hxxps://drive[.]google[.]com/drive/folders/1YQHnlNCeTUu4PEtVrlpyUodwo0RAcBT3?usp=drive_link

Analysis

max time kernel
1798s
max time network
1728s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-12-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1YQHnlNCeTUu4PEtVrlpyUodwo0RAcBT3?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
3	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
2304	msedge.exe
2304	msedge.exe
2804	identity_helper.exe
2804	identity_helper.exe
2748	msedge.exe
2748	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 620	2304	msedge.exe	78
PID 2304 wrote to memory of 620	2304	msedge.exe	78
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1736	2304	msedge.exe	79
PID 2304 wrote to memory of 1376	2304	msedge.exe	80
PID 2304 wrote to memory of 1376	2304	msedge.exe	80
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81
PID 2304 wrote to memory of 5008	2304	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1YQHnlNCeTUu4PEtVrlpyUodwo0RAcBT3?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc3db23cb8,0x7ffc3db23cc8,0x7ffc3db23cd8
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8117967756558157320,10073595615231497135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5164 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
86e00975feffad553230cf309c194c03

SHA1
dd871641ccb228f43b7b7709ef74e5cd8239a455

SHA256
0160af5e7822daab3507523dcab754d2f5c4d46028209a27a366f54b96aa98d8

SHA512
8d3d1c55021c9a9fb59c265c7c97098589f46902a99b0110e6c8112d554ea0eedb29bdd3b930694d730964ef940785d152cc245b6a48dfb6e8965882bd51d30a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
19a58fcb2ccb78bad74f2e244a71a613

SHA1
f671f40025ca531dae18c290ca8825c3947c0b69

SHA256
649f39522417795879b500c91236bf1d6cbd77815acb052222447e5ddda45860

SHA512
ee24a2ddddeaee62dbf3615272497a76e64900b1423135c73af96a7749fad682681ecffa4104a09f151bdea1fded46ef4b9870e4556d682a41243494a0a3404d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b79e3d551795f94657d72cf743517ea1

SHA1
d916ab3b039f3e5997291af60dd2acf3be79af78

SHA256
e55fa72a1261ea1607fc194d1cfcdbcbfa06748af6877d11a9f949f6ec9745a3

SHA512
a1db5367361a262eab38220e26c50638aff819f0d7147d513d3fe9c51d05b1ea8dcbccbac47d8f4eec8d4485c490e62c6d4eede335f3be3de53cc5b8c75abea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b7ba84215cd586a1efe6848996edee5c

SHA1
a76faf4dd3e77daa57c40cceb82d385be50a6cc9

SHA256
4bc9b42f41c630d76b345da21f6ed26c9e6dea78f3eeac8d5f3ac9cdf631facf

SHA512
e78730dad7127030ec83c02baa357e18e9de13ad1b79c9f88aba0979d802e4b13a32fb54f5a19cd42a9a7f2e4fb724bebdc4087e0cb56c0bfe08d74bdf9c466e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1bd795e174de176735b5b7cc00727256

SHA1
0e486a6328c31cd180e6c541a22fc811ed2a904f

SHA256
9d5597220979c861ac0a73d804245529d494e183eb7a61c4536298ae412190f2

SHA512
b119bb49c708211d02413b650f0c77f8c053f95a1da90bf724d83469172381bb262c2f7cc343b8f5c0e557c27879fbb07989610bb56eed3c159bd83e23b67e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7dec22f637c3da694ff5c19d5271286f

SHA1
54abf9542846d2a305b6db47f3ab7f3ff80632d3

SHA256
632bb06fad36236757b7f731c13da74bbc8b2ca61df977cf6b9795176da70a63

SHA512
f1cd08acfb4c85fa102d3adfbd550400f0e834e8511c6988ff6267fe164364c8b3686c1af28383f9a218c01c99a9714d15fd3ff358714be19bda31d5d60e9e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b4e81ed000dbdfd955547dfbdf80412b

