hxxps://drive[.]google[.]com/drive/folders/1dJ5WinlbPT299FQds-HgoaysxfKBxPqN?usp=sharing

Analysis

max time kernel
841s
max time network
845s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-01-2025 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1dJ5WinlbPT299FQds-HgoaysxfKBxPqN?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
6	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f447f7a7-53f6-41fd-81a4-e25067cfa258.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250127210700.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4256	msedge.exe
4256	msedge.exe
2892	identity_helper.exe
2892	identity_helper.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 4632	4256	msedge.exe	83
PID 4256 wrote to memory of 4632	4256	msedge.exe	83
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 732	4256	msedge.exe	84
PID 4256 wrote to memory of 4124	4256	msedge.exe	85
PID 4256 wrote to memory of 4124	4256	msedge.exe	85
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86
PID 4256 wrote to memory of 1708	4256	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1dJ5WinlbPT299FQds-HgoaysxfKBxPqN?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff8e6546f8,0x7fff8e654708,0x7fff8e654718
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6b3035460,0x7ff6b3035470,0x7ff6b3035480
    3⤵
    PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15055603731120284368,5209199451826550995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2684 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\47342c08-6624-422e-b58d-fbb31cd4db33.tmp

Filesize
8KB

MD5
52086c7ef9681f011d81a0a5f0e698c9

SHA1
aebd568548014eed6b9e58c1991ae100f267ee30

SHA256
20501c7558d11c7bd67e738d814709be5a85f0160f3b836a12f3f1d0326e0c56

SHA512
1c431d16fb40fc2011062a2b37d4ef4e7200bbff7e23eafef56eea7a15f5ee8c2c125702d7dcdc04a397f2e2ed28605fe66e84e0460bdfdacb7793d7c9926c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b1afd1f3bb6d3cc095633dfb658f7f9d

SHA1
469412bedd41b363cd6de9c835a98ffaa3c2a096

SHA256
a324e5e9948e4a401b870f5cfd777cce3dbd7c21e4d323f1ae59619eb5b6c77e

SHA512
d4a1827dff204d427f066b7418ad0f416331b639afd3bd94d37cb452570693357a000f4748d7a6bd98807e47d493caa662f8362bea244245903327b6f05edc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
471bd212cd35f2fa298b584246672896

SHA1
e12bc178ca9e9f02ee72df03a15ae8fcb519eb83

SHA256
4cf2497882fdba2b918efeb86d82491d35e5d8bc557f0ae60fe0169797aa3c89

SHA512
1d0f0f9338c9fcdc6a2066a1d0217fd235da732526cf503cb7d7d7604e0e0a6defb77e2143b0bdac1fae9d211670440d2492507291cdb7c67a5decf603c6d084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e014b0d-8bbf-4d54-acff-ab57023f6e2a.tmp

Filesize
24KB

MD5
ee09e9ed5bea3b88cdf2c8a7152629c7

SHA1
81af46cdc5528a7e046fe3d29f9148d530216b96

SHA256
1aacb22be4601a731ef428ea51dd438b1543243998ea5666201b5f2d47c83183

SHA512
edbae717968525dbaef599670724bcd5f36fd0964429471084e6d6a9fa964931bb7fa90ab12783e7876c372a89c8e18bf8a180d94871db0e9a91bec15f809244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b74363842c26c7f32a3fea7dd6b211d4

SHA1
7c34cda5297b839d2b25164eb609a16dd6d3fde1

SHA256
73f42512fa5c5473f89e58f8f301e6c77dcbdb02538498d63fab225c3459f8a1

SHA512
9942a720aae68eddc78b0aa8e5197a96332d36b04324c8700b47c87ab89c8063f75a9443c8f2070ee81064a00ea367453134ae30fec246bed0a86a5466612db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
b7233af8050ca3933c8eab8ccdb2d2c4

