hxxps://drive[.]google[.]com/drive/folders/16WL1bC5EbNBh6DOrmxDwC6a_6mUC3Qwq

Analysis

max time kernel
1728s
max time network
1729s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2024 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/16WL1bC5EbNBh6DOrmxDwC6a_6mUC3Qwq

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
11	drive.google.com
12	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
4104	msedge.exe
4104	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 760	4104	msedge.exe	83
PID 4104 wrote to memory of 760	4104	msedge.exe	83
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 2284	4104	msedge.exe	84
PID 4104 wrote to memory of 392	4104	msedge.exe	85
PID 4104 wrote to memory of 392	4104	msedge.exe	85
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86
PID 4104 wrote to memory of 4276	4104	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/16WL1bC5EbNBh6DOrmxDwC6a_6mUC3Qwq
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe109046f8,0x7ffe10904708,0x7ffe10904718
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,13247375781097721747,5986927579871162235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5524 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2549f36bb8624df203501f8991fcff36

SHA1
cc4afc4e8776b95f5420581665ff5319ff099f1d

SHA256
6b7945312aae2ce9a5afedd7f1a304b554fbf58a4bafbf356651a7137bb6937d

SHA512
227cecd260281b3cf02677e0339d0665b385b84b3bde7d2714f295218b93f51dfe87cc6737b545011d68d8e092b957bd7656ab3da1efc3bd673d4955ed7ecc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d6133ac9423b1980ce58cdea589a8263

SHA1
879e1db34dff425e2f29530fd35abba5a373d686

SHA256
d1b2175f7a665a364572fe7c5ca2e1816edd037b101b17653cc89a30ba0086f2

SHA512
f878e844adeb11047c208df4f5fdad0c814b6622731a7c2a432bb5d9c4f41723e6c48207a22d730dce33e9068fae74b5dd9145ab964c93083c0020d7318b7f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ffb1e86a3c21194f772ef81f4b361edc

SHA1
c74260a91476dd1e84e65817094db8e4870dd066

SHA256
78b921202159f87fcb394c2ca3288a8deca73106622d135aa83261bc77a54a9a

SHA512
6e05d80b7882ef0c81e66031e20a4f6cedd5d211ac63e630f9ca99097d27d5d60e49fa6939757cf44e4e775b42b96f244bb32705bf4d7c30316eb637c9efca92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d695d9845ae8155146d98803a6b7dd26

SHA1
3bf5467282a2ec6839f167f8801ae19089e14cb3

SHA256
39e8772037f801528154d143f53058cbe2604a7c7fe7e4c014536b06d4dc4aca

SHA512
a9025a9abca01287fb3e6cbaa023ac1a44fa83fd0e6fb0884e869621da1d5d4d0e4e6acfada63e64bbd48c31835bc0725671eb55e3301824c8528f751b7078b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
605c5eb8aa9df7a90e495850c3174eb9

SHA1
51894e347a3b71f880cc4899037065c35f849965

SHA256
636103bff187db7c4d768f5dc4fdf538a0dbdd4481d7cf220c3f13cca9aa78d8

SHA512
5424f595759602abc583e69e90a1ddb0310c4f3e392628d84a7382655b37aace56895161dccc7bc07d9c770dfe7713927b7ea4ac68e473ce13536ef93ee7f284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
194d5e815ddad3cfb2a23df8273c935e

SHA1
218fa6c81a94405c847a4ab9086766ff44299a0e

SHA256
835492d15f4aed0a912826b3060106b020520ededb8c599bb226dccc41ac051e

SHA512
045bfb7e03a047365f625f8a94475a1398f3060202aee0612ee4c4e8b2708173410757dd1e994429c294ded48667225e0da0cb59c4ee10adc04fb9d1db848036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
af173d12d0b5a3c383c6b7436dc2f309