SHA1
c26c045a490ff4ad56a62862618ed1af4e38acfd

SHA256
9e62fdef20cf4749f979e9570d2313ca047186bc7b4cda056ae2d31f241b047c

SHA512
8eb7e089e0d2f5cc3f5eb40b1870f31852b24800e6b30739916f2191c14cc2883de7484eccea74082a603cba38426509c2d9a8fd2d71d194bc14a37b9033f6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ba78b39fd1bc112df73fc20f264106de

SHA1
6d79191e20eb7104cafdb4cc6817762819338bb1

SHA256
e1743df861df38828e85847a0abebf548e5c474ec6aff3ee6d4a470d6d3c3b3e

SHA512
40c295d27d66f42c4ca3552de07444a37de9949c1c3a32e1416019ebd722306664309d378b1a041da75a8e18cabbcce91e71147a2d71324e9169625ac8605e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
40b1a63b45e81fc121129ff44bc68822

SHA1
c432cebacaa4c93986f2e6db0cee487839fe2b9a

SHA256
683f8a56cd5c3ed7cdcea9e859e4dba1a0d42cf1ba273092e395ff131ece7a07

SHA512
a2124d28b0d899f840d21a9ca5d70cea0156db754b97544a742e4c7ed9d7a979d7ed89ad8e5ea794cbe98e0c0d8d80bf7792f7aec2e84ee69d913339ac682c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b69dd7c4a8230c0be09609ab53afc9e2

SHA1
86eb263e40626036b1f66de0fb8c754e4b145741

SHA256
1fb2e76c45753d534df2067092e6953bc9952efaf0c7b32fa42af27e772c6cd3

SHA512
5b13a377ff359bf911b20bd961c04e4afa7e8b223174c98353b9ec07146e510aeb8afea35386cdcea884d2487c94532296218e7a7e2c997e7463e31ce5d5905c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f68b9ee7726ce69c14dabe48e5251a26

SHA1
cefc98fa8d88268f06e27e4106f3da10a78bc37d

SHA256
feb1d91f7d089405e7752b9e8a60152ad2f3e48d3dbeb87292ccb33c7d526bf0

SHA512
8e4eac01bff466e6a00349913e15e82cdf915eb17cd074347710bbaaaea7b439b847057ae8509848306c431433ef83d18f943a56f1f9132bdf27d50c2d4c0f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0651b4e3a66767c78978d17cece60f50

SHA1
cf6a3a4f562996befa3efdbaadfc535a1d71bc1b

SHA256
a59544caefbf8c1a4b522cfe15c2127e3935841c7822ae5a7842dc4650a2df68

SHA512
1f9084b7b2507b21554930933ea6fa4c5811286e7774e0a8072fbf27ee9f78972f7087c31aede1c6894fa1ea8d16ec0775dcd8b867f9ac7cd967887053e0b9f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
27e8ad27d0bc64596473c569710408c9

SHA1
3ae0f0732b8d43dc765447302a96d4a3407fc2c5

SHA256
9ced8977e4c773b22e7f9f212bb8eddba588523bacd20989f64072929bc9c7cc

SHA512
d6dc7122c568facaea0fd9e46f12f35a182b96e35f7797157e5295fefbe468698351d0b208b4a07665144b2ee4016405ff9bb9f557c1ce55d700b015bcb72d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1f1e52615528aec6d1424eec5f8cf1f7

SHA1
8561a7126b58f210e0c8f51d7e9b05f44ef5acab

SHA256
953b3dbc6829bfee5fe6d474669d249039ab028c2fcf42b2d443cd722073e2c0

SHA512
f51ad2ffac4fb81e88c343ac47ae51417bc18df89d75f32ef3bbac886a10c118723a01da63f6efd07369d3c96a867999108838f821dcbd7705d705513e451fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c5849d765a79abbec7ea133c408c8b4d

SHA1
64acae5c6e801514e49a3ee6f7cbacf9edf785f7

SHA256
b352a4e79a005da2820e9cf36812abf77577c094b3b257eea6eaa0b95a789067

SHA512
b27d62e87755540a09bf2d7d8f47c289e592ac9e0a65bdb0f079fbc73d9e790ae54a33509be111c08e087e5d78a100395b3ce25b2218581790148715fbeaadcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ad05cf7099548595c609338bf12a6b58

