hxxps://drive[.]google[.]com/drive/folders/1BB0SgpYanQ-XWQ4SD2ZHdV5re8kC-ezn?usp=sharing

Analysis

max time kernel
1727s
max time network
1729s
platform
windows11-21h2_x64
resource
win11-20241007-de
resource tags

arch:x64arch:x86image:win11-20241007-delocale:de-deos:windows11-21h2-x64systemwindows
submitted
12-12-2024 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1BB0SgpYanQ-XWQ4SD2ZHdV5re8kC-ezn?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1228	msedge.exe
1228	msedge.exe
4708	msedge.exe
4708	msedge.exe
4936	identity_helper.exe
4936	identity_helper.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 3964	1228	msedge.exe	77
PID 1228 wrote to memory of 3964	1228	msedge.exe	77
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 2268	1228	msedge.exe	78
PID 1228 wrote to memory of 1808	1228	msedge.exe	79
PID 1228 wrote to memory of 1808	1228	msedge.exe	79
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80
PID 1228 wrote to memory of 2696	1228	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1BB0SgpYanQ-XWQ4SD2ZHdV5re8kC-ezn?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe14703cb8,0x7ffe14703cc8,0x7ffe14703cd8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2001224320701634925,1356280831146432552,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
07d6ff500be3a5f25a52b902e9f8708e

SHA1
064de54f37bb379aa7a43c333f70d532a73c4553

SHA256
cc259f7a942d34bc21b879ba884f0fd6c9d29e7e513049dba553d5d48ba1d54d

SHA512
2d9a522b58467a62e5a746bfbfb78548f78efe9e03b70b8d7f6636483964e8aed7ac32723c4ebbfeebec8abf1d95c079f97d11a14a2c095edb5a7ed4fad0fd4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
35c9d6b2404b4b17ff87fe99465b7fba

SHA1
0f1ae09e2880922397e72cf892591464c4cdb896

SHA256
4ef832fa530e199251365edec7aa82ae50e6283dab524c084bc4f0096fd21130

SHA512
a3358ccb150bf91e7bb07982a21549c3d0952e9fb1138f7e68a06504cb42b05c2b0637ad2cf5adbbbe29a253d6893d30dd0d24d611d59242e8ad054b36459b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b99762ccea3bd3d5e6d05143250e0505

SHA1
ca487ef190480335975f53383d04226bf799ace7

SHA256
1fbe32991f046565295e8b0417560c773df74d035f813982ec5de060744d7eab

SHA512
15a6797287c9d7fd57b74e9b6aa290480106e34a7a833cab4636f282fe94ee4d32438fb44fcd9e96302d7ed7c34cf9f9e3e85f584276c29382385758d61cfaea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
63e2ca33319784a64e9ac38013714dc9

SHA1
6cb461d1dc28f443ac2c62ab47bc315f95e86741

SHA256
a30ba0304a655dffa94a56777eda6cf81914d871bbf6ee3897879a848a2cef57

SHA512
ee4a4b0199d645d6b9a174920c6a904cab07807f358865d2925d86e7109c610d05dfdd7eccca943ac3d571586caa571c55a67efb7af1667ea5787fd42ddb42ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
706e4c996d6ca23b4cd0fd1c8e8df455

SHA1
fa391a80c2d3a796ec245ee895192a30ee0eefc3

SHA256
9d3ff4bb4bc77e329acb9e5b0c5ebeb38591bbf229d0cab47cb822922a3b7726

SHA512
1736c210f307747e88744f7728fe52e088a89a47f27c3f0c99f9c74b513ac456a0de7729e3830c872255ae37b41140f60904b1b84869319356c72638a17c03f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
630edebc00f269dd3e9a9922a369ae35