SHA1
7b7ac99b871ea47ebe6448981f30761a099a0abe

SHA256
afcde30a6e0b67a87d37d8e89a2d34445f18f3ab4946ed1ed4563d034557a087

SHA512
fd4e99768e2f596ca1e4636f090cf7ce8ab078223b446c689c992fb4d76331b1f0eba97a4d122f2a21891665dec3600e1bc4096b98621b23423ec7f1cb8c9b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
26059d018357d9959a32ccc451f01110

SHA1
921a68a736b085bd8bb0f85a29721109e693180a

SHA256
f6a9c5a25db19fcb0805cce8124128fe6ce3b4fbfce78aac317af34953c11b6a

SHA512
ec65a6b7d0c941e5085767d1af9fc34555ebfc7143ac0647cc5489db204d4edf7e22f2d24c2aa021c5389f7c7057840c7bcafc00c2694cea979fad2a34db1ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
81a455fb2b2aad1d6912309c3caf125c

SHA1
b10c5df95f59f4bb662d9865069818dbddb5e4b8

SHA256
fa5dacb206c136a429098d678f30669778806092b599dfd95ac2db6d04c70d08

SHA512
89af4099602f827c07c0e1954f564ecf271bc14087e4e51a272cf2d0e8aee9c443c44b77475391cbd1361fdd4cabc65d5b792c4f8ba89217fd07ff990de42ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2ad92dacb8c1330e13ec9f68ae6371c5

SHA1
62d2780cdad98b401324402873a68a4cec4715fe

SHA256
b2d8642097869fe1dc037f90b409fdad9c3c4cef6b91380380fc696166baf418

SHA512
b5a2d89b540270b31dbc4729654b8d1b4609fc458b35e4a309cb6fbe2b769bbf3e56139df7f638eedb8979dc888cfb6d5b85cf1d7724f37cc2e7633c60cbaea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c34fcdaee68f64e64c0462af33b3e8fb

SHA1
fed847194d3cef7e94b55634d725c9e64fee899c

SHA256
050ec6cf3061d4828019cb3af75acab1899ace1c0354308dd9f576cb9d8d2276

SHA512
189db587e986e49528236ef8488efd32773dab475870b5afcb5dac01bb87d9af627aab25f6e5cb0a8b88c012040b2c24610ab9835e483e4406e6afd1feae86a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5b7e3402897a199f295969b5a0503575

SHA1
d86a742e2e4f4488f0a3869041cba9470b138955

SHA256
e0ebdc5af706c292c4a2beca26ff45ae995a5cccb92172d75cf4bc39d1ec59a0

SHA512
4a0d81fc28c046fdea719f7068d2b6b9cd1d8972f4c9717c5d97ca3b7c4d39cd5f22a12b48c5c97c56869252e22be5dd0f361fb6dc923ef3306c8d2c02e9835a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cd10b011e89e451520098ce801f7e84e

SHA1
fb25bf029a0ed83208fec8133d96948402b719a9

SHA256
a05fd3d530a476ac873c0404fac192b1ee2bc5f01d92668032497117cc02cba6

SHA512
8784e2a9a05684e8bb3c9e0f56a5b93b3cfeeef3555fdee85161ef10f39c52213b017aaf0bc075edab0a5169743af2dbaf04f0210b91d8d372509baeeb8e4679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3c8db3d13e32d56cd87e3bb1502da96e

SHA1
1643c55672aba9648b60050903c7f1fae9500713

SHA256
b17f1f92238961247efb6671dc96ea5beb1f0c195c37e49ca7ab7835e83feef5

SHA512
1bee13492b5be02de3578e6b999e227a04757030f7966a481cba7a08a432a2304b08adad4996277cbacf795b2c06d74c950b216dc0a5d9e0a66cf31147c41b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c3d1922b30198661b3afff7ff7e05efe

SHA1
1814459bdc1ba96396eb9a5375303414d64e027d

SHA256
dc90bb914e9c154fdad24621d6a04e3af9dd420be21a6148270b2a1b6f948bd8

SHA512
552929e3ee72f31409203479dd7a3605ebf4e48e7088a7224d4eae37b264c1c8810bd8d5c4191b02c3f8144ad8d2e3e1bf9297e9b0a1fdf2cceda9bc0ad492e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9f8e518aa508b2dd244a8296e8e082ae

