79df6ef19676f0bd1f97d384edf7e62b8bbf973f

SHA256
f1c2e956674bbac6147f87a45fa2043d1183a1ff01a6a56aadf360cac3560d57

SHA512
7748c50be34fe3e0bb9dba1a6a3f7a5e5c7a71ff1a2b6537bef1ecd863b04e04f1ca69cac4ba26a9e4d5eb5b63a280ff64a3dccf968faef19aa273a8ed466b8b

Download Submit