hxxps://drive[.]google[.]com/drive/folders/1Pu6oguXF9_xvzLYpim7SMbW1wnqyDjWj?usp=sharing

Analysis

max time kernel
200s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2025 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1Pu6oguXF9_xvzLYpim7SMbW1wnqyDjWj?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
135	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
3232	msedge.exe
3232	msedge.exe
1952	identity_helper.exe
1952	identity_helper.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3232 wrote to memory of 3488	3232	msedge.exe	82
PID 3232 wrote to memory of 3488	3232	msedge.exe	82
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 816	3232	msedge.exe	83
PID 3232 wrote to memory of 4824	3232	msedge.exe	84
PID 3232 wrote to memory of 4824	3232	msedge.exe	84
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85
PID 3232 wrote to memory of 3456	3232	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1Pu6oguXF9_xvzLYpim7SMbW1wnqyDjWj?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80d7746f8,0x7ff80d774708,0x7ff80d774718
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,6677722302102557305,7630548515950981766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
66a5b71685112b9d64121be37593e457

SHA1
d086744953656df160155714483c4e758b96bd8e

SHA256
eb15b21f9f4ae86b87580ec953eb7d011633a812262812ccef29dfd48a3ad796

SHA512
fcbcd20f96403f3cc96e1dde7d362fcd62aadd7d4f63dd971e61fd98e7fa84384345379f52ee0be6bf850f31f6ceeb954c729365e7d41b46511378c174153750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9cd51ec98a7e0e0657fac89b26226a69

SHA1
cca53c2ea295f96892a3c9c6886587a29ba26067

SHA256
aa983e59ba14a7c26b1e159ba5d64832d4a95d719fc9b1c02745b5e83d89020c

SHA512
a479cf0eef828545cdabd87cb4e95e1e46284c47207dff4bf6b35ce547dfe14de7beb914922115cf104db5f74ae2bbadb59ca00f04b954e198648ef5026d4a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6206fda9f9906927a3bf8a68157a2d10

SHA1
5d2f788dffbc01f12d679579bbe40b6c8420281c

SHA256
7a5f2b04709c9a33491db67838bdcc1feb021aa2100c4892a37099546f1c6840

SHA512
2ccc5429d3f1da515e77f12a9be00d27815fa46e0a1496837ca65f13ef80bf7d0f24bbec31950effb1b1be956b614fba5086914304fe5bdc3a6f7118fdafef66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6201939451a73054e91b8d2048d45d0a

SHA1
c84b70ee0bc455dfe4ba76c4f4bee7bd33be193b

SHA256
93f260773616c53d04f266146a1cbd95758e46627e15b1496696c123947852bc

SHA512
cf10a298b5c46b8771c1f06199bc5b06644278b35f55046223418e08ebfc2a6a9947cb313ef9dc88a49036c2b09bc1f5881f2aa5b267ec4cf0c15c1ca82d61f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9898384ab288f3be2ecd4e4832390a1e

SHA1
23882b2ffa9e940dad2016a9aff113acab769648

SHA256
e4b65d61f26fcd043a66d2da38a91944a674aa5aecb47db20a427c5fc0690115

SHA512
62602eb47032ce21c2584778e566ed169945464da81daa90b8d1e6c3cc5075477d73311b6b8fb6fcae51ab404d92c0c310394e3f347fbd02c581eef5589b70ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d623ecd7162727184c6f4b9dfeff69a5

SHA1
df2b140c8d821d8ccd1ab3c45e260a479a06f6c4

SHA256
83a6645b0a2398c04e1dd9fe2b4fb77fb3351538760e21c9dacf00bc44a3e349

SHA512
c636a11cfdaea8c7b3b59c2fbf1640c2c4bf1ef8f3874b4f995cd921982837f347593a6eaedb7319f340434c18c2a378a704220148e0b0c61ba0dca32046589d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60faf7f152a7617a72ce066b9c87345f

SHA1
2f7c75137e0d25b63f9a0dbad43594c4d57007e6

SHA256
a61fa58f4a27916c62820d2167ccdb07711becd64424740dfb9047fd195a53c8

SHA512
0e732cd886a7cc6a08e3154c516251538138462e07b056df8c60be85cfbefcddba3499415f7790e3ad007e3a90715abb943d375cdee213fe3b4ef058951dab21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2afa216672e42f00451ec327ea7ba879

SHA1
93932b01ffd7607aa5be5749c5f4b2c05688c50e

SHA256
2289fe425ed089b207f959485245db5abff674585d0484aba796e64633fe8173

SHA512
b38d99354887599dd955e3afb5333c1ba8ee18af72bc3e4d95efaacc6681c91a812658750d2c8338d55be0e231a274ae1f3ded3638a8fdbc524ab7ba6e2a5ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fc0a62a7ae3f89783103c1d3fffa5fe

SHA1
25ddd39bc3d6509a3e6dbeb32f79b431ee0b33e3

SHA256
3a0ce2c9390e7907b18aaf6fe83c83f17f5ba1ea1ecb2908bf780d8d6a5216d8

SHA512
17346d8534a2e1d031be760158932acafa70d300c9cfeb403ac03997af48e96ab73fad18cc8faac45b8cfb2bd3ce255def56cf50f0324801de66dbb5ceeb3ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e02dcb70051aea74306195701ab65a9

