hxxps://drive[.]google[.]com/drive/u/1/folders/1iDmne6wCvkviZu8V8PUITjl3nzRb3sWe

Analysis

max time kernel
1729s
max time network
1730s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/u/1/folders/1iDmne6wCvkviZu8V8PUITjl3nzRb3sWe

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
11	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4164	msedge.exe
4164	msedge.exe
4600	identity_helper.exe
4600	identity_helper.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 4824	4164	msedge.exe	82
PID 4164 wrote to memory of 4824	4164	msedge.exe	82
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 1696	4164	msedge.exe	83
PID 4164 wrote to memory of 4948	4164	msedge.exe	84
PID 4164 wrote to memory of 4948	4164	msedge.exe	84
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85
PID 4164 wrote to memory of 3188	4164	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/u/1/folders/1iDmne6wCvkviZu8V8PUITjl3nzRb3sWe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80bd346f8,0x7ff80bd34708,0x7ff80bd34718
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3970947550489204058,4173714352341649296,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f964d510bdb1a564d23e1eaef1ee67fe

SHA1
f3b1be9a0a33fdfd0f600f57b5a724a3da6c406f

SHA256
775603856ccbe8b796b1c51d62aab6aafd3d1dd0e1a2f78cfe8cab42beffd44a

SHA512
b95586fda978525f36bf60085d2819643a58acde499c79e4740b07abd38b7da8945a70d8499e76aea154e7899b2dd41be502d017fa210ea01ec73a2152fe9d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aa85b765fa433277d52324cb1b53224d

SHA1
30cd218b2db2f396622d7b262be6bfee36a3f64a

SHA256
323c8054c19ab59d65c1546429c76a1d5b93179bd70e6661d27d87bd3ff6f31b

SHA512
b96d51193a2ef3120e4ee9a741b36f407aa101e8924dc014d1578ec5cffbba639b869c46b86ed2af514efbf9e9f6025af117a63d1ac799d80f36a9a99e188d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7191f2aa4588b5ed45c48956f7c24de9

SHA1
ab3a38bc4d4f5c3c30962f122baabcb4180d3028

SHA256
6fbad6421eb836c0d3befdcccc10be46d69b9096f1a88a1b3634fc6cb9fe6f76

SHA512
e1f47a60eb9a564131b8bdf29588343d5e486bb11734bd4f9b40619980ca7fc85d183b44db0490e7520057c8b64967bafd6e525bc11769185cfd84547b237703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
85ac092a321c8098d31031f1c2e93a5c

SHA1
1d22bcb575b69c7baa5d82177bd87b8babccbaa3

SHA256
24ba94825887c226b9469a86c40a7e824197ec9418af776334029d0e6d00221f

SHA512
5f63c5ff66a79caafa509d31187db08d32c6746c58cf2ae0e860f2479ca7dced024c96e2ed229a4215903ea42146d5594f6dbd86d7085620059dae94cc60ffa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
59e17b06f68560734be665e498554076

SHA1
8b69a7bfc00fb198c59914e6c7e434e0648c2835

SHA256
511fa54c405d5198af87bec47cd07c083c012b125bcf47e2113b7bc260c6ec98

SHA512
a8cd43177d9d42f0b64db7c2a2e6b3a3647b1f9757f452d9e6928b97335211f0251dcbabb3069d5bdc77cda1855880638c848e0628bcbfa17d40ca3dc52e041a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
398a2c41a8a9b934ef19d59574ac4a33

SHA1
84e7a3faf1c18b9b244c1bfab8b2bb2039a8fc2b

SHA256
d2032d79119585b0ed9477217eafa7bec64a23bbecadc8340c5f87b8c3cc2165

SHA512
fae1b8a140d1523036b58fc95f1d41aac5bb46b73964609740bc5f6bd999afeb328e1c7a6d51ceb0680d6fde4105a96d74421d6d997fd92c922ca9152f783b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c36a36254686846e66dea55db468009f

