hxxps://drive[.]google[.]com/file/d/18YC3N9BLx9Dr7gS2E-nYbWih6B9a8kGc/view?usp=drivesdk

Analysis

max time kernel
1725s
max time network
1731s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10/11/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/18YC3N9BLx9Dr7gS2E-nYbWih6B9a8kGc/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
8	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\24814e9e-08bc-45f1-8e21-15776eb684f5.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241110213215.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
4976	msedge.exe
4976	msedge.exe
3368	identity_helper.exe
3368	identity_helper.exe
5424	msedge.exe
5424	msedge.exe
5424	msedge.exe
5424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 328	4976	msedge.exe	82
PID 4976 wrote to memory of 328	4976	msedge.exe	82
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 2276	4976	msedge.exe	84
PID 4976 wrote to memory of 3636	4976	msedge.exe	85
PID 4976 wrote to memory of 3636	4976	msedge.exe	85
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86
PID 4976 wrote to memory of 2580	4976	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/18YC3N9BLx9Dr7gS2E-nYbWih6B9a8kGc/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc0f6046f8,0x7ffc0f604708,0x7ffc0f604718
  2⤵
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff777ae5460,0x7ff777ae5470,0x7ff777ae5480
    3⤵
    PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14041290030469256462,1672772672080792051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef84d117d16b3d679146d02ac6e0136b

SHA1
3f6cc16ca6706b43779e84d24da752207030ccb4

SHA256
5d1f5e30dc4c664d08505498eda2cf0cf5eb93a234f0d9b24170b77ccad57000

SHA512
9f1a197dccbc2dcf64d28bebe07247df1a7a90e273474f80b4abd448c6427415bace98e829d40bccf2311de2723c3d1ad690a1cfdcf2e891b527344a9a2599d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39191fa5187428284a12dd49cca7e9b9

SHA1
36942ceec06927950e7d19d65dcc6fe31f0834f5

SHA256
60bae7be70eb567baf3aaa0f196b5c577e353a6cabef9c0a87711424a6089671

SHA512
a0d4e5580990ab6efe5f80410ad378c40b53191a2f36a5217f236b8aac49a4d2abf87f751159e3f789eaa00ad7e33bcc2efebc658cd1a4bcccfd187a7205bdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
79da0e4825596a389a30e81f847e53cd

SHA1
243fb921d21d7a3729c40e430bd26353fb6479c5

SHA256
e17d08779ff30273c0adb219acae5671fd635ae71a042f8f4408e096c2911540

SHA512
8da35a39bc31ca857a9ecf66d68b24ec3288c1002df2b8ec85296e9da790fa42c753bda74af10e68103afd9fce698aa49800a6e90db2d79116d73c7035122712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
71d53a9957ef055b0d5532d1f6ff0f79

SHA1
2daae83d09c84dc672eac1b76a47b5a66bc4991b

SHA256
4a1a7771a85f04b2899ff530375e260554c7c7a567c28148ba1246b4a2416c32

SHA512
bc1f4dda12adae449c0edd92d3b88eb9b80a33a6697875bf19c84af7c919eecf1509ddba66b754a6fe617d0bae7c6f963e544a700a85336c06ea16103b8cb285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d12bbba17007eb54a7794d1f48ec4204

SHA1
b8b2a24667bf018fe05df3ebc889ed89bd87bc84

SHA256
0edb0ad7d169429ceb45a8f9df02d75d13e9c035722b30f43d761d3ca94e28ef

SHA512
7e68d8e70280d32c87e40bf6f1e1f33118f2a14145e50a091a7503b66d2cbd74bfd75cdb401a0b56c1a44fd1f36faad51ce3f13e7f42333887957adc70905b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4d75a84d05ea156f7a39a8cd5d1f8cf5

SHA1
0898ac08e2a5472d448b7210283a10a84bc2993b

SHA256
90f18f734f5e31d010ff260d45dae4040d70829c8a6345bc0989f435c853359f

SHA512
59e6ed318d87d5acea13e0c68b720239e0ab820c60f1edfb7048af01fd40e2ab89dde3a5ce054fd6d828e1bdcc57ebcff5dab583a172716b737a6e4b613b4a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fbed193e3a4ae74ff5f065bd10db3016

SHA1
0f14932ee8ef4ee567d4d641634705d2ce16def7

SHA256
9dd7d5c282f4f4a9e82ae9592740cdfa35906b4b85f5ce0a342c0a808dfa143a

SHA512
1e1957f35eb230f440b621fc15418cf5a6a29a5d641a3cb3b87c4a2a85da3801bd1eece7f2aa6c88191e9b3e82e38f4e104f9ac90d55ad221da16eb5a82bf7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
03443994c795e7e3dfac88f24a05fb6a

