hxxps://drive[.]google[.]com/drive/folders/10dDBfKSONOt4cuUUzw_Yuh7se86QCciT?usp=sharing

Analysis

max time kernel
1727s
max time network
1729s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/10dDBfKSONOt4cuUUzw_Yuh7se86QCciT?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
2208	msedge.exe
2208	msedge.exe
1808	identity_helper.exe
1808	identity_helper.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1536	2208	msedge.exe	82
PID 2208 wrote to memory of 1536	2208	msedge.exe	82
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3276	2208	msedge.exe	83
PID 2208 wrote to memory of 3308	2208	msedge.exe	84
PID 2208 wrote to memory of 3308	2208	msedge.exe	84
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85
PID 2208 wrote to memory of 3448	2208	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/10dDBfKSONOt4cuUUzw_Yuh7se86QCciT?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3e8846f8,0x7ffa3e884708,0x7ffa3e884718
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16208130738790481462,1220254611418947841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
17040ab6908bca5c3d72d267e4490e63

SHA1
273970b123a88e602988e2643235d9ac2ef60c52

SHA256
3a93bd2eb22cb655af3c9e487bc0b89e883f1a703e1384c9b10fc686b72ba1b5

SHA512
d9d6573f557cb7a052107c151740db11abc0d9e3d8b210d858387d2f82e474aaf7b568a6d557f76cc0edbb3e953919a2eb1efe8a36e5b7f2139b1db0c8b3dba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d9dd28e413c3b36e7d02736b67d8e200

SHA1
7163cb01430bfc6a780a649f3c6384851e1a85ca

SHA256
024f3ab9991eb5c72c44bd908d603d30819d77387a5af618de5ac78c6ec2fc70

SHA512
3a229911d4933d7cbb1c1910cc45fd1ff62a10a7cf9e312c15a7ec4ad136a8a29ed9ba70681ac5be51c109dce23c567aaf19b0c7b279636161fccdce81bcfa8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2fc4f5d361ff7c6b5a2e389d637b8477

SHA1
cd753e787ad8ea54e8277f31a7f72f7744a0e531

SHA256
634ef580cf5d0c6abf33ba2072edce35a095f5cd2401691dea7ad23870722409

SHA512
8588156517ec5b7bbae5231786cc47527d29cf8248aafc0821c632dbb237385574f6d362a21ce33e209a8686d722ced17b554b7e8bb49fd20beed05dc4324e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b6b64abb83ea758039e9c1b279408f95

SHA1
777208834abe8ab7842992bb9893df480f9fdab4

SHA256
4f400bf9c309804de34c32ad8498eca299086c7414ba54433618e01917da7227

SHA512
8cbcc7bc86c262fcdc3be83324abaddcbab9f8bd218e9852db7f95e0179a6aa037c7e9152ae61c0d777f6fbc91bb0c5ac3bd10139a2cbc997910a63c643d798a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
15bf6e4565ce545efc253bf63dad4413

SHA1
29938192e78bd2bdd077ef468b457f40a319f7c1

SHA256
2e84173be6c33a3b1f589cde33b2c2ad724aa06e60c395b9fbd3e73b4966e563

SHA512
0691266d6c8d54cd091786082314135fc01520564cf69a6efa27639ea528c9e3b5cbbd65dc088f654621e19841fcd9020e19caf4ea4b2048e3d0372aef9b33dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eea41f860e192b460acc6da5f056f54f

SHA1
0fafd3f6087a7c25a0acb12f3fd3a867bded1054

SHA256
9fd4ff108fc8504737b948132be18d23004f20eab8360454bcf9d5caa90f9143

SHA512
253bea2054d5d50112352d97d60d3f9d809be92367f7eade50e9b817dcbdcf6ee1873f1f33a67ba2b1004ea48103922fb0872a521618bb55fb91c4ee1efe25d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bb107ccaf95ec07b0946b80897032bed