SHA1
ddbcc3d81fb5db0b3b03077b69c964def918a8c3

SHA256
dbd4c62047dd3895bb79586f54b8fdfe7599bd17eef3075298107ac4eb70e6ba

SHA512
29faacdaa630180c3399653ffcea25f30b55021a376679627778d0ce24d35c7fa898b7f60c856f30180205577f3cb24dce4c855cd0e49b856c8fc5729c5e8f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d293f5e5c2e983ece6cc1bcbe650d443

SHA1
3f630ea4052e2b5c1684a1718c81c03757784713

SHA256
1862de979267db008a60a6d39ee1a1a3098fef3dfe98634c202c589db13bcff0

SHA512
bd5c4c630b820f95d7010002072da42f0f7cbe3ac0af07acbe0c1653d6c1f7b541ebc140eded438bf89e7094fe9459e27a5108a526908b9d7606e5b3da2bc27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8329b2c1951485d93304744f0b747a11

SHA1
5963478e67528c5ce0bf6dc2be4e3a09179ae997

SHA256
17aa6437b50acdd31eb1cd6d526bb844294d021be327bbb6b7dd135e39ed7a54

SHA512
14ade6e7439644452ea8f865c46fc50a8825d50d728aae98f4115cd0b0e6efffc3a23c40e7a205704a6a9c63a6b4ec0d8aba3e2340cf9ee56d05178378972ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f77ea8842d43ed7f1e38a59c086c6ebe

SHA1
aa62f130e975eb0af0e378f74345c01842fa116c

SHA256
0867fda21bbbfe25364b410672951d0371bc641b2d8fb127bcad31eb9edb1643

SHA512
aadc9cbb24589ba6fc90c401e653200f3698b3cff55199973cc19b4ed46aeccf20cb1a10e374d84a06b6ac54cd3e38fae09a8a8fe25a6cc0c99885b30fc7cc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f9219d8ffd7a542691b3ea04bb069038

SHA1
f74052e53d319c916f08bc6976f0372ffb9254a1

SHA256
22fd73964d4b82e18dea4d5e842f881e193a4fe2d6dedf247af261e8148b4c53

SHA512
b842e06a181378c550bf904923fc7d5a78cc91fe627711169a876325dac619b5fa594ef2f0fa327fe4299601ddd31e2699c59ea12c9dc0481bab7da014bd60aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
108780be554b30ab94f910c2655c1744

SHA1
c8455d6fc6f791eebb823a21cf7173999effc181

SHA256
51212cbf1d3c78e247d8729d599274a36ae1ecb52879d11fdf9251b099d6aa69

SHA512
fa84ccfed009043b18eef8805b44166639d049972b2ca50a377635cbaf29202915a18cc3a06671d2175da68ef4515b15b49d71fffad82fe9fa394af827bc1323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
de6793bb6b30ba6747431cd096699f00

SHA1
d272036955c4ede9652cc151c517d87a56e00aff

SHA256
f40689745ab9e8a76e0a742e5afe99f0ca5a0b46db7e7f52d41b7147762bee32

SHA512
5b48f7db2530eb0b91c3d2a4d7e5862a7fc2126925b0672ecaecb9101ce4f9fe05e7464c5753f0c2b0871e21edf3cad088822ef0fc5f08a858e198061920d43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a7efb635d6d6c8e1afde2f08d38cdcad

SHA1
dea2e62b25a0f6e2fa3c07de72ded5fa3644c227

SHA256
1614d36d4d4caad63d56e7c1af698db26eebedbc1ab0a4c6bdc10b322e41d0c6

SHA512
66640daf837b4bb4093ca98415087d9b8fc604fadc72d32ac453f441bf95f7b1074994aa9429f886af4cd14e4bf5659307bba23f36e09798fcd74a61d8fe865a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8d8c84c03b8e1a3f8d42add892fb6c12

SHA1
968752d4c225c5893dda98ebd604ad234b548dbc

SHA256
9dcd8b60d076790f1c1d7edc7851b051e63afd607599df88dcd6c100cba3fcae

SHA512
49c111fec65c20dce37f2c5f08af101106ab1c73667b0480bc830b293859aa1b98e4f089429ecbde8429eee8a8fa04ef55b7034f8389775a396674eaab150697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
43d2c4b567737424f93df56b425563a3