SHA1
52e707c30c8edbffccdf4f4838dd4778dff60205

SHA256
f85e4135b6536df77798351d1d1b94c3f68793fc913216702780602f0e634537

SHA512
15447105fc255867f6b59f46e0e661846afffb9f8624f5018c364975a6996df006b8b5d25e4998c72d499159da553db30b25d121bf5d0326c5370cbbb25a917b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0302792ce1c2a17450684515a99812d3

SHA1
49718e2411e940b09c45bafe4fb7831147324766

SHA256
18cfc8ba67ff593474cf57ecbd022688d797a8420a38498f85c8b5f2326033b9

SHA512
88dec966afac2e6303806b9235975fc53472f3d037e46940452b16642bcf6e0295e3d1b1b571a37977aa74926efe459b877542921fbdd9162ed1f4b6e4e0d9f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6b2eb9d6c7fad344e20455a44738c4f3

SHA1
6fbf730d7370983c1edc7a5c5a0ab7fa66617191

SHA256
47aaa2c04cad633419e6e27d614931ee7836a20da93e4f51acf7015ad59c0b23

SHA512
9ae15d4f88c04188e22d642d9eb027199e91f2589133dc32335dac097ad602458ccdd8e5d8aa96b2f4af994a543630922d1d4ed7153e3cd1d3c20fe9ce8d0be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
418aeb2662ca289d42522644f698f454

SHA1
ee77817687c85d99a6b3dd358060aea48d990d45

SHA256
e867e01a951cff50cfd6f03805ddd49c221cb1aaf275b3de6dc3d5516c280496

SHA512
2b832ddb45769acfe8ab0e4b4c6156bcdcde48aa3b0708dfb0d7f20f76c1f59c7c61957795fd534bfb5a46a2a914c9f38a8efd59452d04d5d4c456cd253b70f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8da680a4fa43e125bf20ca6afcfba19a

SHA1
746a87f053aa5a77a60538c56fa554c2784485f3

SHA256
0cba1b2416d4331094e5d9b8166c32a5701318434aef34fc9005b0bb09e289c0

SHA512
6006bed41f37d6710c936e7ee1b32d30ba46b804fb07aabedee199b0a67cd8c8df566cf3f613804e75ebb7e6022d88c008f52c7aa7b4c5510f01611a6695a3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
01d57ca73071a4cc7a518898be59e11e

SHA1
8c04a25b3dc467f8b5a72a13bdc1283019ef50e7

SHA256
2a7cfbc5de79735fe43af1860011c012c85c9a223758bba4708cf0a8c9d5238a

SHA512
bed3c60c7aaa07d6062449e84dc9b8ec71e9b64244e4e2180861bdfaad91a8a5c4ee8689bb5bef4e675895dca1e09a1a99be97583473c2830b6d8ef094580f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6a3a069904fccce6347138d0c9820bba

SHA1
aadbdbe72da67a5a7581f2e1497e364dd68df720

SHA256
f9504df68ff450aa29638270483fa1179bb5522cc8a2a91b141262d12decf905

SHA512
915a7529fbc53ae06c00df9ab5cc4903da3f7a97b63925a8f517cdb2db941720414b0da96eeb88fc713c852b745893fccd8d03a76bcff515a1e0627f47403417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
61e22eb16fad85590588904d812f918d

SHA1
0a62700ff7bf492269dccf14fca3a063cdefcb90

SHA256
24290391c6438ef6c4519136ba43b55e4b8a07aee6868292bc6f08d56e304f1f

SHA512
00224b87383f203516b9e7033a4b7bf8b34c71627a9ae197ee46be2b68abd6bdbf841a3478756432536d0ccdeab7cf1e34b79fcbc3b28d81c2d620a65871142e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
948547fdaf5cd03533f741d1ffabb872

SHA1
577bdaac1309cf5b07f6fd94ca1c07f4a73581ea

SHA256
829c5154b3f9d502ed0bb7326a2bb3f4b83eef1197eb7eda15ffcfb10a69447c

SHA512
974657200ea225d6a37a365d8fc485e53536c97ec894e201f607d7874038a0e523c908eb05afe09af7c8a10c72b5b3bebef0dd7e9d897a1a211f2f32937913e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7a24ab6ee4a6c7b5b69ddcfb996316ad

