hxxps://drive[.]google[.]com/drive/folders/1BB0SgpYanQ-XWQ4SD2ZHdV5re8kC-ezn?usp=sharing

Analysis

max time kernel
1728s
max time network
1730s
platform
windows10-2004_x64
resource
win10v2004-20241007-de
resource tags

arch:x64arch:x86image:win10v2004-20241007-delocale:de-deos:windows10-2004-x64systemwindows
submitted
12-12-2024 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1BB0SgpYanQ-XWQ4SD2ZHdV5re8kC-ezn?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
2984	msedge.exe
2984	msedge.exe
3480	identity_helper.exe
3480	identity_helper.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 1060	2984	msedge.exe	85
PID 2984 wrote to memory of 1060	2984	msedge.exe	85
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 4564	2984	msedge.exe	86
PID 2984 wrote to memory of 3972	2984	msedge.exe	87
PID 2984 wrote to memory of 3972	2984	msedge.exe	87
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88
PID 2984 wrote to memory of 756	2984	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1BB0SgpYanQ-XWQ4SD2ZHdV5re8kC-ezn?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffa3ac546f8,0x7ffa3ac54708,0x7ffa3ac54718
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13991950587491260157,4204980742523621053,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b1497476f166ba711ecf21616ad1036

SHA1
93b0d35f79b4b8e5aaa89942fffea1c151a6a3bb

SHA256
51b119f4a7010b4981dfb74cebcecd7797511e6770982f809e63dbf98220629a

SHA512
1675d5b211dec0e9d1868c6ba6980260888e6344b190374be259b070ac9c04e75ffb09b12091f70af0808f74dc0b1385dc6587bb1f43496d26b1740496b55e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0990f1be3c156d87878dd02b46d20fac

SHA1
4748788b437720e7e599399d8418424f646bc459

SHA256
5b1ea36b6ff707e4cbcf83edbf90a9b3959267edb80652fa5a180720e0865805

SHA512
d0c51d1e6c52ef3c25d5c3eb9eb804ef8e9de5a1739b4f459c7f111bdf81d9eb8e6e2d406fca116c5f624ab37a07ae41150698d67638485cfb65a13adfded9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
217KB

MD5
ebe7baa8eff0fa83ea5af423d0ef1ddb

SHA1
f99bf863dd806440a2d7160e192f52d6426cb800

SHA256
12296b0797c20d300defd101403871f0de9e80f542b913b7ffb3e55d5454211e

SHA512
041cb913f2bee5fbd49b2a8816ad6d23eb692ef42923cdb36c53edddd8113416ddc517c1272b601967666f46be440518ac7a5efc2aacc3c8cbd5c23a924561f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
230c786bafaf48f761030b28eea1a583

SHA1
c233fc3587511bd0f39d5f4fc5a8a4f90b84e19a

SHA256
46f7684d23bb73734c670ed3415447234a4609354d433a943b4b8ed32ce3cadb

SHA512
c09793a0b3f8ac0c363b6700e889ea2e1934abd200f83dce7f28e2c046f060626d536cd509b4c22e97fe6eb819d8b59ad66179a2aa4a63a1504bace2576199c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1e0744389ca2f0d5aaa3517183c71c8a

SHA1
69a8b38ba1d1665b1638d177a8500eaf0eaea05a

SHA256
147673063cfacd4860b660d1ef591131501d8423bb6d728b88e04115c5759c1c

SHA512
49b22a097fa2528283ed463d27bcaf13dfd6a21b25258eb270a85338f3d8c868ec1aac23c78135367a51845fe93e9ae778017325f365c2acc9938501c02fe462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3bbafc02cd29048e37f95a5f9deecaa7

SHA1
84476206d51faec0318feb0e58b50435ba4848c2

SHA256
b46c0e32f6387596f2355986f29dbed9b1b0812282d27cb492f8ef0be5d8905f

SHA512
8f715e27ceba14cd2890631500c7059dd0a6f52890195b3850f0ee6b1f64f00aaa7a9b93617fdba12d6dac8a4292495f7c6477d363c1b1022535782bf6326d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4e37f19c9e5437ad839e68659e256471

SHA1
cfa147053f1953f8bcd7e5b6f88df99e9afc1911

SHA256
633f9af42f52072e3907b0291f049eb8dcc7fa667eafda9503920c0a4aaa152a

SHA512
192c11bb052d46b722404553de584f955abac8b04b52138678c559f32e425b4f48817cf9020b0079298ea44e6ba5f9c241ccbe44328c70624e1a28f0948cfa9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
746be377e29630fe37d7f088dbfa5135

