hxxps://drive[.]google[.]com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O

Analysis

max time kernel
2337s
max time network
2339s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
11	drive.google.com
179	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2452	msedge.exe
2452	msedge.exe
952	identity_helper.exe
952	identity_helper.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4012	2452	msedge.exe	86
PID 2452 wrote to memory of 4012	2452	msedge.exe	86
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2932	2452	msedge.exe	87
PID 2452 wrote to memory of 2116	2452	msedge.exe	88
PID 2452 wrote to memory of 2116	2452	msedge.exe	88
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89
PID 2452 wrote to memory of 2400	2452	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3dc46f8,0x7ffaf3dc4708,0x7ffaf3dc4718
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15221938166206005785,8516869592890266715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fab2a2c0474a26a36026635660ffb94a

SHA1
0df0f3933953b940a2c2c4b7bce365aa2aed1c1e

SHA256
67b70f0bcc171cd032338fb8c34cd9fe2c95eae42d8b58f67111fb5c6a34fea5

SHA512
6eed5a721adecde2b44221d426ed45df1c69346ac91c3c9021bd8fdf6ef0a8b7db14f691d6f030e09c2d40bf749da66259e9bfe97b96b0016fa82a62421239c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e684591535601958de920775a38528d

SHA1
012615ee1d9821c25a54ca9164e203c40f630347

SHA256
12c28f5f91f4250c26d86ec1ee3096abd6fb3e973e33e4d61f1d34b5f14d8771

SHA512
9432e80804b3fa848ae6d0eb03b2913488ef78b1b033106e985335e8d286ade65825e00089d945546cac90473e9834a3bd3dcc60c32b85777b874a8635b481b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f10607c901d52fc840302c92586f670b

SHA1
10d0bbde0bd8221ec0e11181fad4b78b520598a6

SHA256
a4ff6618d3ef5c626cddded7c6d5c26791b81aff3d25a3fed11447507b858858

SHA512
232ce8931acb13732d237cd7c1bb62bc5ccd3713ea88c1e8ebe0a55df575a3c5d4c040208d56de7cb47ddc2811b74511ed448abd7ce3d7c6a4ef427c2c174f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
073bfd6a3af1494d72b87b0222151672

SHA1
213e424d456b48a5f6dd4e29bb7711731eaa631c

SHA256
2fb3ba6dba1f54bdc046b001b9e3fb87a0ffec122e18428433adb95335a047ab

SHA512
c89abf880c79f756d2096eae3540e90bfa6a52287bd63ba829235b032f0a86f7a315cb13695345fbb0f7c34f0a7e6d19a422bf0a26764de40c33f0125da01394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
55bb335c2304355fa59202649721b43f

SHA1
36b00cf7c2aa3562e237970dbb21d3dffab0ab78

SHA256
4afbfbf029507cb596befabda19907ef0a8201e26f7c6480274ec59292bfc317

SHA512
42ee377db6813ab343b041e44aa617b73a9c315728b2ee23ddd6a35b84b38bff10e02c49b077b7722b8d0ab44829564497f8e187abaf7136d2401152e585c5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
63c73fab58c1473d1d688ccdd8689a68

SHA1
2120ff3a9f73a0f91111c9bad545e920f0f70578

SHA256
bf97e12881c07c194fa4da42489f21d48d9c23501d160809ecd55a91496c6051

SHA512
bae5094cc7c5afe644a8164b16208393e2cfc772952b8e4d21eb48a8294834cff8888e2f0415ef691bade57803f09151714fe4011d01d6fbb349f903460ca4fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8bfb31831322eacf5b8a7a43e542e926

SHA1
29ce2f91f48908ffcb194b3b604b4a754fc32d12

SHA256
447191eb8acb5ed1745e3455327ec32a5792c691e2b9e7299264e160acae36e0

SHA512
0d14381eca689f6be720925a747fadeb1c28c2bf93f1c1ddac842bf639241a68e346fad3c7d170560cfa6168cb977fe67bdb0970dd8ca92cd480238b8d0e64d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
30eee015408fcb966c1807f3a067e20b

