hxxps://drive[.]google[.]com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Analysis

max time kernel
1161s
max time network
1164s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31-10-2024 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
15	drive.google.com
16	drive.google.com
17	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f6d745ca-c3a5-4860-8f95-49f3539cc467.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241031101000.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
2788	msedge.exe
2788	msedge.exe
4412	identity_helper.exe
4412	identity_helper.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 460	2788	msedge.exe	81
PID 2788 wrote to memory of 460	2788	msedge.exe	81
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 2328	2788	msedge.exe	83
PID 2788 wrote to memory of 376	2788	msedge.exe	84
PID 2788 wrote to memory of 376	2788	msedge.exe	84
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85
PID 2788 wrote to memory of 3112	2788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa8b0546f8,0x7ffa8b054708,0x7ffa8b054718
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff64db75460,0x7ff64db75470,0x7ff64db75480
    3⤵
    PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4925282820516987940,17104716738848017649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d533e1f93a61b94eea29bf4313b0a8e

SHA1
96c1f0811d9e2fbf408e1b7186921b855fc891db

SHA256
ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

SHA512
b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fccab8a2a3330ebd702a08d6cc6c1aee

SHA1
2d0ea7fa697cb1723d240ebf3c0781ce56273cf7

SHA256
fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712

SHA512
5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
fcabb0646e4155d707d50013d8eb5793

SHA1
3066e73352b654fb32eab422680c125901f4066c

SHA256
8daab0d9fa7a806711f7bdb4851ddaf4b6352a2b3cc4d01d6254dda60b53cf47

SHA512
5f32e22001153981532d2247ede6bed2ae492d3cd4206b1a4ddc774826519d2c34ee8a193eedf07bf9c7a0776514ac307731b13c37655e20268ea903bd60f767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
6d0084594e65c243f635f6ad6dcb1359

SHA1
bd1bbed5904cee55d08140acf5875c5a4eb72345

SHA256
5cb65b142809391797537625befa8790504ded8aa9e33ee602665df169e28d25

SHA512
e21c7992c978c009ede7a8fa7673215aac151adc0c14908b37e341fb6ddc50e1748183c520c799d02d88a3236983a6bc634e6610cc07a11dfb8ba0927af1ad2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
9660d4ac69638a22fe1bcb32e8b64979

SHA1
b2f3b36326561273f9456169cc92804cebc41421

SHA256
481ffb500940e48f46a163d604b7cbea008e02fd3c913edcf28108d93bf88af1

SHA512
1dc240e5ab938ef329b4b2f9f005d1de1eeb8b4c7a332ecdc04312a162170454abd8abdb5379048821a727ff4e4b4732f8fe985ee69e4710ca6863fda2b4ee8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a6fe475bff53425cce3e8bb37f116426

SHA1
291bad0a9744f9cd82a5aff613ffb19f3da3ad5c

SHA256
5f7d01b563fb3b4755e257924e53414e31f24ebd02b950ef631bef0ab6be2393

SHA512
c49aab83d45552cb4c4d0c3aabdc7ffd4151f7e74eeada9eea6308b9ff03487efedca7ba3bc13cee52de263b4996cb4964bf0da9726e1dfdbaf5fa9cb7921ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc041b74c7541ce85defef06d0ac9fd6

SHA1
98feb98eaf8908676db882273e4952c149fd3557

SHA256
acbea36f2870bea9bfe58136477e59d0d0e95241913c8849ed9698fdc441b807

SHA512
795c6c1b1a5602cb32b82d401422e41269f596ec54fb7dc3318da5ba553e6f532475aa436a7b53cffff53489faf90eb34e7839408a7323bed6693480014093d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
64b9ab694e135fe39aa8c69f46fe29ba

SHA1
2ed6c3ce35f2a8fb8e11a0cd92e9c0e4d0dd3cff

SHA256
f6c44bd701ce0fcb63439dfeeebebf08c043963902d2c43cb373ee7eee1f3013

SHA512
6aad86f7fecb20718e937245bef14c497e555ac7b286d41747740e9453f8a2f53eb18dd893f7e9018e89037452bc208d0282e5ae9e12251d34d280591d291c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c018334178495a97941a0e3f8fe65438