SHA1
9bee871dab6681f2983eaf32017e18a1872e71e8

SHA256
73d720d8d91d9e9a0e47a412d5003ded3fbad1f756db2afda48b3a57d136f58a

SHA512
ceb397f0b3b3b53fa7c51cee13e799faa276e498d6fd07afc2656ce9c0bce23ecfd3a21c0a3915a7a02708012ee9bc9ab2046bb8dbad9b3afc87e9be89453e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f12be72279912f2ca8a778fa8954e041

SHA1
5859953ef3557ce7f1f7252242c55d821cfda767

SHA256
a8e3bf112a875b463be6d0b517538525b265a0cd3ed0c3fab8e4bdcd34b0ebeb

SHA512
aa4f2100c3c6bf710d218a72f769220617089011a467f135bbaa4c6fe0e8e0b2eaa39722e5146726e8990290db0f9939072a1862d18f110cd457a7e207e5c146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a2d8a27b7acad46b1919e0e14e687c0

SHA1
00f61f9ec274b473848dd36b72605b205cfa472e

SHA256
c76c2fd5855fab251326cf61c5b39e564624ae70ca9faa36fce0bc2487c69d42

SHA512
5ca32d65466e032419da697372904c87a1d0cc4dd7cc855c413c8b1d54abe27542e6c8614642f6c68d6197f18b9a5be3892ee7e946950590438181be3e5ae26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ab1221f51efffaf3bca4fcbbd7e92999

SHA1
340e6a1ec63f5a8bca00744502275d1a313e1b8a

SHA256
9ac0ae8558b794e7e564bc4e3cedcfce706588358618b57743a69916193f5b6c

SHA512
d3133157709155c1e27de1c27f4229b70c021065e7df1344b4a5810fe50308b2e47ea892b24694cadce89c34212906c8bf77e2e73bafd5c634f47cd74f6f9afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b9f14cce6f3d49ecccab25070a0310f1

SHA1
aa6d2fcb8d0f61a0a903220f1789e4c73af1cadd

SHA256
e599f69eec180aadd94074c77e89e055bcafa648bd3a56590edea7a1da4e07ba

SHA512
37799b889873444d497d3d175caaaf316b50bfabccbe492aeb0f74901815f9f3c39ba6177661f1f0f95486fbc57630e7bc4e51854d4e427965afcf9c5121b77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
efd260615bf4c4fd7da14caa2edc0218

SHA1
173ca3c02b112003abbfda841d60db1f7afccddb

SHA256
17567a09c51404d0dbc62556cb0be7a7abd10b5ae24846c6cdaf7d5f6181b69e

SHA512
db64f303b0a1c6aebd7c2786fa802dc072e6cc8cc124a0ff28223994fb37403c0b30d3f9cff29ad15740ec57cb98976f7ce4f0c8d1325dc09b48f7323073a67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70e2a82f0d533264a86270c43cee1bbf

SHA1
f454357ebfaeeb4eaf50d08d838262fce6ce56a4

SHA256
fb2956ed4ae6eadced7b7043ccc5933761afb764bf519c4c3d084183dcf93ad6

SHA512
ba6263bf7339a917cc78a6e03800cc068724c2612cdc1f9acb9a3472d8c71bae4b2360af86aacceab0e95926a63aeb0f900aa86f0712263b942e5dd004127836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fb96f2f45392d07c7706b77d4848f7c1

SHA1
be3db17ab09bef3f83b657b3d99569b8706d9f05

SHA256
13733a81582dfc5cae590b1bf009ee64cac2467f247a5ad6ccd1b146b5c8b715

SHA512
c7f698a82bcddc0659964f073d878d925215a3eed0d2e1cb5bf234244974cfb5e13f6ac7228a7a3221665361a142735857c7a536e48cbc6f7d35c113234657fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
395f1eb4dd79bbab953384c8c6bbffde

SHA1
d1126d21dcbbf53c609427da906002cff446a5b8

SHA256
7c73c2dbd563504ad1099a0af1a1d14a48070610cd260b49f1be568c12181648

SHA512
e5652d532b30ab004ee7405e02c0753c2d6afc5867522a26cb019302ee72bf73b44d34a1ff548ccca5d9bd259399046abab3a97bfa046ec86ded96b1c1e302de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e150c8aa9f8600e5a525b1c47653ff48