SHA1
4070edddb497dbe298361c71248e84c76d2f8e9b

SHA256
c83f3b1ef34c37c55bf8d53014aa7fa804a6ce593e1b6823d23564f3b3392a3f

SHA512
acec50448e7fb662c13be46ba1e11d0cce1b143fd02e7782133c6e8122d33f2fb68786f9d51252e7de8204de4e18db19f2f0912ad7c342737584f8329dd05987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6c4f729ca9d0e145af0ee6da7218d477

SHA1
c97a9640c7eb9342fe6c5de4379e269a8ab7dee2

SHA256
5f3394ba12208d7a75da4bd67b52582056a41e32c7b025a79936b5520b82da90

SHA512
d9b5c03a4f5c3ee0527d067650eff937ae3c01431f8b2fe0df2b5cf89d174d0ea7dc5188425409df5fc224e461719e4f8214817b98893fc383c399c99b481e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6096e4fbfd047a6e39d847a5e0b9e067

SHA1
194859db05332ef2334dc92c5bd31109db5a33d5

SHA256
e09fc511acd9e42dc3ee76faee3556dfcd2ebd6638f733a97a9e648048be7412

SHA512
09cc995a8f9b9e4a7e5598e56ecd8f09d04ebb2d76a1a24d46f34baf18668a63b4a4a8f7b57b99dbc286dacc796c5f076a249fb2af65a6fef1a3961efe6be713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
635c728d1b1b12496eb70e954c23d9b7

SHA1
2e1cc835a9ee003b2c15c0792a99030e64d25dc1

SHA256
b865824a1c66451efe79ee3bae276f6f2ddfe179fb14ed437196277dc62cf751

SHA512
eb7ff9f387356c54695ea87c4af6b755cb5b6702943ffc1737abe6da5ca948dcbbf825bd01a0bbdf480f6377a0c26005294249023484c1bf4c3bbff1942f4cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1905699ada53e69673d34a36f3c5ba2f

SHA1
c98f4ec7cc81fdb0e2345174d05b3f0a35d612a7

SHA256
1bff7419d46035b2677e253e8ff5d11ba4094114ed1756043e2813ae36af04d2

SHA512
a8d52d3ec1c3f724c44aab16efd50ab1cebe7299dc4f64337173d46ab8e116aab9c72bf7f7a9a5893ca6d622a88bd3bfab185ee9e5e9a6a87a6f864b19c29d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0cc60f4c506efac5562a59244a4a5d86

SHA1
5e4bf9692ffb84b4fb1ffb10346cc1cbfaba01e0

SHA256
b53472049e38e8def68a1ceac5f1e5a3e60215667b1d0b86b3fd6738ddf6c6a0

SHA512
a48b21186a34b891b4b5ae5b353ce2cf71c4744069f0e63be701b9122cfde23933c9c15b6adb07c39c509062e0fb806ff349696353a889d82f364fa4bdec8a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5892f4.TMP

Filesize
1KB

MD5
200145600b636f685a898da8e76d0acf

SHA1
a69c35256711939554b91e0eb10fe0fae4b7d47b

SHA256
630f1ca6cecac339bc76ee067d2d270880bd9d0e02f55ee1176261f4fc256eff

SHA512
6227d026ec5207f9f47452b0229abae7c1435af867bd9e81560264f0390c3a2f5092f16c0fa62d3eb7cfd2d8087c2ff598a0ea7bb74c6f606718537afd897dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab0b3097c7ee1d93e5717d9f5bc9494e

SHA1
b69c497f5daa7b741cd4305239820f8c5e5a722c

SHA256
7f06a73fae0b049489080f7b301710b10fb8e9944645fb694f250e4dfd578255

SHA512
41e23daabf7338e81149e060a498b5367ba5220771ef264a3841d7c6514d2f7b39ccc678287b7a60fc3e47e0854e8f41c408db0f29785d6e997d1b8e02551cab

Download Submit