SHA1
5c95735fd97076ca5c27d6bb857f893e7f945f69

SHA256
c08f1e1e85fa504b5a89145102fe645e42b3950c22f376acb0d779a756e7db05

SHA512
f8b2353329a26634b1766a5d6ab5e45a068e6cf4f9cc313bb60b769dbb2435bb055b51ff8e82bb9da377da88267d34352e0a5853b6a66c52d7f25d03ef4014d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eea2d50803d6d2ca5b9ee2a4d4039909

SHA1
43aca3b0fb1f25af6161f06d404be33b3bf1056f

SHA256
f9ddfe7cf8dea6b507fa8aa04a5deecfe6147e49ecba2a07e75a9830a2098114

SHA512
4bb482a44c12fc09d5596393c96bd71da597674d9ee32abaace0acc484cc31e8f76f65c58d1f453d0eba39b9410d1d294b90ef5c9e46f6d1255e0bd8ed2b4019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a002fce6b597282d8eb7cc3bb1f33050

SHA1
aefd618390acf90e0459c01fbf82dd87644d3e5b

SHA256
c17862826ab2e5015ed7fd24bb9eea2c5ee7055816740b51781d7a4f36f650bb

SHA512
86326e4f549135f4e5a2d4c7f2e5ec66240bf72b9d120bf5b6e37d169c968b6bd74aaaf4e9d4b22ed53b4992bd240fdf80eec530970c0897d4fd83fb31c20499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c4c0227b692807a96c80213b5224cc8c

SHA1
07dd7ef0f34f66b196635e06883f79aa0b82d9c2

SHA256
9bb44066599b79d129267babae2a69aa61e164fca222b8d885ad0b5eec1d5469

SHA512
f30ea3848329e2135eb86ea80123d9ea2021b0097900d03527d170cde8475bad8f56cab5bef142dcff42fab8584bccdc6d9e0a3295f985c71c3a20cd706000e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
937abbf66419b8298f6f51c0c466031d

SHA1
b09f2094ad9d348238b561929a94bbc95e2f4d77

SHA256
24d78145d48a276b7cdb7375f6e689a1f352dd912fda6da4fcf4df320a50bddf

SHA512
4b28f5d7daffc757f5847addbdd59db961b9a22fa5244190b12661597d879ad51eca153b5018b976d19ecb92a3a51f5bfba6e235aafb70acc98c0228d5730eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7883d6dc8b45f1a12b00473007bb6d3d

SHA1
dec6e7ff45f398f419800ea13332caff95de9613

SHA256
1fe94f758ad09243ef059127d11d99a44ced45137baecd307192eb75b146867a

SHA512
70ffbb790f2217f450ff8ba16fd05de5a63fbc4498743c21afeb88df477e71f7e8c3cf756e1ca066f732dff9a5b1b969f51bb3a8dc31f6c8956d9fe755362980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d397.TMP

Filesize
1KB

MD5
6f3d3da48bc4ac03038dfde790ad48de

SHA1
a8ff0c2fb1251e2bc434b8b3095b9ba0a5082304

SHA256
07c417c31ebbf7d706cf55a096b6fa57c5d22191718dd90a117bc88b428d133a

SHA512
274ac5d3df53faba1d86d93bd376f0754f45a722f87348f1403e2975ba6e5d3bc7de60607245c991b3e4e4feeccd7d0ee6c535a0a29fc0a72be42bea7a4646bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8026f947746471f86b8fdb4a41a24fec

SHA1
290d2e82d0771de1dfb3b1ad65c5e09fabc31d75

SHA256
2531b98ac8381ca729d486234cb8a6423f8b3e487503051d8473a946b2ede04b

SHA512
4b432bff925e5356f5e141ef559bb895c612f1595f957da7210a1cd0d72daa208f3886e53294993f4be4d37c523aff7ed8292a47f9dc5c81864c52bd74c22965

Download Submit