hxxps://drive[.]google[.]com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view

Analysis

max time kernel
1725s
max time network
1727s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24-11-2024 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
12	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0c189b2b-0126-4334-a60e-ce8918d06c79.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241124091223.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3724	msedge.exe
3724	msedge.exe
2380	msedge.exe
2380	msedge.exe
3396	identity_helper.exe
3396	identity_helper.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1780	2380	msedge.exe	80
PID 2380 wrote to memory of 1780	2380	msedge.exe	80
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 4188	2380	msedge.exe	81
PID 2380 wrote to memory of 3724	2380	msedge.exe	82
PID 2380 wrote to memory of 3724	2380	msedge.exe	82
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83
PID 2380 wrote to memory of 4376	2380	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xdc,0x130,0x7ffb1b8246f8,0x7ffb1b824708,0x7ffb1b824718
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1264
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6304b5460,0x7ff6304b5470,0x7ff6304b5480
    3⤵
    PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13330650293520777515,11310670921008974281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d533e1f93a61b94eea29bf4313b0a8e

SHA1
96c1f0811d9e2fbf408e1b7186921b855fc891db

SHA256
ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

SHA512
b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fccab8a2a3330ebd702a08d6cc6c1aee

SHA1
2d0ea7fa697cb1723d240ebf3c0781ce56273cf7

SHA256
fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712

SHA512
5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2ee025de2c897b364f128aa4e7482170

SHA1
93b94f47c4c94c26a1f1cee08b9bb1d9f8aa42d1

SHA256
5d596c4f23b65102616898f5cd3ef29164493d2a50151590bfe15ba363b5cd43

SHA512
a64c84a2a8c529ff2064720017e4a35a4c98c85f907fefed6e7f04712e0668767b4e56c865fef64ebd7fcd809717daadb8ef026b26cde7782eb6e36a7b5f9bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b1853cc4c5d1b5252bc826775aabe3ce

SHA1
1150a32a3f3840e425ea9442bdb0f739310570be

SHA256
ceb505aeec16c06c39fc0a93cfefbcf85d239674b63ded7182e66b60cc80196d

SHA512
7c6dca59c22c85d01d9133cbf607f56332feda82cf10e009e1e71ca0ec04b800927967799092c125123a72a2157b89ed4dee04ef78b971c5552e5e46a95c6c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e8895f27bc09fff7d6b1f9c18077b0b6

SHA1
86fa7e928aaf3af0cd06c3997742d0338cba3914

SHA256
12b0febda4d46ed1db50f6905057af96d6f14bb5c3204d8914cc4049c05d013a

SHA512
fe92be9b5f9e528e9c5746c8a9a4f4b3dfef3b1774fc641ce73f8ea92772ee1182434a4b2b271966d642d6f6c3b2ba41d69dd80aa1691c9aabc09ae5e5251883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6b7bd146f991f8114a5349e3d19fce64

SHA1
bea063f9d4648a9a621dd47fd4472c6c1c2edfe6

SHA256
61107b7bd8c94769bb3728c797e4a6c6413028341136459c664042b09e2da366

SHA512
c315d05b635e2640a61af446c230822f8d65162a14d407734f04b476319a752cf1803b0438a9c4de66399836a7f468464fe348f1f3768e1fe675b0fd6055a898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eb7d4f2459f94523694cb31245b7b0ef

SHA1
81ca54a441d69a62937dda91c982ebb7f399a3fb

SHA256
1c6a4a58530b4f77884a3ee1fbacd1b4b654e8f00c6cae8290d6a88b2a03974b

SHA512
3834682fd73ffcaf2c92aa8574786c40e1fb6ddb846c01025388ab964e5c1610d926cd162801eae9522cfbfb10854b3e7217ccd3352332f6b67cb829144d5926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bc527056dead4d2275d0b1555e9416e6

SHA1
f717b1c941de71e07552d2ddb0a82d442c36c9d9

SHA256
da497a7042cc8d97c4df5feab932eecb718ad3de3dbc9b80ba74bce689358cc0

SHA512
200acf13eb17e3a7f0f449ca0d4a39fab655df7bea7e8191e28d9c322fb347f5fa440242deb0add1d825db2cd4c54f139c0208cdf541185a5581c7beb71c5ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
05cdea0f1e3250605fb62dc348ca7570

SHA1
7f4abf2178118e1891d2d9c2d153555b5df159ee

SHA256
ec83b86933ebad16c0092ffd1afe5b37de46e949ddbef9dfe0d2bf0088667a8e

SHA512
3141a36f19032320a584d02ebd8c47139de58d27fd8c82c4c1080d02bd981b2bcc30763c59ecd4a22af50bb6fa45a4917b988a4eee05fe36a8ddced3ff77da1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e8c6d7234ca3825ab362dcb8b6f05a2c