SHA1
0cfd9972cd72b1091e446cfb9255937318402972

SHA256
e079e1d39ca15a54dcd0c41399cd222a0a32423bb2bf27436519bc511ffceeb7

SHA512
294b3ee4e34d866405ffe254deb127a760b869052de7d310f9565fb55f56efb7e790bc841c2cf73170cf730caa8efe8fdd6b16fe3585a6c232cf399f989195e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bfb5e3c525291ec7b567066015200413

SHA1
3aa9e4e4118baa0e671104964423ef1c14d0250c

SHA256
9785fc8678beb47fec672fd9508d42916f61d42edc4592272350d0a07027b2a1

SHA512
1a66d6dc08351fa18fc388f63bee72185a31865c5579c173447708c10b592f5ec6fdbdca40fd1d84b06a139781ae879bf2c313396f218185eac38fc788d53b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b2e33e107a8f1a116f72ef2818ebf8b4

SHA1
12a479ec320e97dee8f6cdb903f59742f19d144d

SHA256
5066eebbce3a9918afb8c348ec3d9c7da96cd9aa18ca15f6bf1cea207a76acbe

SHA512
d7077ac067199822bbffdcb151e7753f68d84e2eefa10546747d1253e3830004be8940fc9a96602b499303e34877ba73f039d164c8aca6eba1a65e00186af87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
db2454b86ff1c46d0df3660b015f5655

SHA1
3dbe6d1a50a57ec1221d2efddc513e90f2087843

SHA256
fd5cfa60379ef7d1d7cc2127f8a87794ac41489d815dc0928e6f98ef4ede6e80

SHA512
4b137eeedc2a867441b5d53375da9abedc5165c6d178c9dcde4d26659ef97836f03b8e7ce33773e34fadeb24315dcedd4f933f4f7a6edb0dbe08fe2b3f915480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
68a55b04d49b710104b07f2da5dcad91

SHA1
6c5a52f6146edc017cbaa426075a1b918b4378a4

SHA256
78172dc1b3d90c3498988f6c2d853c0de8a574007aeb0d4e34e11f47e1d01f1e

SHA512
d33ee53350b00f21f1e05276840fbdd0e563f6dc946e29b9ec6d9b1294d829676df6053cb60760b2df1eed6b70a646e46f55d677fb678fb55f5f24bc6e6262a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
23bdff00432e565241a16682bb071fd7

SHA1
fb2be741268355e781195009665306e9f9128dfe

SHA256
f33685737a7ef29bf13d5f2c778028015e64d9ea9e1f78bcc4ad57e86b2da537

SHA512
bc7ad1b9067822d5462d9cec2a18ce4568680a0295bae9e23d38b9447be7b09bf80607a85e814fdc0baf951cf683c02ce8885e8b4f45f220e26e6bd43505ed24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bac121edd7c205d7518133d8560e8168

SHA1
b1092904e97f5a2351996ef3d00cbfa14cab8bb3

SHA256
623ff18872e2d3bf7de2b45bfbcab1d65f0fcb1d1a66247cac4afa9c7622c179

SHA512
2280952df93b21fc250bab1f8e207e7bddf4e818243f0a1b4bf68ed491fc1afb5f87bfc15fa5004058bda9909d54bb7a4f5c69722fae7207f994c46d75f16cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4dff939a19497c736d5e4e6486830535

SHA1
a1b49a186d56c3c43249190110898189d7ccca7f

SHA256
22a6d46f2203a0885245a8ea3e0d1d3749189b45f30bdfdc5f0edb2797606e60

SHA512
051eaf9608f8f45ec9eb540a3ef4ef269f0e40c9b8e87cf38944ddc42cdb6faeccf4ed0b9f82949118e36712c5d1eeedda3a4a1f5aaba7dba2613836d95eed89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
75b27931c7049ad16ff52cf7c541375f

SHA1
abc7f48d97559ba16bf3dc772f4207148819a8d7

SHA256
7f9dceac8685ceb2ef5e5eb7d094e7088401c8b1b6e5fdcc730a4dbdf3fd8fc8

SHA512
e413659f826620de0bdc4405623c3e531f112db98d28c7c3a2de6622f6b588ad9d0896537289dd8524d67cff0e662e67ad74b354648a7f0e5e8bcb8ea12e8979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
077755f60e5e17d9ce9ab806c9a6c60c