SHA1
263a02edc363af70ef47c1ece9151a8711f737b7

SHA256
27ac2fa88101c8dd4b6a521d3062c684be477bae2d549cf932c913e49f908d7a

SHA512
16cc4d7a9c431df0861c895b4bce41ced7f910f77b84bf38ee963344e306e112bdd9dca4d54eda6356b73c4f7a2b7d0913d33b642e3787f945007d253eeabc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6f19759f0bc20c327e796e7be5bf835a

SHA1
0008e05f53dae9d0da0911afe9fc443dc6f08767

SHA256
329d5baf918d2e91fc93b226ea58059a1efecb43332b644c6ab3de97b8813439

SHA512
5739b03b8b2b867febc8220a37361d36c4098957d80e2a43edb2591b5a3edcc4a83319322bfc74f7c0c5f9d7a8f09cbc217d7c9c19b07bcfc686747944a3a076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9d6ae606a2ce8d7e67c511ccc4362441

SHA1
9478e20d13041aa266b2afe42f09cbfc036311c7

SHA256
172af0b31d63475c441018aa3c4d355685cdeea2b8fb28ee69f47ffae9a0bfd3

SHA512
0b157d660c7884a7ed7217cfc08f47b504fb37c9758e2bb6ac8c3827352e26801b6f375edd231b01aebd47c21738ba48c2781b0b59f1addfc05bee96ee666386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3179f0f0e7ae9076401affedde8edcba

SHA1
c7bcfcf57a3ba304c698d0b99870662edbfc6d0b

SHA256
bf6fb8bd3d31aa9bf6893b2ba76ab6012fbe353ae19a1ad5fc4c9b2d82cfe853

SHA512
cd1f7bdb4e92c372db4605ce0c9783fc7ce19854e7bc52cc5fdce787d42838ac31c2044ea7868bd5bd68bc55071ad8227f11bb71cc837b379a3ef0d9c02995ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
238d1504dadd0ba5ca78b07dd4cbc191

SHA1
ce91290a4358d7e70018ccc2e52c5282b4486f05

SHA256
057c5dd970653ef75043f5d293f53901c6844ff80d1f0710ad9ac4ba5ee1ef0c

SHA512
1482352a4437e88337aba0d2dd3da978cd42c22c77bb38d4543f02e6b3db23af29f2febcbb68a587573fbb222d3ae6423dccbb0336c47fe6b58fa129b79682da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
302557dd16c669d4c9e11ae624f25bc9

SHA1
a44a1addb74009650a540986466d8621bdf73b65

SHA256
ac0c796b7015f3cd0ccd12a6c1a646d59a0d98b049013730642e6405095144c0

SHA512
1cb2cf1180dd8f87096fb3e13867b5c10cb2b27b3e311312f4e2234464d5880d27c49430c771bfc67cd0b886dc5e55a9b4a0d2dd168cd231739b1ac516203f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
caa8265fe057342238c1039760dd9998

SHA1
59ba4d890e49025d988998775aecb30e550be03e

SHA256
ef9f1be661fed4dca74819d5a211d1de87354f6891b2589bf0b434a6c04e971f

SHA512
712d4cf2822cdc8aae8a37e116d81721daafaadb12fd092b220fc089541f446207629ff59f995ff136f07d31a444a3e1ac8e73b7874390882bb2bbe7a01e38df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0ebd03a4e38e7335352545afa575abbe

SHA1
5f7eb00dcbea5c2fabcd67b364b77f27a206572d

SHA256
84c0723ca755c6987e105460a1a8f116c7c3c739cc527e10b1dd58ee7358b79c

SHA512
bbfd5351acf80d961d9c1d67433a915ee99dba9d8a5910fab48bbda5e4795d3381c5171516f532e4da1ccf55800009f7f59e1737ae8e3e88405df19441959d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
59883ab3acec44cb2707d76b5226a481

SHA1
ec2cd67f5ef772e3fcd473e1e59406de633d5c26

SHA256
d375a2c2bdb3ebfc5815edfaeef8a90978e69e2586432c2d806ad20f47445598

SHA512
863bac3ecf013d3576673468ca16c79518063838fcca201f1dcd2bbab6b2bc4af1cd0315bb05309d49304c93acb823151c9283517acfc27b6af3472365e0c5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aea0ce66627e058c73774764f9ec614d

SHA1
e091a431738e65db81d87972f39573ea2647e5b6

SHA256
f5ef68a0f2f5411a40126e3c88dac8f589fd4b0970b521c9c7ca04a508d679a6

SHA512
8e8ae83160f323eb9223e39f661c92554658efcb222580af4fb9d9711559536a6d6d38e3526673b3a576e63d6a66b3d10bbc9213fe80dc19fb6d20f00eedb894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eb9508630c95377faaf94b166b70ed77