SHA1
1ce653824ad47be167ddc91536570eb1debd8761

SHA256
934a3758463ecf398b615706d36d41777a8d3d196d159164085718dd066dd67f

SHA512
6d36382e74786447471fb44df1671c4b78ca02f78d39cd2b2868f6cafe7143f942c19ff2265544d9b93b1f21900126125ec6e75006a7d68248fb50e54da50aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
860ba09af67cfc4184bc3f03fbd0d62f

SHA1
136a30dc8d6bb1bb9f64b54a166ba6a7cf28c064

SHA256
f7256876780f4fe69bcd6c1a9a4a3124883676f91c6d76ea6272ec6036afd531

SHA512
c4423d22f17959e7b570099878eab45a07d5aeeb492e6181f98ef2b6c0dae892dc11b9afee1577e6bdada3edbfdc68d3c80b3bc0ff0a8d2c708a74a2c14115aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ae1f6132847cb89b9c3221fbf68d65e2

SHA1
1c7f10e7a1ca0531dc9ff6e194e78aa729277456

SHA256
7b7dfabd29bc779449c04a710099fd2d4688ed0843ba2a7b2c45859046766897

SHA512
a50f82ce38f744f4b75af50b83030f516e3b4f408c0a97d1bb6d94073393b3c6b6532be9923846b02665e2966d093b51faa0a281c30ed983a6625875f6f555cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cb21bcad64d3d83b32eb4856c0a63181

SHA1
dac54f2aebb18b4decb0a11fedb1539f03d1d75c

SHA256
c3a7ee6b5f477a59c75124c2c34beb7ef7d4fa92f6f6f4f8c5a9b035358414a5

SHA512
21262db2bef809175320c9f637b4683891339835ea1ef1aee063dfa1fb86241807fb5d4b57dd0ddd9b0dc43b824f659183c4fcc0c7067e4e59316c59958bceb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
96c4f3f59449abe92e3b4a73e1147fe5

SHA1
352736a0ccd318cbd5e06468c4551ca333d8390d

SHA256
fa1a3b59159ac8d931144ce4fcfba2c35b1d8fbd0898395b7dea7a9b55ed6a97

SHA512
d2de88e22ad6869ad653134936930db7d9195e20af07f4728734d98aabaf96729257ab0bf43b5fd2b8604903d53d50bda011ed40b28490388b92a0c15abaa9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
61e16cd6f63d275a055acb96d071baa4

SHA1
75b03c0292b9799e8d076f3343ea0d3d897cf7d6

SHA256
abc3d7e5fd60bb8bd16582fe876a810eaf9755562190c6fe40bb6b8fcd9c6511

SHA512
3cd1a115f516d5cd49f81cf0f3e75f383cdeeed0b646130aa7b0e94ee0c4d9d6276390881bdbefd9bd722722d060057ae1c1643f4d5936d52aab9f2c854c448d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
db673645bae6ed7540609c24a4914efa

SHA1
5260ab5c8f4c6d97ebacd89e50b4a935a75ed6e2

SHA256
2afbc0b4abaf89b7775e1bbf2da169e5fb68fa821a480eb3f4bcbb12e3c860c0

SHA512
45786ed47fdbd2749976805a26c3127af94f10c22646926834edb50cf360d1aa33f1584e2c869540d828953eb18908bcfffba9e3b9e933115dec35725dde2853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc4b481124b138639198bcf064ae9f53

SHA1
b74af6ad31d933091eab937a2681409addee3962

SHA256
0ee7f878fb21ceffebf52bac49f584efcd71434e9d4515306876ddc885f8d4fa

SHA512
fad11d8e7806586f843fec59a4e1fdebfdcb380f38083af3abac62c6507940ce84fa7044a28d6460ee37d8ce42c94a7527bcbdcd59859256d0b8fa53ca430212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a99485d39110c180200ed7da4babdff0

SHA1
a12372fdc0c8017becb3c4106fdb98f7e4196ebe

SHA256
6c3f42d668317bddb7300d07633ebe2fe8087e52e599006cfed70a5a0cb4af61

SHA512
a03034596d59931e98eb86da0309c0698090a29c08cb58da9bd0bf71b9b219b7a6b059c4a17221a354df9aea360fae848595aecb37734c51c4a6dd5a38660dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c5a741892276217a28da40672838dbde

SHA1
7ce0670601eeb61e4a64c5b9277cda44bab60726

SHA256
4fafa943806c89bed69aacfbc12c2bb24772ac1cabc26bffbaef5902890de8de

SHA512
f7a78d4abc4476a2e4b691c4c3a52032386d71f8e31252362903b78b6ffb159524d6473c33a95f064ec4afcc23fec370f08bd7caa3c7f03a7c0169d09ac49278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
157150b6e71455aaabe6419704068297