SHA1
5d3c289cb93ad352f6152818f5fd0e5141f30dc8

SHA256
f193093ddcd41f39041c980fb79862e64fdf8d57ff3497deb1bd610d9fec0bbf

SHA512
acc2ed7539c9377309bc45e5e67f4295635ce8f87ea0518d41e105855ace3907680a3fe681f4a6770c118e5e1d46ed3b7e969a81d959ed6988080d8101ffceb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3b59a10aef306a693ecf88ada9c795f0

SHA1
cff297f49bb6e4cead8e9732224e23cfd0ecebd9

SHA256
eb66169c28b9770fcdf32c0a8f01f1a0b345d79240534b5d8d5e441fd107bd09

SHA512
15f5089660c3ecf6d20efd2aeffe31ad95d7a08cd4bb5dda763091f99fab555945f2adae28f86faf3ff4fdb0aec29acd039e70d326cb4450f280122f508ff5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
638bb16c8878ae0e25c93a40e53e8657

SHA1
5fca72b7258fa7b8fdeddf1c98e8b1e7646cbde2

SHA256
5e025801d50ffe4ae512b4595487752d6ffdae328b724ba824807d4c8bf2409a

SHA512
c64fef8fe89be1ea1d300165b82f7e9faf4e305cd448a625c107dbdcf06d50d2b1e35c32d0b57d6e6d8b7540a2efe8295f9ac60ab987e023555793a6434307b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fe05d0d45902229a1530015b32b58fe1

SHA1
b22a9da41e6d559dace996ea1fbb906e9b366a39

SHA256
4d3ec9a95b0a4cceea85389577d8c9cf11a9089c70c847781072ce0ec38c5b25

SHA512
d2cab53a2f4a42f0aa8122a63c9baf58d018ceccd708c4801e3ebb113d1ed0eff2cca33690e20b7a6e018da3b572ebeba86a5daf1e9d4bea4bff5f8962cf88ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d792e7b061c42c2b21db24394c5297de

SHA1
feabc5bd225d915a794457120d76bfbde6c2dfd9

SHA256
f85945cb441623e1bfcfe46e294ad40ec34889c3e03a664d07a14f51ef9d2dab

SHA512
9a41e04c28bdbb52894840da3b08f00fc2ad2a6408ece109f9ceb0a7e66c725f1292798c803a8bd5431ef22f801856be2229a30080c22d56fd1737479973e964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fe3d82f918ff64517a28ca3f32b656ac

SHA1
ad7b6d0eaa40c51fc56b0212f57019c0bf28a04b

SHA256
369e4bd3ed8d9c22d5485e2b292d6bcb7fbfb105f2fb75a38532e169b41a4ee5

SHA512
7146256417214c81a3ce5ba008e32f244fd19863bcb3e440c9e99fde2995d5585f038151fcd5c10803a64e5cf872bb7c6067fbf73c7b951ace61707cbcce4418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ba58f5bb863b709eb1c97b6d6c54c036

SHA1
98e522198c21c909fa5fd277d285eeee746f93dd

SHA256
217df61a2cf805be9859daec7185ca1db13fb0232a544b21fb38250851b1ffd7

SHA512
a0b71f78456d682a12fd30dcbccc34ebefe9ff12bf6c9720f25880bc138d60419f2ed1707bb1f19a7775bd9aef7dc4cedb080598a4756838afe58c3957dfa643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5eb074dbac06655b32bb6156580d3918

SHA1
d329736d305788d225ca00d4d4992058f5c37427

SHA256
9b7f2b7e452f6c670a99c2f1631d2100faeb68a5adf665dfd557614cfc2a4731

SHA512
bdee8948342839d67c82c4feeeb8aa15da1f0af7e64b5dbb4821494c2f8e01f2b96af2bd6375df7eb1eac1e604d82ca5062bb4f54a3957adc30fa1349a416ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1c1972cc5d89ef6a1ea72f7be09ec25f

SHA1
2e9de07e0af079cd0f762868bc3e222ac2a90267

SHA256
e76dd306ddba78ba0dbbcf67576f8da47a0b00bfb9e7c2cc334f9dcc9c8cec82

SHA512
ed51b0979ec37c285d2ea587b6ba98cba907468090978a4594ff93f327730c2b5cba6bf34ed0b520d6e0950feda6e3472d2d8e0275b27374bcc667ff46345e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4ef26f29bb50a4241b7df00fdb6a57a6