SHA1
e1a5be9fa93422ca587648e7e4eb27f26223508d

SHA256
7793d7412992d3627b6f66c60bc99bd2d9855df9940563cdeeb653b9b718e75c

SHA512
7257a210c24584a0bae4f483c8b5f6860af33b15406cfefb0a4abc7d83d34032c69dc8d8dc52c960a89d78780782a1c38c515eea2c123dae9d8c629c5e810ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e1b680861f16e7eb55bb6fbb75bad667

SHA1
89959edb201e87f93bf96cd99a96e9c8fdee2a57

SHA256
b476068d67f935054d17ec113ccd4640abb771e88d5dac46f32cccb58f2e513b

SHA512
2bf1ebd29c8b00ef839004692a48eaf563f2b334697f58349e658e56e1b6ca7aac8bf315c756f12008b278bf87331df4543f8f6e47c8bc31d8c8968f7100fd3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58c781.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c1f29f40294b8802e23c35137e7f7e9

SHA1
d0bc49187c5420a3a7b09f1862a6cfb0b804a0f2

SHA256
46412de381ead62e2d291f64ce84fac738a4c975253a8f5cbc74500553729688

SHA512
b4c3c900d5251749c75826dff70042b2f96a44e448c8cde5cf99875177151769b47e6f76ddfe0d189af5a1ad626c1ae9610867f40281c7ee1072ebd7170b847b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7002f6baf646798e09e8b27d1b9d9d38

SHA1
e0f973c378c729b0a345bb5f663b32cbe1a76f43

SHA256
4582adae7e17be834965463dddb7ea75a77226706536f17bbe754e62ed819c6a

SHA512
f60856f30176db06e1bc6760d517130c83023e80fe2978189c8ab28a28dec0b16f612a5f0de2b761fc77929cd8b9467ddca2e40658c8affdc84b3e192183b0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c03c2254fafcae53e79e9187a1eb4cd

SHA1
fedaacf01067dd4452e6ecea0d8bbf8ed5b84cbe

SHA256
fb35a3cb8c61479eeb8c5999f5ad897c2168922b0f4b5e5e39d579a0a40c4245

SHA512
ab2f63c531c27bd8b2f8c7e4c9591a995c8587157baadbccd1c415c0e656692f3e4fab11b9739330f329c4fd6f1265e54bbea76958b2399a40809b3ce4f8d00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60d82bd601d64fd00bb0373f5ecd65b8

SHA1
0e8bde426270dfa3ea285c2c5b7282ab37771d4c

SHA256
bdec91a5061c6a400ef33c2dca5b1d0c16c1fe9e464f8ec99a72442b752e6a97

SHA512
5ea1b33784438acd246c02c95716f72c78293bc8d8e8e6d71aeaab370ae9fc2063ba8ffa443bbfc26c96e45a95549b62894b846a459c986531b34a110d0be38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e98d1679e15688ad133f11eee8458ee

SHA1
a4b1a83f0a3f2867954d3146d95d314441950606

SHA256
8aa7eaf918f2969424996a8f3575478006d9d74b308a750f996fe4f5f045554e

SHA512
eb34d52a8df4992444000a93c8d0d11254069b5f43a68a6def21061be03a538f36c42b2e968a8637f12b93235de3140002b0212aa2cdebe0950fd115c04bc72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5742a603821b47d3c50dff772fd4101e

SHA1
46627db1d9ca8abef55fbd353c5b070a044c9a45

SHA256
6ec12b1774bd5bbe130f7556a48f538349063d89c3c6ad7f5dd198eea601570b

SHA512
59b61a068abb19684a6a0955f1212ae52b65ed3a00472ed628e5c3b16f484b22d4bc4ab6a5507a37dff5521a0e9b859799df4105da2ca57838d81d48a6f7dcba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9654d18b29e72f0d6c27c2f933c2148d

SHA1
0de1ac9061498541203da96c812b05d66184e234

SHA256
f8f5e60ed2bc869a6d8c9a277d7518b43dce01b089751754f39ee08a768ea9ee

SHA512
08bfb3ee252f459ad3e327249cd090a868c49ea0059276fe0cec9967b98ae4b98323c4e457c38c52541e2cbbd65978c49a585318a7acd15e5ea694ab1526609f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9d49f645b0ba044a3212fac91d224af3

SHA1
df0fa18bb5523af07355013ae95ff4698e4d6ea7

SHA256
65c05e4ec9ee065b816426c9c294fee09ac0453948fb917c95839404585afb86

SHA512
01af67897be89a2b9156b195124ae9416aa3e0c4cb568fae233827bda2b3c164e74793b7d40644623e3713d79222c5239c72f1c9f262b7b53190d48d1923dcf9

Download Submit