SHA1
7be4aaf0cee64d1f90d3228845bf792a5eb11437

SHA256
8e1749992997bc0ebffaa8c8672053b6ce470112434af5526d84ecf66d6fc275

SHA512
880b2f2972dc87dbd128656785f02388bc2d900dc8d78b7378eb306801d57732444d51cbacb01a57473ba78cd6d581bfaf76c3fbc07dcd2715a8dfbf86bc7350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a009ecf4c54fda492987864b5e923319

SHA1
5b07d99abdf2166e5b5439e91323a42c10d85cdc

SHA256
fd8f97524ab2ec9f9c5bcfa8131d95b3607cf0b3941145668f57efada9a7e416

SHA512
ddf17ff68b819134bcc2981b24e91cc5a09760446b8a6718becb65b3831947105e728fcc286b85ca47a873f32cf7b45e8ea33a755e4998039104798f7fbbb84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9294009386a96b1eebc46b69f7712609

SHA1
b90bcaac070ade06c4f34168eb295239f10d331b

SHA256
4bff705cef06352eba430dd8ecd5f5e7809a5f3e7f650fa7bbaafb1d95915b23

SHA512
9bdac07c2d29cac2e4b149a4dbf96a840108a8f6965ef08dc46a06dca9172083f40293715da4c8b6d784d09867fce60425cf775665cb0165977cacbedff8d907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9951443256b9e5ffcbbefb0de69f1e11

SHA1
dc4bec7abf7cd4bc90c408603a70aa00bdfacc7b

SHA256
4b7c98c7b24df297a7d056a868e0a7b3520b10fac6ec5f73f9f493462dcac94a

SHA512
d341b235cb621450233db8557425d5816bc7f8cb6658165e7839f695c437cd2413fea036dbaae67d0e3ccf07b5c6db8c5dd3e985854ce9759f6119b87e78ccf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7332453cc35ecdbe02e540e1696f7fa9

SHA1
889fa977bbd1c76d745a288017396b807166dcde

SHA256
b782816dc603acae36292e3c4f2197440d3888ebab94a6481be38b42b12abac4

SHA512
eba177e06bda19038a43153e9547ab2cf8fff4bb90d9c0a76b146bedfeb0dda2f785c96aefc331f24d0e1303f1b9d4767fbc02dc046aa4693b2505822afe09ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e87630db42184f4e725c508a6696d802

SHA1
1071951d1b752d3e970062a3b3b21a4b59a75354

SHA256
eed8c2fd43fd1d49058bfb6ac98f404de856a760ea00dd60035fe8d9b28b6754

SHA512
f8e46732dd4fc8e3ef3532c449ff1547b830cce049e393e61bbe96908d6603495d953bc1cfb9be7208fbbed569940b82393c1c33ab61166dd287bc025cd5a677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3f7d7e8351006ac433409e7b628022a

SHA1
a30282699e9ba26ec329eac89928c1f2adfa2a5d

SHA256
403b4d599d52e803b678334f3e57a74a5f553a8f21f4fe1667b4f753be0aaa72

SHA512
8f0db88f332b0a5234d458d5e8e30d5b431ff3cec52b9bc97b7a27f533f5bb710d5dc0b61be66ac897b489d5acbe366f23ac426082dcf19e1eab83b04989cb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
155a8c0365a279d882c1b2dbde2ec1a0

SHA1
d1c24df19e7f0fa773d447e9c799a07cad547103

SHA256
e330dc717ca8f3da692287fd485c9b023c50d7477ace3044f31bf83d8aad3f5b

SHA512
4298c3a952f4dfa62909d643bb5078e5e5cc2948f9bccd9a887fe70e1d7a6400647f99ba3b1e9bbd66d3282718600f27ca8428511f32c3dd19cacfbe43afb508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
294412784b228fe549429ef724bdfdc9

SHA1
5efa5d0104ebc3b66c6232cc18dd328bfad59208

SHA256
5ecc3dc8da06903bd6f0c9e880f18524e5a15f6fe8685f3c5fe90e1cc662c2f9

SHA512
78ed49ab14108127691278c2798054424a6788f9c024fe12ca9a46a0bf44d5299dd9e82af012931c30293978e8105f12bba18a79038bc39dbaf349bb3c56097a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581008.TMP

Filesize
1KB

MD5
0522c5051d131411b83000bb17432380

SHA1
5cb77bca0a53def7877a2e908e5eb55cfc5925a9

SHA256
79d89babb1d0b89f45a3b9478d6e07dd0a8ffb958aef3139bcfc4e2dcc2a489f

SHA512
414041d042986ed420f02db0168cfb8fcb942d6616c9783dce06aaed05a80a3e9c3136f4fd64656d34f46b5a3295fd8b962f8c516a013660c220d4b1d4107c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e31f9f68452354c465ca34de715f27bc

SHA1
3b13fcaf0d3d74a233f6d826797d91f0c0f55d7d

SHA256
896f97eef71fdfb5bbc5cd03dd274b8ec5a7ad3583c1254aa48bedee545c876b

SHA512
08d1502563174d0981016196026fb198b816d8c83bc079f094e8dfe8833cc74f656b0396b76785e9ebb6698b57101fb2b4646a827ee4237cefaf1de85d363de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da2e86ff4a93b3af03f6ce668d72e86c

SHA1
d7691e611b850eb7d3a6a85a4a8f7aa98a30204a

SHA256
124bb0a30b431385c35ffda5204726a69abbf474822c9c3a372803e41cc5cb26

SHA512
7872770e8e1e4e19ab3000411f6788005e6cda1f289b3f62ecfb9e98afbc5e3f82d3a105754cbdcf18b39d5c59c1ad1bec9bee9be39ed95ad705c121731d0b9c

Download Submit