SHA1
be7f3733082b57e0e6372f21c3ded9c2f5dce1e7

SHA256
142d54fa03fda8424af8b68122df701a452f045c23a534a007c2d677ff2a1db9

SHA512
25998bdc62e9a946793d0986af586ab41ad1442c0e7352f87c780d6962dcbd72285b106e6095b2c88509aa635501e32053189626ca99067c4f2e19a121a982a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3682a075678a102b13fe9cb1c92cd002

SHA1
97449fc6205908916781a509448378190997c323

SHA256
db8f2a3688c190f32897a12a3ef38c8acd6d9bfafb25e346e6815f3e1663d2ee

SHA512
54947ce86fd686d5416adbab0e7b9b08179cb87eb42736af90f79f1dcaa9dec368a4d2e4f8303cfa01fd90095cd8a60f4e6ca03552fc26a5e70c77a9d4e9d4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
957e91dc47439f2db3fa2fe869a22b96

SHA1
f1d35c792609778de70aea3559cf09a9c8948c60

SHA256
22aed994fb7b612d218b53437371bbea54f9dbd2d790ee751a38ec4eefbb4908

SHA512
bebc3419e0c06d5b4d46f16e63f4ade5d120a3b5709543c50fbf6ccbef5f65ab968758c2d39558bd08da7781464e283cee092f71e34bf778a8cb7052f531e30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fdeeb102bea719e82226c9f8b9aa6a6b

SHA1
640180055cec98f319ab68f99e0dd17caa5d7ab3

SHA256
3fbb1f8850640eb7095364a4375361826e7e1fbcc5fe1b49effb647928461ba5

SHA512
ac8b2681b6d7b144d8d2b36e323451441a3e0bbfa9a6a984ae90a8aeb1308ee6155fabf104862e7d76b3f9da86f9e2f02cd4c4a1db8e8dbcda0efa0780c6b7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
32dff89463769005a3599b9119840144

SHA1
4113640092a0516ad15ff26893d77edf5af4ace9

SHA256
47c02d31f30a5e31f6d84da148003affc724e0d0b3120aaa0ed7e5d357b1698b

SHA512
d3be46bd7504968c405fd98d5ebccc6072d088a88f40b7aa40d3e7d940487f9e29e7c57c8b4e23a690b035497e0747279a469dc46efe54a2fde3671a22817817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
54758c1e573599a98ccc1df9d0c8dfb9

SHA1
e3b4556c22b63f29b75fb00d0b847da515de2d74

SHA256
efc40da01d65c663c67968ba583934435fa6a295cf6744e544bea831b42f6a10

SHA512
1a94c17f2762042a01ba0a2401db8e543a0e80047001d8111b6ba52da9f20428984aef600c8ada3e35ff3d0ede2eeec07bf6cee0c87ccddc55acb81e3bdb8bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3646746cedffa48fce68e009e48767e6

SHA1
709ce5bbf6cd9174e7e50a8e1ffec264e3afd31c

SHA256
befdf70b805cb5c60842c9a7a344a01a7453e06e485401931dd24ffb8a12e84c

SHA512
463231e548f2dab6c326ab1874b2b4ba52e27e74964949fcf3c022ce4f766811ac822bbb4a186dd4ee5b6b68c759fbaa81541f710c4b5e669c6fbfa188e3e89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6d7c022cad3f3bc668f310b8fd4eeaa9

SHA1
c0a1a842eb8062b01db2fc3701a2755423bde8be

SHA256
58bbb3e41dd666f9a1e7154427f17ec96e627242dba8fbac312745c2df93470e

SHA512
cf2f204106b26a0a209eddb3f4484053bda5b9e851656cb7af9bdf6ced21d7b9e5c831c2a955072fb140db8bd46dc9fc9e85a01f8b22dd30a9b7b3ebd2d7405d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
584ca51c2e4ef13a3f2c224f92b6dd09

SHA1
4b7986717e24d4a2e33d1bbe561001afbd9c3ff1

SHA256
03046502f7fb1eaf1cb3bc9d8ca9d490b7f7215ddf8aeb6902b6a4b76e69732b

SHA512
64f7858f4914377c68bbcf5bd54b81ed5e80c9bff3898ea244171627ad673d400762ada71109ecf5c304230929d178c58a4688076ad78c8d405104b87e77b60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a3c176a97ae04533f62c25702e67af61