SHA1
696fb20d41a54c691318b27111e9f2bce40e5436

SHA256
3ac6a24a33770d18f1ca67e5089690958ea2f28933fe140b273d1a003bb65119

SHA512
9d792f72b1fb95d432d10db2b670cf88255317667772d737f990e56edbfd75fc1e9ccf48a6685e41c952b82b5370db4e8a04560af969cdff376abcd6dff32b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9761d643330aa728c62ddb49bc7973f1

SHA1
210c46c93db652ef83f0daad8d05cc43ec9e1a63

SHA256
def69cb5f34f8d001725239b3991d567be46bcd8d268b17b5015f3ae4beba760

SHA512
134e7d9a788b218503c5222b8f0408eafade49947f25c87d8c97092bb9cd20c9b8c3e384c302b592a6cb1319ca26827efa6dedaa2b17e1041fba4cba7b3f470b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4bd4bd255aaf5d86a5907ac221f36687

SHA1
2bd6e78434a074eae91bfae26dca5b6db288c81c

SHA256
24e7bffbfb80b0a005d16ea8451a1990e23cdc036c541e6b7ba8e497e9ee3468

SHA512
989b7d6ce595aea52dc32ea62680eaf1679be6b397814d5d2a6b5d8501937f6c195a798b47505c4288d46e748f173e0300299f5bd9d9ac82c9f8b42606bc06b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bc7ed5a997e6ae11239181dc68d8df2f

SHA1
4604cc7ad78555fadda593274f40dcfdcde1d5cd

SHA256
a6d6f5b21e55eafbe2434a3dd8fae3c191cc0b1b51740df688c5cdfe9e37bb6b

SHA512
0da30e065508ed32bcc76a77b0caa7ac797d0c6b100f3d3c7793ca3ff4d6f26062ac7f787f51ce73dbf5ecca3b21c7b44bb5ad1b5b99b191864ff106d4fd28b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b9db4904a5308bcadf4f171e016ef790

SHA1
0135031d250ab74f06e3d68b0a4e555681648edb

SHA256
4f5a14ec4066e75d1726949e0c36ae39cf780ab0a453d65829c598a8aa6dada1

SHA512
910a9984747074350468fcb096cc19815c01498c025cb92a556dcd31a91870d5e966c456c881fa0789c41e2dd6efe1a335fc1517d60dc83042324f43a29bf495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8a1bd4a76088bbdffc4ec5fe10b36dc2

SHA1
234d59e1a11fdc8a11d7d83fffb2d24e6fdff3e9

SHA256
b0503f0f75d3f40b218dc5618b823f22be2a000bc51384f20e1738d38c59c6a3

SHA512
261eed26cdfb6f482df41480a5fcc6563fe68b8f7d1fe366119930925d9a7e29eb5288087bbbccd69fa0e152ee009894b7fc61978affd3ad2a915798eb553764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
190b6c13356a28e250579b03f5e37f98

SHA1
2effa296bdf291ab26209845b1c781f41130a795

SHA256
326dee221d5a97265232c947b0ec80d82d95d813dccd2d4e9da6a7d221d4e130

SHA512
56cd937ea52e8d34f2489782ab3cf8bdf93653d52772765352c4ba3f38b64ba22fb1bb8c57a6ea91a9fafe9d9c93bed32f8172832d15ccd56419826e4f36b280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
156b127d2e020cf2e1b681df02aa41b1

SHA1
37647440319cd7bd6d67b3e2fff2fa37556e6aee

SHA256
9cb200cccaae00f99e667124968bac184888a43edd644c781e71be66b40a37b2

SHA512
4095493c28e3078df827f7b96d04e879dbb7932178c11a1b6717565ac78aa0dbb32d4f8ed327486d58e114e8f2ead480fc97f1f0d057fc0abdabaf2b32cc7573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
37707b16c4aad8a7430634ac6420d210

SHA1
df601cdf744ba0a9ea13f0a5d19ae0e107c91ade

SHA256
79855d166044064a849e77653f77cf4327da2e33bd9e86d580aa96594a3b7cd6

SHA512
92ebb6ecb8bfc7958f9ca75eb48922e1251e7891370af974596ef59818ac470f5945cbc8fae8f69d0101a0a54ac6ed226c3a52929daa975b7414ad960492cb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d44a40e333083d1e3a50c448e3d9f007

