hxxps://drive[.]google[.]com/file/d/1ufalXBSQopREICnIjJc1sYCyAZ4M-i8K/view?pli=1

Analysis

max time kernel
1724s
max time network
1759s
platform
windows10-2004_x64
resource
win10v2004-20240709-de
resource tags

arch:x64arch:x86image:win10v2004-20240709-delocale:de-deos:windows10-2004-x64systemwindows
submitted
16-07-2024 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ufalXBSQopREICnIjJc1sYCyAZ4M-i8K/view?pli=1

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3052	msedge.exe
3052	msedge.exe
1020	msedge.exe
1020	msedge.exe
3580	identity_helper.exe
3580	identity_helper.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 3248	1020	msedge.exe	83
PID 1020 wrote to memory of 3248	1020	msedge.exe	83
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 4984	1020	msedge.exe	84
PID 1020 wrote to memory of 3052	1020	msedge.exe	85
PID 1020 wrote to memory of 3052	1020	msedge.exe	85
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86
PID 1020 wrote to memory of 1604	1020	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1ufalXBSQopREICnIjJc1sYCyAZ4M-i8K/view?pli=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadf8546f8,0x7ffadf854708,0x7ffadf854718
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7239609506040746661,6745163806289662657,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
ffa7c28592c3c547ffbcd5415e54dea7

SHA1
56070c4e03b3458e91a732f71cbf9286dd1a7fc2

SHA256
29cf7de34aca4c5320dbbfc0dc78fd9fa280b6e73e8254c33505f2b2d2eceb51

SHA512
ad10f4dd9373179a6d04705c075b9fcb24b343bbaa1c012fe043e505a0e2b651f67f7451f9934b2437ea39c233077789be3daea66cce8ea3e0969ec7d2d4e909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
42fea8f2e4e6e250808028a7dc7afac0

SHA1
99d5a9d5ff22f77160a38f1d5e8e4ce595d942be

SHA256
69706d35b605422e1833b90ed03b41f194dbd9524e11fed3bf9570f9f2af3a94

SHA512
c4f6abd4056f93ffba1ff8b07290ed3dae19b118b29bdebb7f8ec80fd76841afafa9b6a7e9969aed5845df32267672f893ac875041b0015081d8d893b2838e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bbe90aee6090f48a3981307fed83f6d7

SHA1
92f3784643b11c6fb77e848fcb72d7a35a24bb16

SHA256
5dfa5853cc63307338262a85aea18d50f352996b8904bd2684a2a43cc074ed29

SHA512
603dddf4fb07dd31fedcff28d386d097fd0baa15f49cb00265a4cf8ac3cec595014f0af4c476034dee4baff8ef5b0db852d38103c34e245ada7f84171454182c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9fad2cb5ba55b62940438a187c652072

SHA1
6c062e51354676cf1086ce70074edca2ae67083e

SHA256
9e5ef2a452b11cbea8214abfc4ae237282aaa7c5b7fd6a2adc18be1db406e2af

SHA512
d449daaae6da53ed53508d6b5079fa828dfc5297b424908118dcb2da542c5a7a781a73d77325b00aef24c05f23e333ca545499a64f6344b8f3ee9f49022711e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
416dd7b428b9d8c63623ad5a6a0295ff

SHA1
bbd33fbf6519ba670dabd4244bb00ee038fd2c4e

SHA256
3b9d727962598dd907df0da1957b29fa3d3b13a135eb8c3219190725637d1837

SHA512
ed7c5f15f77e2688ab813dc8c8b8159ea43886cded09f29646ae3b35ce6afb243d6fdb07c995224072417721c35780133e20ad2f1c41b78f6316d1517166614c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1f810dd726684f1ab91e74ac44371588

SHA1
1e9823b79fa5604afd52df2aea11a9ae5dc5ec40

SHA256
79f1b43a8f757b76c00f1260f26076fbe582866b12e28650966d6ef70a8159d0

SHA512
c316c05eda76209c53ed5f83ef2e23a36d83c8a3beac46e22721642e72ed12bd6ea660a78da3dca296c2bf0b9de29b9a442a14406ef9f30059520ebfaa768f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b9cab7d8e81059c8d9a8ba43d1b742a9

SHA1
c91e6a573cafec9b39595da3929c7438c9782add

SHA256
8902c21a431d467257b8551782d0b907908ac5524030749fec8e580ea525de93

SHA512
93c96de27faba9095dfa04dc39ff76dd7509e434031f7be006acf0d74cb39462df313ac4639e7f2d1dc0905c7d1e9206874d95ffe9b51e5c07e6a082554fc893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
290bf0a36d6190e9b69797a72bdb6397

SHA1
7a247d4cde73b6366827b34ef9b502ab53a0dd33

SHA256
c70f22e9065674ae38ee420b68c80a9711489a42ec27f72ed857b54b6a7200da

SHA512
dd22115ba8dd9d8d87f2d5204dc1d3bc96a9de8e22e79b3a46df243c13494ea3fb6ff97483a3d0ab4227411fc06b66f8e9d64ed62a2d5a9f91bf72ac46326933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
25a81dc3d22f74b8c548bcd96fc7f6dc

SHA1
cb4fa359470086f8e3f9f21542e1c957022a7abc

SHA256
b5042d0209bd39baf179219fde0aecfb53301a4150c7c7aa1002e14d889e5915

SHA512
caf37ed15d255ce3292ce38ccb4c481ef315c52a33e46161c7e7e838c1671213e0c15ee764d5f24fe9ca202d8103cd1acae2aa7b4010d4fbfe30f0dcfb8ed8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
636788fb6ec6d715e150161dace1dd8e