SHA1
5e733ddb249c39d6fef9d1f838b88ac007cb9622

SHA256
70c924297a3a68f540a1eed0fcb498603e12e40e5d94537af85cd0b72b459bb7

SHA512
e00e0a7245bbab6c3cb02f44ebadc69bb3a33f4374d67a0ed79c6505c8b8fdcc0ead2aeb6b2d3d3d2b4d36809d40f963e3346bad389dc9a3ce1189706fd0a219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
658b0851e374aa37028ad630b7890048

SHA1
9d3d1024c8d7a90d0b6755c7f95d8dc37d26414d

SHA256
35fb372e3e324475882e68b4f4d92b1c424524b60d1b430c1113b50d3a617177

SHA512
be9455542115ed5f34e0545ea0cffe3a0f06725ba6198bfaffcf5c986f2c442a3ea18b9b1868221e6adbf0ba3bfafcd66dfbd246b22b4c923d9e66349f13f9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bfd05718bdfab2335c8c0768f3b9dae8

SHA1
cf6405e415ee000ceff4122156938122c28b104d

SHA256
21e330f868a15c933b09570ffde15651063446cb3c92dddc0e21eabb36dc5d5c

SHA512
f6fd0caa67bf129933823d71b6374ef5fae744de909f33934c0c9a2d6abfac3c511e4de821212a4e02616437675adb10a3d635a8d680f7c206f7e5c59d6c74df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ddbbb8d46c6307b08eab1215ff87ece2

SHA1
d21727e4bb9d71c92fae474cf194620f120671da

SHA256
ef300e68fb6fa37e86418c1e042929dfd9903c9e2c1ab60cf55b8e7a2d970aec

SHA512
3b5b3bfc3f32ad83af16c5cba72c37e693956d56e09ea7dff3ba78dd91a5f03862e9c0fb336a9fba892f2a18cdabbd85f6a3060a33024ab3a66581f60c16822a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02dd2690363ea17168e4fa978a221a15

SHA1
e79044bc1f1fa8781ee79268c33c80051dee9c22

SHA256
a7608387a249078a4f53f3be367960519bbc3d6b44a1492d97c2b251c62876c7

SHA512
fffbca382fdecb83a236e57869ae175585600cbd1642e7633df477787bb707ec6201305df0e66da96d4a01d5f57440bbcf5ace71b863e26f6fb99df9dbfc55e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e983c1836c75aee820b8e8b9391bba83

SHA1
325f7ea28ebcb707b05f39d9d6ae60740c419751

SHA256
b09f782c228e0387c63520fe5befa2416ac02a072a9512c7c73d90dfcfb73cda

SHA512
1bc4fd19f0c87f5c83864899960b537a049d3a3d040353c23403f0564a2d7f2dafc6c0896bf9e0bed768f443feb19306f3b4dd2dcd7149914abb9557299741a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed659b1d7a51e558246bd24f62fff931

SHA1
84685d6f04379c290e4261ff04e9e1879d54d42c

SHA256
23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

SHA512
1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ec09c7cbd7cb0b8a777b3a9e2a1892e

SHA1
3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

SHA256
a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

SHA512
5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
517bc3ed8ea18620691afb08f5580be8

SHA1
a20380076854631932e0cb9f055cd06f7c6ca944

SHA256
075b479e85100c53316172947840bd75613076e1d0ce6a9dcbc9f7f32c53765b

SHA512
6e89a0ecd010eb31abf6f7c261ae1dcc801ffa37a2c67346f9c8ae29f65724b7d4d5a55ce8cbb18e9d1392306d3537444e5188137d7745fd5522a8ed62e33253

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
11cb4d508a5b5801d30e67859bb176af

SHA1
90440ed3deb13b697eec415205b4a1eb4479fc57

SHA256
30d9c7df0446f0b271b3f9c8c6107bc5a6f1a4ca5a4305d05562f419b74b68e7

SHA512
6f79840d0b2016aeade76180698643992837888f7bc21ecff5928ebe884b34bc340f2436bcf546da49c5f2d44ccca749e2618a8ccfedf7d493685637dfed20e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
94f7289cfda86999ec2faced46edbaa0

SHA1
8a6f25cf6ace8471a381d27b58cde082e7a53a3c

SHA256
9159d02fafe5619bc40f327818191ea7af67f54a6bfdeab873254c5d962fbfb4

SHA512
2cdf61798ec5b1de93e1de362b1bc429246f8a82232ee0fcdc68b21c08d2c28b4100f8c0f751eae765951130d2ab9d18cee6dcc7ad6efaf346dcf82a2fc9d111

Download Submit