SHA1
6c16f5a4768c91bfa0ba668eeee07aac17d9ebd8

SHA256
9c66ff9e314b224e86d7e3ac524ef63c5bfc479cfe7a9c6ab44b208922e71181

SHA512
2cbb53c6e8fe25d54ea91c8bba19394899ab2fc9ef1cb4b6fdd00dca1deb90c1d9fa6fc1eddefd0c99a7e9fb9fdc9673b07392725031bcf0dde994e2aee4ff69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b51fc07b0ece2b166b9f59eb619b8a2c

SHA1
3c9e4a09cbf448567cdba2791bef7c8289c28e6e

SHA256
7299b0b136da7245a29fa39f4173f3d24fc5de69fc67c9bc5d1a539fdfd159df

SHA512
ad5d4960f2e3c778f309cadcbfc60586b9f9073fd39ff6c5b4411eeb14a8a7648224cbe4c654c4e8f1b73f358cfcc60a989228e68e273c956d674b73359e93bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e89cad38b61f6a5244f5f90816993872

SHA1
76774e258c67901eba53a449bf26c5f89eb76d2a

SHA256
fecb83e98a21c4a28086dd8eecb6eb07388c0721c43844ee6aaedd1b38140507

SHA512
559c3246be2b63b2166c2a68016ade9e34a30d65e0853f07bfe3713dacfdcd7d52a26e6b06fa9a51f626ea941d57a8c8a51dcc5e4eb84c9a1f2ea8312b21fee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08515a5763e5b6738555b2f1ef086d8f

SHA1
a0c5852e92346315bd95762335c25b2149deeb8f

SHA256
dd6ae6cf35cdd00d4d172acc4b9a665181666fa59d61e7f25c869326a88a3ea3

SHA512
1bea32ebd7205877869dca48f41f88b77a8f6acc97964005092855ae492a82f6318f8ea0fba1fb07a0a0aeb225fb2e20bc1048c1aa13fb22f24380047d75670c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dac6ea9149f20b8685042048e6f5f742

SHA1
639dd2de193b7a3cb30247e0913b11b2abb94c21

SHA256
d38475e850c71330789ad892d1b5e395999ff96a4a9975a7364ed7a0780c6208

SHA512
18d3d02172544e85f84196d0d6328940bea9b0b4318b504d127c0ba92ef3c678cd4b43bb0fb2ae58bfa6603ee0903b176597f1ce01a4db7a0efc3c5f10c6dda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
936971a622f3af4b129e2bb2d1f85b2e

SHA1
40d35bdb6c262b2b8bf5f03281ed52ef4b0ee905

SHA256
aee16f11463b9c527ab4bbc096f72d94c7aff8aa481c21d411ccb0e0acffff44

SHA512
a5721a49cb8927ffbd50b3c05572d03483f3a4549843a98eaf13f4ff3912ca778593a74ed95dbabd615a6ba7d39f1eba1960c227b3f58acc75653e1c869c7cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d59.TMP

Filesize
874B

MD5
9eb58dd365c6f7daff65bd9594195b45

SHA1
5fd90a541916d69b0568212d8043720a278f1e67

SHA256
fe2f84741eec5a16da671d3a2cbacd68e43153deeeb2a92707db1d70c77fb617

SHA512
00036d85552c456442d9463e3ca242ce042eb70702648f20d254966bcd6e57dbfde679422c8046b4812ff04ebde1ec412d3a584a5d2b1619de0f3308deb393b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f844feeca7f422b3c909b21be3f1ad7

SHA1
1fe8e7948e53bb5fb6eacbd85f99f058e369e4ec

SHA256
2a0ec7dd7ddbb87444c313ced68a9c85bb97651a662148cb841414270fc278c0

SHA512
106b250bf3283a47ddf09abe87a700495ed8b326d211329c8d5c13ac1196e33c1bac346c62fa90e4c98ea990ea9a9794b054a4271e75f02faa55d10373510e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
71b4840ad8f62e51ab8806deef8cfc8b

SHA1
65bcb372f7755193bb87f33ef7a9c3a28207f127

SHA256
0b63089937a20bf7852cb6594f104b0ac393f08faa21ad313237776a3735420e

SHA512
ffa8faa4747245450c10acb689c9fc23dd7e5286d952876199a7cbfdf854ea4e232ca7361e0b9c775566354b16ec9c2c7adb6e3ceb2aeb2c6358687742cfca08

Download Submit