SHA1
1e7744c503c21d8a43fd3314b41e703b6f6c9a4d

SHA256
d617a040444065696d098d5d515427bd36d479a004b0a9fb26034a91101da1a3

SHA512
586e2daa52a5f23377538afb4710073f724ae30ebaa8ec5cc74e2404b6b1e281c20beb4fca44dd2dd894bef8ecda634ab69362d6f2951b8ef478c016d270d911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6f2679b191acdb624c6c446911d4ab1a

SHA1
e7163e8266d002c9c842296a626da1adb6b3ab7a

SHA256
13893f34d3f6fbff25db3176ee89cd60f2a2bc705ee6cf7b202016a49dedffb4

SHA512
5d2b0d616c5c57b9e466925fd601b1caa114dfec4fae96121aba973e678372c79ff9733a5b95b697ac55b9cf5ed127d68fccea776afe0af3cad2a05e9470fac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3cfaa3a92e0eab281a4ec889af27d2a2

SHA1
3e4f5285031f3fd86ee36986415299ebae98638b

SHA256
af5a45ea669ebf155871a33482d6c8c5593fa66cb7ca35f480b608c8a25b3798

SHA512
1593576001e71b4ec95d52c4e7f09647cd5561eed54c68ae995ebb2599db1b66d560379eef6a5665e66d08e0fb90649d787202627fd1c54005b3f1286aa10539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4eb2ba65992b47ce7231139d663b046a

SHA1
5cca62c65aaf17019896a1187543b5c9b3fae297

SHA256
9d4b29c45e1b93cca6b26baf23573d1089ed334196742576752a2c137b61b7a8

SHA512
5d1aa2cf9830fcd0d1d28729fd3a16e7832ac69c6e8a3e4332d162c1c071be8eb0e4f77af0111aa2769821118e8b9943355ebaab349a5b5324dfc9e1367b232c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
51b2c35eb5b7de79d97c52856d5f5070

SHA1
588218be9e4422f7889c18aaa3ab3623afc05578

SHA256
a47ff8996883d2dd3518c55d836f0c23626e2cbe771b0fc61537f8cb1a413ca0

SHA512
74add822d121c71d64a46af52d05316d3732fb67b549a64eb534b0003b43cc9acfbeba407a00b3b54a1195e60fedde2473323d785a91fcbe1bd10e7f862a327f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7d4996bd8439e8b471346f707fbd0943

SHA1
06dc8af758688c6dc4ef8f4b1f6130a95db8cfe5

SHA256
48dd1fdebb54ab6646a87b82a752fdca16b78b3a622651f630a301159b6d6282

SHA512
8e0bd680a5c89a2733b03ce6ce04304f54ec3627873dd4e2402ae44901f14f5fd1d69fc605ad4df2738ba79929b7b74dcd005f8391589444f27ff92719bcae31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
727784061ef94051188b06fc1d22878f

SHA1
273ee0cc1a34ac36b2493d3d447a7c676ed8d824

SHA256
dd8ec61d93912baf9641d0343404db7500ea49c806f00227835d9ff5cc60e072

SHA512
2ef66e020c918cab74af690d5d1d9469ef8325a6f69c3748a2f4e66b5800c78b206507b7d84105913c7525764a3f699cb1058542ddded479387a14d50fd47c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1b8af180d3e20652ce94c7b003e072af

SHA1
74749084dbc10a8acebebd41ae15c3158eb9ba0e

SHA256
99e7635063c6ff0723806a081805bf330b3a87cef981e1f50e2149f2aa7738a8

SHA512
38800a908c558566a05940ee41edaead90251e58e66b7c6e04246917d27ee152bd2789cf5c065d5ca7069cb72cc6208b102498be060251db066d103c515f4e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17c15805fb581ae8623a53ae3b354d3d

SHA1
930b5c515f1a98f58dc4f1e503fc8abe91935d7e

SHA256
459ec6076e530be3cc21c10bc7cd9b982a0047a0292fa2c230602472256743c4

SHA512
19e109cec5a7f31884df8564ca05c4d39c48cde99d03b2bdc4e2f2f9de0e567663093093c639fc1dfb029e35681a86b58947d4c5fdbb5d128d3f5ebdcb010b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db42a10710d8a76ca912632bf4f88a03

SHA1
3763965b6ac5d50c33dd85fe2d02ee550238f427

SHA256
ccf735c660289335297e5551ed27f214031d40b8f463349598d44005dabccee1

SHA512
8cd2c15696e772b30c28e632708c8645fa856795150e4ab1954fe306e9fb512f38b36c757cdbc2a9a3b1fcad140f028d813028d93f9ecf6ff9d9ef1b2d06fdf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
910cfe22bda6b92b2f3f8cfe4db09edf

SHA1
30b2ff1048610385cf460ce23715de9b7ed16851

SHA256
52dd0374139fdca0b533d6a2fc0598a8530c4bcf3ff43f3e236cfbfff67feaf1

SHA512
843524507e0a5ec64f475ab5d2bf97f464a31f68725b6d25aee3ff5e0d422f9a25152a0a8bee6640ed2df8c55c5fa57ef7461e51cb12a5594203d632b998237d

Download Submit