hxxps://drive[.]google[.]com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Analysis

max time kernel
1152s
max time network
1158s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
31-10-2024 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
3	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3784	msedge.exe
3784	msedge.exe
236	msedge.exe
236	msedge.exe
4080	identity_helper.exe
4080	identity_helper.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3784 wrote to memory of 908	3784	msedge.exe	79
PID 3784 wrote to memory of 908	3784	msedge.exe	79
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3924	3784	msedge.exe	80
PID 3784 wrote to memory of 3164	3784	msedge.exe	81
PID 3784 wrote to memory of 3164	3784	msedge.exe	81
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82
PID 3784 wrote to memory of 4888	3784	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff852913cb8,0x7ff852913cc8,0x7ff852913cd8
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,2338414876792773281,18437869540725776731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
d96220bf26fca5bea33d79859489a0c7

SHA1
526543623e419030b85cc280c27c575ff4231bb5

SHA256
9d5666443aa197d0e337149173c8ab7e83ff70086001bfe72ca0d6d4094f7c1d

SHA512
1a7f84041ca8f1b40cc0635e07005acfc83bc455267c3e7e76976b251950c0d5807f930c0ec5ff5270da5022043a55d544e664745bdc8d293519f71ff47b57e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
8ae0f7e31e1ddcb193d6d0ef70edc480

SHA1
65afb308f90fe42dfb25540de3dfeebe89bc6a24

SHA256
f59cc173c0dc8541601ea1d17ce36772bc30258fd9436a14c3928cfe2cfd4161

SHA512
33d0c8e7e421447f9443c450d9e34288b39cb43f5bc89a711b1959a47a6bed0ae116965bf5fe7c9fd3d264202a606d2ed37ddf00d722a0bd2901a8f754c65af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8452144076eee0636817a3c7dde0af84

SHA1
0ffe9e8c83ebc49f9f8bc71bb3c240bfb7bb3904

SHA256
c09c52b612eda46fb56ac1233890d7e3f80d59c3ca31a7b35c65c142e46dfbcf

SHA512
c882810e5a29f06ed70e6633413d73ce34bf4ebecdfea31357335b35bb3216f31e9744ae4a2a1aab5c034da9aedf8b6b0f9e4676cb45d3e0e05e7be7d8663fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
156c98473ff2b81d87c7a6ad53d291af

SHA1
9a5999f72a54a378842304413eae4bd66771fc9a

SHA256
7ec0b1836cc57d858acac0543a01dbcd13cc54078283daf59efefdf26c40f08d

SHA512
e277a7e523da172c0bd07b34d559e8e3fb5651654b8ca87b87467d2b4f6b1ce7f6d467ec87d0aea93c7d44adb7d29aef47fff9aa6c3eb499b5caa6ebfb54b9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9bbaa01b0d8c917b3dde191eb3bd2097

SHA1
15ed0e85508013814ba02e757fc63da9ad1118c4

SHA256
d0e52fecaab556b6d733049e61d1f32159abd1472d3edf8761242243f034a539

SHA512
75e83c7c246cc3d875dd3fac6543601fa3d2e356c20989cff8395077cf50ab16ada666d079da574368adfa20f3ab22e9458956f651afbd39b99682936b162130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3f3be586f26f993cc3e9ed619dd15f21

SHA1
a07d56cdd8bbb1564f82bf786fdbce9000f4e615

SHA256
3bdaa644189094e779a121c16ad470c95880ceca4c78439024d2e8cf30c6b1ee

SHA512
2af4fe7f9bd58eb720d8fbffaf49633a2eeb82a4a4ba49cbe31f1aacf70cd98defe99e54457f1bda97db50ba5a767651037ed03efb0f54f0802f1642082015d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
75a384473d136a0e2727729091a441b2

SHA1
705f985c039f609499584b2fd6335c64e3804ccb

SHA256
5d81f0354a197196a0051362fac708392ed13f253d3bd78c219c3fc28d8812e5

SHA512
7644ca8f96b679b88a4efef271e9e9183c40559e86da591a0f292c82ae5ce5ab849f445f52b6620f8b785aa2eca5daecb469a41ab93b3dfddfe47c88f53c7845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
af02bc8a058448e1004c233d297e004c

SHA1
7ce7b3f855c2ab02466041a6f7bec3a98b01822b

SHA256
27f6ee1b19377b452a406136b3d85dfc1ff456356e0ef6264bfd4b9362507ed2

SHA512
a1da97e372dbfdddf7fa1625dae04dae21760f16d1d71b3518c71077dd6fe6310a5d0889c5947968b35ee7f1bc75388fa1c07fe67f98474da981751352eac700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a42957041d79ccac0d2b81223578ef7

SHA1
7438b061f1421a0059060c141b7454a67aae0f54

SHA256
4a3532c001d2c4ba776bc904a569199facd385f6db3fc959921504326e2a481a

SHA512
ba20ee8c60862f35a0ff1538fc55a435ac5beeb711101d674ceb87d4371332ea6e705822e1df16942d2542b0ffb0e0d37e2b82afd5027df93af4d3cb0d44ea3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e3d014f661888009f6dbc15f5a68ca13