SHA1
c23ce3928ec1599a7c6f1735f83822e2cdebb6a5

SHA256
f95f4ea231e8d4721114660f8444ac9c1023ba833e8958c0f90ef54fb30e1658

SHA512
7247ea047f4b98ebed1c4c70b4b282e661064f50051e9d73d15ba7dfee2127e613497a465325da2b4ccd11b116eda3a7886fb3cb602e54cad1f0eda12a7bb3f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cccbdbaac27ec70a16fe25946fb37751

SHA1
bb2bd7c718650724eb38406ebf3b97113d65104b

SHA256
bfbf5283f06d863e79153cc98153b25fb3f5d38297a74e7ffe0ec9758ebd1c30

SHA512
46748acd63da8e00fa98855473be88f733f4ba32db10070978406253376bafbb4b1922e20d1cd15d352bec340b4c33291ef82fc55c377ddb4b35fdf6cfd1ede5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d113bf92d2265f411bc17c310414b9a

SHA1
40e2a3a995c4811f1255f131039950595e222097

SHA256
261d43d9d04e7a6fa34c849b323320a4d543c9c2bba7af9c8930019930d144ef

SHA512
d3643cf3543d5bf450d8c2ee13dec8f131d325de0993b04450a5a7306f478451adae9d9e1bb45a0c035c35a18bc99f0016b6f72f467a2e770e7bf551cebabf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b827779e9824a25803e406be7dce48a3

SHA1
65cee10247aa70b2b3ae030caad137886a4d7f15

SHA256
a73ba88fe46b48df056a9a3dccd8f518f26f3672caa20a7c34d4a04420272f01

SHA512
6ddfec644ae4e45f2a07c2665663cb2ac5a1327fd0170a93ed019b4b203546b6d604c7924f08dca579abe607c04a7d55d13416f90945086763d846dd5d1e7c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c3b8ed3df5685c91f491a3776bdf6a3

SHA1
c401ad3de403b7ce2d7fe9707fd6797501b0c9d2

SHA256
8afa5b7681d4ae51ad5fe57cea6fa7c5bdd3da775cdcda57fb85613c59afbd05

SHA512
f84b07d8a94939c3e27e5bfd0b0653bcfd7a527ddb1ff72decc9850a33cd121049a7b468956b312f3b8ab044d3f6e045b661c033a1da0aec9924cbd1c5bb941e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d9da18553748a7dc5c566464b0548336

SHA1
d822818c3e1fc35aeae1f4e7a9bf09d54b419d61

SHA256
202353c8bec7eae0ffa43fd9f6b1c0f3d88080c5d60b462641df6bc9970a180a

SHA512
c492d453f0a8dfd54010a26117e8320d4a05bc0a6197fe3439759b6f35c9de6db4052b5efb59b8ac3110ea1434f401274095083ced15f1313b2cd83659993414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
a2d0561180ced9a0aecabe06cf840d02

SHA1
81b62d0c77dc52ff8dfb6087954bcda59914b25b

SHA256
5ff45285c59d5133d84f1103fb35837cce3755a394da77be63a210a6c3d9949a

SHA512
fddc8d137a99be2a0f30fb1bf16d3aa1bff1adbc02ab0fefabee5212172504e9bf3d78945e4363ea0253b25c8a3736801166c2732ebbf101687bf14b01e36dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ada0.TMP

Filesize
874B

MD5
951da0e622e74011339ba403ef3e3cb4

SHA1
6a1116b1f8ec4f509ac12da6f1d6807710c4f4d9

SHA256
ed4f62e8cf865e216217523054ea8eb0a0750165fa7fbd0ad3f9cd7090b78810

SHA512
5ef7153a9de7de661b74ce8d853687b375b1eab0debf48eaf4ad6adcfbab2ba13ec3b9739b11ba21afa2abf1d48c73f9ac52ca54b4de68873649540d0b14b3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4917b2d391d8c2665b18bd6ce7ba7f95

SHA1
ae0415b6a81c91d2de0425fa2c2702d97e64ddb3

SHA256
c28de9c60a0a9845ae3de264422831de8ca968f620310ba96275729fb878c9d7

SHA512
ebc681bbac3c7352994137c62088351b4c4749dadfd10ad172f55fadbd25b62df57d6a7589b460b9a29969475e9c5a5e5d3bbaf73020268797c72f6cce632906

Download Submit