SHA1
8befee533f896be5f78cfbd3894e52c4a927545e

SHA256
919ce1b9330326729aabea8b241daec2e80f2b8cad9e41ab148c452c4040f2b6

SHA512
dc969225464df3eab544e593a57428a8e2ffefd557d6db6e8d1c27029ca48d208f59e5d21eaac6f59b83cefd8bbd1f158b45e071d5c3440035890522969b393e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6aacbfc97db2c879699e2edde395ed54

SHA1
b823ee714ae4cf3720fc1f181e5a5a6b6a804460

SHA256
fd24a345064fdc446e4f94e1b9f3d32c7e4decd10c723370a6de4f33679a7485

SHA512
dec070b7f184f9ff8cf70d90cfc09429dd4475b00de5d7cada6a319f5bf8629e1afe57169a556cf43efe6ef4eb3acf6592857b98cbc691f75c1d552e3b472923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
996fb7b0b32a2b9b4eb62a7bbffbc283

SHA1
b698bf0724bd96113cbbdd296c3df4a8bda7620e

SHA256
43f14fd15826109e664bd57dc80d1b39e7ea67f8a52df568b42055cf2f49c212

SHA512
83d25b5ef8183cdfaacc28a5ca5a23d976805bfe5ee612e43f18042f618960a2d822f4996551955d8cb5e20ee9b2af1b783372698bbd4808945cc1528de0c4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
013f8129f63dce16e800d48afb86ca01

SHA1
8b9780bb2996b013018c39c9660d8b7147f080a2

SHA256
f769cdc1e43840dc3cb67ecd33a2e7b7c664c5d8bf8b928c17dbf735a79a95c3

SHA512
79d61a6b23d91f2965431891354bc330c792ed4cc98f34b5fc04718549fff7deb048d215878a18dbf311df45d00d281177a20529e7544484ec65f3ee192615fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ae8495deb6d6a4dba2d1cbfb23e60d5

SHA1
2b59714fdfde60dad240fe3f347cd5509faf70e0

SHA256
e71468fc33e66d4a91cae3d9de1643afbf30b9ac925c7d1d98b099dbe5eeed54

SHA512
a5a6131abd97ee71c2686ca7cecd8b75dd0e8ee3cbd14aa959a3a1d713438c5b26e480e66af818752ba6edc353af796902f3f3f5932c14285c4a4e17ad57350c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
571e5e8c145c51bc82872ba179130c9e

SHA1
c8670b13c57a136f46a9301dbd7482fdc122522f

SHA256
cd6b8063dd960adff97cff77b76c9616141bcb767ece8b0b43b00e2df7e2dcd9

SHA512
6d749add26ac431782fbcd484e6fdc1ce442327239ca85a286f17056f4fceda0c75f7c0e3adac1710ad7aa757ae4ad8ab77b7667f958e5c9ac944c6f8cd708f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b88d.TMP

Filesize
1KB

MD5
49163cfe3f833a3213ddecd9f3763e2f

SHA1
aae69019a71913eea75b0eb93aaa6d980b56e34f

SHA256
35b856a09dd1bd971ee2fa453cf1cfd8c196d810166cc27e75dbca9159a8daaf

SHA512
79b11bead26388577c65f6ea85e2a1796629bfbfe625b611013e72bc4c301c89d2f26496857c528f95af8731d05899e9481f084263a3ef671880b697f67fdecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4789870228f551811dc67e88277dba4

SHA1
4f6f4ee27b68b4f0e8f4c69139785009d3a56b22

SHA256
b99e9a660112906823d7459ca0a42a71afea836ea7d5738a3f26b0dc19f121e8

SHA512
4471d23e1ff8e62e69b17c78451562ffb493f775aa4784d10a03760babfbb786ab3f58172f5f883c81cb3862ebed2a82c24ce21e9ed2dd2a0084c047cc0bde7a

Download Submit