SHA1
175dac43766ae06f3f63c6b3adcff9b5f6310c1b

SHA256
6906d9d4154061a3f51e0bcac582d9ef6d49112d443a9b6978a04cfad5c92fa6

SHA512
0273293c3dbadff2f095aaeb18581b335ec44931d2137274fa11e0a0d1da737f5a23e12aa29cc62e70ae546c44a7d09a1dc86c7df3492e375b23745fee5c6794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
02574f21c2a4ec47210b578241c3139d

SHA1
0edaeefa678131a293d0ecc3c68ab5e70bbdb0c7

SHA256
77301bc050a784d9890e58f1aebd851996e8f63cd8bcd6b50ce25654c6326282

SHA512
4e7bfe627ef64cfc385f1c079a323ed29a3179550d370af6febf16263d2e5993300fe34d0e97ccfe417fb76aebc3ebf907bfad335f97c8a62843e69c214dbaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
58155bffbd011be599e280b8f4b80988

SHA1
86a6c36dba4f67b40178773029f2ccb23c87e3a1

SHA256
5429662e2ce3ba99073a56dea9a86b7ec84312f2723d1afe9df74d37ae4c7a0c

SHA512
354a6dbd36fea5b60ea5d79015fb260f91fdc6b7a9487fa0578ce279f83c45cfb6087e73f9fd4ee2a91b09934906d3dfe3c333a00b01991822fd9896314e1beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a81d59fdc7326461b93ac2ff8cfb9578

SHA1
12506e0eb01cb55b84297b72efdead50e3d2ed24

SHA256
3e989857059b057f1b00144520b8617df6283097c19ac80d532dde7d44f2a8f3

SHA512
939f415313c7f7ffebc8b715aff23b73adf74429cae1c565c6aaca7f4406c50791cbecf0a086e9cce19548642beec6c0f25efbc335691d237f82427132c6f36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
20d95ce1e1d9c65746b9200be913eebe

SHA1
5a64bdbd501655c6a87c8efef9f3c5158163a2d3

SHA256
094dbccb5c05bc660ad6ff087800be286e1b2f6b9f20d877d9be577be6a2292e

SHA512
c3816accdb96c8d09a9257e9c6f35c7ef5e5566cdc1ec52a061edf8717e081f7bdc92e5e77c314c51e313082e773d4aa2953c10bdaafe9e16a46fc77431bf87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
75054a4891a0b1af49ef7c0fc4e3b7a2

SHA1
1746ae8c034dc61907fe1dc57311a0aba18a93d7

SHA256
30ce1e3a78eb8a5789ece3f82a880e038a9415b8c35a6872d31d849b5ffd7602

SHA512
e3462df80a9cfa1e1a624f3fa29604e198eb62ac0fde10ce3e8611fe07c2b1bf7316b35629183e25b5b4558d01612d750f2fef2e1cc403e6bb54eef95a256c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a515.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
143a136131f033e79be9e5697a3e5621

SHA1
37895b57121bef0257c874296ed4f5ce771aee97

SHA256
fe940a17fb6e7f1cb808d5da01ccd1170cca20a5e26af25e028e6e91bbf91daa

SHA512
e0b99daf0082735d12e5613133bb81e9bf8e3e12b7e19e285a871c468f3fdba96e7e9e2c3ad0a946d1913c8fdf4bc687ffad3d514d1060f691676ba52182f7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b332ad37b2ba4bdc79b6b36f44306caa

SHA1
eefc2a7bb0d05184b9a9e0d443b6806f100f66e8

SHA256
dbfcafc8f7cf3afe93d400567f4ea375576ead3958eeadff996e604ab58f480d

SHA512
311493ba79087317c61b3bedbec8dbb082b57f0fc74a4c4fd0cb6173e376af958c3cc8f6b8300613d7221765a5c918ae12cbc7a5a5de5897134b3ab95dad46d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
193b50b372bdcb417ef0dece45bd28e4