SHA1
b1162ab3bc3e6c226d3e0d945a501eaaf006b49e

SHA256
558d79d59a867d43f98595acdae06e93d3e26d98ac92966197a2526121a4fc22

SHA512
2d1bbe6894d34bd621f9d4048eb539e48fb775626f0d97c4299068708fc47dbb1acee282656205e501bda505c626b54d6be2fec5ff002a827575d7eef30a4bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5e1040dadf04641249a9196445867290

SHA1
d191105e9c8b872ed2cb099521328d01fdef80bd

SHA256
90d202c0cbd478e9443d9dc32f01a21f41dd1ba6eca079f66916fa88c4b97130

SHA512
377154885dd682c4eb697cfb982af54d96355f08df65a79d741bf40456880be3990087b73c809cfed7e0726640f047bbd5c90d45f5fc251b8a191ecc4fd8f145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
90122dfdf3a8463b2ccf95c408eb6010

SHA1
61bc7bacd744d3706befa89769254049da16fe64

SHA256
63ecd1f6fa2dafd25b697485e2459350b592a9ffa83fd4262fc9c9b2482e4e78

SHA512
f9453789a8361fcfe1def4d75443a3520069dd1803a1b67304694d9eb3215357386a71ce6c880e0b0b6901068499477df16ee494a6d9d4a64e92e933dcd6c46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71d0d7c76b7e4d1ed7ec244a98a6fde2

SHA1
38074068ff5bb2ac3970d238ce6ebdac682e5efb

SHA256
e081c8563f3519f3be8f3d16e206a011b94f1b45510f56ec1ab4320be342d3e9

SHA512
109a7c719ee7bc10a2d9b63bef0cb83410438958632598e8ae5c5216225dd915a21ee55ff5bd912237c78550e4f7d9cf943bdfb3502ca5189b87739bc9327d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be43a198a0eb2662e5e112b8e9afccc9

SHA1
538556d70333f494e2d91f337ff30474133c90a9

SHA256
95b6484e7cb3cc0cb4a64b2448e903578d1905f9c837fd2472060c315c84b606

SHA512
66db7d2fb12e476a08b8e7765e21ed58463447a0916aef1b98a8d4410b161be8a596deb6b25ba06efa1136ca6868978deba18c78db784e98a8dd2fea81125dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ec971ed780a142a6047d2c62e361e9e2

SHA1
6908fdf5541f3f59ca570b58edc98c71f72594d6

SHA256
368f492793d5292e9987b2507873619c4f8bbec5d6024c2919e7255491aa8449

SHA512
b5a00d6c2c7f2cfac2da361afa3537bdbde70cfb48ec31de6cd562b2c9751bc10cc12e7ac38c7d778db3da28c18f58436843fb06b93c8476d26ffadcca2ca25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c9e3.TMP

Filesize
874B

MD5
82de963f5c0765ec49bfdc28392b6cfb

SHA1
6625dcdd542e324561b5172d5acfa015dd82af26

SHA256
627aa34f14e8a65c810ef00fc2327755f855d4bc3dce6e9e1791779ed9fcfd94

SHA512
923d0d681449bfa100fc9d3de65d60283f7c4711ce8e30e76f234b76c1ef16b8bbaa7800e335cf9c4f220e735d5de4b79105af55eed218093ea431b8b5202364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10408bea9cb29e8fc48f5cc543d52756

SHA1
f72fd4c9c5705ac6c039e400f3e3fea413f7badb

SHA256
b02e1607edaa690ea41c9d4bcfa36ba0649d623b8f5feec134e83c013e29251a

SHA512
a126cb6689336acd4180223227334ed57eec0a5b70488e952eff11b55fc2aee90e8349984edba0af674b78c8506d48a6b05cd746642e345193d2515fa87da3ad

Download Submit