SHA1
7dd4c76ba189a9018d748853f97b9d14f55bc3a9

SHA256
e606292614d9264ac31ede556547fa76cb9d05796884d92cdc93c2408a9d5269

SHA512
1926b0e6202de5dd7aa0335dc86043325992962fb33a0e256d96645f2ea05f80d9bc108bc861c71f8349ab80f60e50851ceaa07a391241ce9c781c95fa8ddab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4faf2f548fa3464527acc5af30a3f627

SHA1
ba9666c3923707c5bc087aa66e5885561a4c8926

SHA256
a6d77603bfb6d0e2b4c1a0e790ff2f82d7c0064648340fab0dc51632b0520757

SHA512
7942d268802f57ddd81d7ddc1501412144a67e97098b1e86f62a194780976b431d5e8f0be9db7da0e18a778adb313fa80adfdf27670bf09a80eec29f3741b8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4b9ab8e5a3c5fd03bc1be6730f5e9870

SHA1
a8852ca865d7e5f98235ab59cc6a0fef3eff5c6f

SHA256
7fdcc55aff226ab7fed68a6d25e87aa612b55fc0bae9991c27ad691896c6a7ef

SHA512
d374a54e05784821c55961a4faefbdb6174980794c7dde3c3e682bb904549bdd02678044b8f9ae8b6548cbcc8d62d8b1fd141c8a7f653c395edbe33979389e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ecaea2a4577dad284853210443f4abef

SHA1
6eebc088ded00bcc5352126d3827438d893a49eb

SHA256
0a103e60830f5ddadd6429b8ded9cd597da4294bb18ee11e545b01d7b8effc8d

SHA512
b5514d293b9532d99bbec648275dad140a102435f341efa0659c52e6052f91de9ea6c693eaf6ae9a77284b3e057cccebdb0bcf352f9c0f4078e0380f8cc5cc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9381235141c1a8475d60425f1418c3e8

SHA1
03b852ffc7a5f0d44fcd8da6867516729d238fae

SHA256
0c4d9bf75e51bcd32172cdba33521f534c4edff47ad9e8481e62ce42b8310c0d

SHA512
95353feacf77161fcce59cd7c2c72b914f4db14b15c6bca497dd9e63ebf8a3e86f41fe16fc03ba8177ef10576973ed9b252014989b93e81adfffa355633f02d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9333d889e63c6d8c9b8b6014c1a31afb

SHA1
42a106262aa1f95be85c460805fdfef58d70dd38

SHA256
999311a698f878c37e11bb92a98bea48a6ee8defad4a9dc25a7f50ce94967acb

SHA512
d6d2ba72d96c058a1077878443dd14f02e7a9da932339942dd5505ea7e51a432d1c05ab1f1a1971ed3eb381be72149b32fe0e418525493182db55da96c756ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
573bc8cf66ef162731beeb999b5741df

SHA1
5b2dbed6e2956b7d7b0e309688e376cd2f5acf1a

SHA256
6164d4850146b67b8dbb6fa7a9ec1a773cc36354aa623f0b8f1264de5cfb835b

SHA512
d163334975ecf7981f43275f1b030c7cc17b7d6cc9edb9f82fa0b4f6a9e385ee9a88c46794b6283f7dcc8e45a9467048fc39d30363559ddac2ae777710655ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46a863b99a017a5c67ed1dd34c4ac9c7

SHA1
d88a76a1b5770cbdd03b63b2e57fd131685223d6

SHA256
a5eec9da0ba4146ad866db85e80c5e97b47b3bfe8fa7dc6adf74727a0e94a891

SHA512
b24547f8bfa459549cac59e68bea948f32bcca74ed5f61e2e7b2fb346f4288492fbda7172c9c02b033642e92120c941a3cb1c43b495b2da7f7c15e6fd9d77588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e3c4.TMP

Filesize
1KB

MD5
0a81e7a1c317c65333808144970cc6ad

SHA1
dba2d820d78439d07216602175bd7dea2640bb49

SHA256
b8043912ab9e2c67e8ed20a559f9b9e04c86c4926f3d300b272da0a3e703728e

SHA512
b847e721efcd18648c51b0e47adab9eb01ce81f14a85de5f42a5ec056956d953dc2cc7e91fcd7f59ec4621b472072fe096cd9f35bfb867fae39f0e486f69b259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1160aed79dbad2943ab9ae4bc0e84c2

SHA1
71f413e843d55054704eebbac47f41617c31fd89

SHA256
2581e59b029e106510315071dc48d739395b63a7b1436028a67b3635762c72d5

SHA512
7c7c2b49f559acbcfcadda5968d96c7a8460e16fa20e60a8f272b41e4fba3bc84ab30aa6f7393f7e259be0b453e002c799e9ed5db663e5e67bb255bcc4fea30a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5c6aad56a7c2cb565497c9d1e3081e1e

SHA1
348709057a5d469aed3fcd9ad02adf8bd86daeb1

SHA256
2607e9ca0cecedbe120a6fb9347db495c1fd4701a73d8ef4614c162000d4e9da

SHA512
90f418bd584497c42b0539d27346a2f8bd258b4bfaf67bdb93aa2072bac9b4c4eb62e1677e5babbc2f2b8e6f872f740acae53057bf14d6b996225ef89cac84a0

Download Submit