SHA1
2e39ef53846f18732071f789b411f2808ead50fb

SHA256
8fcadbcdf1687f0a284ee18ff40243e79b7e2072690fc1740210b8a084bafac1

SHA512
1424b2b3b2d3a7442d725aa65b645b9a372abe1241dc702ff2d74eac17e503f86290fc9498ccc43905bab5d80dee0c71c6f1c7d526bbfc51a8e60c275f9502ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a097c21c04d45f282202d0133201f4b

SHA1
d236053493daa634b6d56db6f76ed57de869299a

SHA256
da422ac15271b8367827e5fd56e8536bd94f63b963bb12e941f55ac03d9fb8f3

SHA512
99c74bd2215156a329e9b73441e1cda4b6c38fc9d6cca3830413118f2df24a112048e871cd48e0e42216e1787e2ad1f1db84ebd8744398059934f5ec318798ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b7dffe5300be1084c18ca4504ebbd214

SHA1
2810add128432c3c2c676b9fd4d78e01630a98a6

SHA256
08a4b6e8ace151bdbe772c10bcb6bf6407cfea86ea759b225114dad370ea6065

SHA512
bfd0d9a4f606a39f40e26924a2926685a88d21275e170499bd41b97225c63f886cf2c625bde76f9f24610149fa5535a76c8c1cef729f36db54ea91af2a74644b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
c551618aecef8c0b89001c59c15e0af9

SHA1
827d7872605c21e3bdceeb3fd02773fb636df8ac

SHA256
d71cfecb9016aaa033f123d8b1a6eaadae78c8dd1f7e868aeca58c61e9076fcf

SHA512
97b8116d029482f64970d2abdd8f99e97015e47bbf69c9f8bdef9af26a158b0006fdd87e9604f38efb86f2791c24cc966103afca921e7c1cc5b558e83bfcab5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a6ccb2a2796c295da8ada1bb4e433124

SHA1
7ea3953592237fb6db0bb1dfe6ceec59f4388e2b

SHA256
b235820c6b44cc7f753b9bb1a3968136133a344986355d62461bace32314b07e

SHA512
a602f3f3d31e3241fdad5d156a0ba862a24ed190bbcc51b96c75d215ed019ea6676cf85d439f8343993f83ce29032ba26fb132ef0d258d685ead0d7edb2f1d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bb2d.TMP

Filesize
370B

MD5
44bcc9eb89168f3e1702e72e142e4509

SHA1
3f277cfd58f728a8dd7a90070f2bf741720748b4

SHA256
4f8d7d56d9feb729e28aa05dabc70966f3046ff87d563dadaed8570a6bc3611c

SHA512
6e7e01ece0779f48624ab642d2a00d7c72cbb47babd02d8dd03ced7ca1925d9e80573fba55e302eee56ad7cbfbe86271ea3cb7ec514a96adc4e56fd89546589b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
016348ad7e1c29776d00582094b1f686

SHA1
9c6ffce681a5571d4e9a5d025dfe1f2f4abef8bc

SHA256
90bfa796ca651f43bffe5e58975c22f35e167afd3db5e5217f60e0bfaebf5fd4

SHA512
daa0b12008b4ec4b76bb020ac15e6cc6a03e6e40a89ac1067043b465ba2bbb0d30cba69d1f4a4e291d15d6737d256b88c84903c7854543c14063d799560640b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
efa4b6ee0585bfbcc1c1cc97fad051ee

SHA1
79c72cd520d3d73abce8a9975b1e24795d99fa07

SHA256
723b747bdd70b6315116c46a7c8f0560175989803e85095a57f0d2a81e1c1be4

SHA512
ba08e9852fe699ec8c2819b3c4269cba02cea13e24e12bfde79d4dbb4d1c4ccbcc24cf84eaaea944ddafb4444cbb5257d1c8639469707e97676350b90082d3ae

Download Submit