SHA1
227dd083755b89f4f6dbc3a8795a7bed0ee85454

SHA256
68630b331903b4bc6475e56ce411594890a9faff8e3b0c140c5a6bfa009dd76e

SHA512
ff9ac0775a3d6f5f25f3744d64a66b5a8a76d17705765b3ebfc354fe596d2172db3e6718ac1a09fa751ad8b20b98972f7ecbdcbfeadc4e8e5c9dce7b1b68e4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9b3d40cc748e4db2b741f0a8c98e3312

SHA1
7b858449a0706d96322d1a3178fdcc854bb3fa5b

SHA256
49ca97d3993d2ea65a7fdc73bde184535ab724e982897cc2ea78b450f4d89499

SHA512
2652549ad6a062650afd89f32f96a57bb9c86a3a90d1805cc46733c431864222afb497c61353fa05c99fe5db3efd577b9348865918e8dc8ec31e5d90927f6631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3c71790046bcc7e6f97386172a2ec2e6

SHA1
a6cca2cdd7efb1fd04497be39150b76a0063e477

SHA256
b5808c9617105519764fa63fad421f0607183e89207d8da2fd882df2cd64b781

SHA512
444a6fb8c364176e2b3a10b2757ff8ee272ddd7f8d20da8b2991547623a6233ec29ba7a3745e2714f61e80ff1712dd7361ef7e8d3910fc4d102f43438bc45698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb6a87ea6ade2bca609f47dd4dcb180d

SHA1
909495efa7043a8f169a455b473d4de8ba7e364e

SHA256
4da1e5e9c8d4045466624ae099b162aae1d850a50a421bd78a5d2a592653a226

SHA512
82de26f9877fdb455ba29ff36620617b305057c700d874568569fa6acc5e726785b2a492a27192e0cfea1b6967685aae76170f752f66cd142669cedec736691e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e23e8609a054e549c9fc36702c1ec8d

SHA1
4da4e871b366e57c497ff646381e1b27269b5802

SHA256
bcd9792af407219c116f766fbdf4c5d81b24a7f321830a759e0872ea33684363

SHA512
4269a306587350f7302f37a410949dcb06bcb1700ec83acfaae0fa44e23a496e0f3baaef8214436baa2c8cf4e3dfc93cd1373cf51d1a43aa641f9b4d4da20f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e8a93a43b559852f04f45de789bfc5f0

SHA1
25e8abb22251b115fcd26be2635f669fad7935ee

SHA256
1e48a840d3b8bcca572c2cf83bdc7a992e978199d6a8ca5b618c08583e11067e

SHA512
5c2cdb0ef64ab62d191a1a64db5c9d1aa66fa623d3091390a082f407f28b063af12e4df1e2e8b712e916fda647955057ebf831b4e59d8c65fd50678360c04f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5892d5.TMP

Filesize
1KB

MD5
bca06f6cb3d2603791ba76225ec23d7d

SHA1
93e86fce027514c800c027296587e39cbfe7934f

SHA256
06feb8026fe09f739b22cca730e170a4f2dbc8fc8c23e39df696b50f254d5bfc

SHA512
84b01c1872cf9a00aa50c5baf782ecd3bdb5d0ade90f5347948b4e3bcdd1fec4c52134a41a1de26eb3a1ef9c4b3bebcb04c4b7acdb522d03d40889f5e215573c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
27240f084818ab8064e471082469f88e

SHA1
518465f25e21c782a9f505a32228326c7d7cb99c

SHA256
e717e7a635cfa7fbed9e197a91d7422f219f21aa0954c2468a647896ff3b6b1b

SHA512
bff026a1394af3db30656521d257cfdd8c10798c32f3f574bc28afc4dd69ac24a43cabbfd2b3910ff4cbefd4d6773d2658cc0c305458cb7aa45f01a07a954671

Download Submit