SHA1
b69b347faf9d56f29cd9105a8573cc5949d40d79

SHA256
f329dae8e67f8dec33e06728ce3919aa0a361e8afd868fb04e5cf9381a6597d2

SHA512
0920509fec3615b1a578038f3b64015acf74fd91880322911937544619ec7563254a25e1f08c7926f965b3658f50a6ee20ec8d70c55ef7ac77cdc5cf6413c944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa32f47ab182fc147624f35921339261

SHA1
079c6584e8c4ad141465ca05afeb0ab25dccdda0

SHA256
390254e1d0cda890b1e4b66495f551b35f7caf8f43487069511ed35783d2d063

SHA512
c6ae308990aff718d4ed63f675a7067baa2a8e4e8c141ce17686a2256e135a71f1538062d99629b0212088b15604bab0824a75e71f45a04e04460bca24f9594a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93b2a335edb7cbc4408d7ac1cf8a91de

SHA1
72e381caca075a884b23b33b05831f8fe4095eb5

SHA256
5f9e0a9127644474b54d07eb837a73c557f820aa85675207565cb06a601f1fc4

SHA512
0aaa1a2a93cc4bc28752f00810449dd1fa1953701a4ce985d225051bafa3b8f2f9b22415652e67e907c53d1cd819fa69047da5c5fb980923fcea729e76014934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed659b1d7a51e558246bd24f62fff931

SHA1
84685d6f04379c290e4261ff04e9e1879d54d42c

SHA256
23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

SHA512
1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ec09c7cbd7cb0b8a777b3a9e2a1892e

SHA1
3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

SHA256
a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

SHA512
5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ae0d2c6e7c24e8544dbdee7bbb258c1

SHA1
bea12bdf2bbb091b8d341c68c30f81f70f5cbf18

SHA256
96393147e95a7c97ef4e3b05183668f61e43c3a175fdaddd47b334d973731d64

SHA512
8f9e7fe47b96dd07b1c691f6675ec091a06930ff6ebfd444bc046e9c7be1fbb47f8fb9179839ee5cfcc467eb824c3f750e250934b31ceff3384a05a4e23c08b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a95a.TMP

Filesize
1KB

MD5
13f05cea5186c3a7e3919c229a5f3f3b

SHA1
6e81889f4a4dd30c5c9f5adf915aa9cde7d5a12e

SHA256
8293d9dc698bae9d7c441c56f0953ae7f613c63c3ca84910005ec19cca37de1f

SHA512
85d7a90f80f1bdb6df816748adc386acc68dd9a6575fc007e08778b931c0a552000930a17220f10ab8f22ee14f6eb6682556a87b982ed094840b4ba12c7c5398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
972000126cc89f40a5ad4cb33ea1b4eb

SHA1
f9c86e2d0cba5ed9e6abce6fc12b793767516378

SHA256
2e3110d7ef3110e50d909ffa0e596795dcdeccd779988a64a4c53d0f0ba10b5e

SHA512
cdb891c10c9f942049945ea3c7493bdcfc12374914474eab7dde78fba14e591af3d56b7d64f6fb7bda1b02364dacde89d53bc69634fbf426e97537fa12517530

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
872945029c6a30e7d09153deca86508a

SHA1
a605c4f1b1a03823282532ec57248c73baa08179

SHA256
2998a741cd46ac5c26cbb41b2c45770ec23492878241d8b2bf09254e5257e28d

SHA512
8dd7695f193dbb5bc41d1b94916fd5cde21b45829c30fd3880368ca178ea14472f013f52bc0660faaede797fd77041f7c938d14f9ef268a6406354df304e3659

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1e6207044a9808d52f5ea3ecb4a517eb

SHA1
3233481ffa3d2b86e118f169e7942d92594c9b81

SHA256
7bf860a51fbbbd1cbf322cd83fd9728111494c2e21766ed44da472028caa8a29

SHA512
6150ff4e1f074a6c8db750030dd7440d4b233a89339eaf8be62e1fa3188d3ee6cd9ad3353fc439623a3e169b6204f720728ef3a4fa7d748b53d7120e9f318500

Download Submit