hxxps://drive[.]google[.]com/file/d/1P4FNPiLwo5iyDIzooveXYdSzOtl5bKJ1/view?pli=1

Analysis

max time kernel
1723s
max time network
1726s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
24-07-2024 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1P4FNPiLwo5iyDIzooveXYdSzOtl5bKJ1/view?pli=1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
3140	msedge.exe
3140	msedge.exe
3276	msedge.exe
3276	msedge.exe
2068	identity_helper.exe
2068	identity_helper.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 664	3140	msedge.exe	81
PID 3140 wrote to memory of 664	3140	msedge.exe	81
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 3704	3140	msedge.exe	82
PID 3140 wrote to memory of 4828	3140	msedge.exe	83
PID 3140 wrote to memory of 4828	3140	msedge.exe	83
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84
PID 3140 wrote to memory of 4396	3140	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1P4FNPiLwo5iyDIzooveXYdSzOtl5bKJ1/view?pli=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff84ea03cb8,0x7ff84ea03cc8,0x7ff84ea03cd8
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,8504635611093409351,11065087135502392913,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaeb604a99d78c4a41140a3082ca660

SHA1
6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97

SHA256
75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6

SHA512
1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fe10b6cb6b345a095320391bda78b22

SHA1
46c36ab1994b86094f34a0fbae3a3921d6690862

SHA256
85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239

SHA512
9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
cc8513e0f484bb142684163c1ed536de

SHA1
b30ff5cfd20b1065142f0b14dfae4cf902b67db6

SHA256
8d28d55924570c0f343667cf44cf4c455f11c3d7513e3d759746a989686a3e71

SHA512
b68426096124f4a3e490711c77ec61cacebe43eb7c0b0ddf4dbfc79a3d8aaa8c2d0e6292053f419d0610897856bbdab5c18ea66859c64d9e2604c0cd49d69aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3aea0cadcefa07d1b7a29be1a09a49f1

SHA1
b7d7b205847910e186b716f4bf8cedd9d62c8e72

SHA256
a6d160ed693aaed1c5e71933bb9b26fcf25790375f1c79e79ee143f5a098fb3a

SHA512
85c5e8b7580a188b3c36ffa653fa595357dab1be67108cc0c810919496fb94501e60c0b5d20cf4002d68751c77e449c01d950931ce173d884574dbb2ae5f4d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e3bd061d32aaf6724b6fdb04a9e67f4a

SHA1
c25144f6f09ca42d7d177498202f4ff99b5132b7

SHA256
2d4c38b1611599f85ccb449814836743d107023f3e09892b0e174c5c7db9a3d5

SHA512
a3d026ba2acbd1bcb5ed0ba3401246d97a2e9ce5c1de9eab6e382fc9d4cc1337325b13b739fb90667b39e7d158dbe06e7b1441fc56072d6d0e0cee71d290b228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5a195676c525352693294836535df63a

SHA1
5efd31c2682f31bc0b6263acc3a8bc577031abf5

SHA256
e14aab39610ff85e7130004258fcdd2307d9f9cba55e605cbee3042d5ff069c6

SHA512
3fcdee23805a05f76da1387d19cd2fd7259998f31c810ba79e0dea1c931943571da6580955e129de2c34dbb8cc9758c4931bd74f158e35c81912dd67101a7b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cb427660936bf09ee7385c1e8895b46d

SHA1
b4ec630a6ab4009a072521e340a904e58c7be452

SHA256
7030e28b45ca8c83b0e6285b4de8785e868516a92ddb84e8499bae62e9c1f30e

SHA512
d3ff596f4d399114760e77ef76b78f12a6b55eb152c9b9e864f577d9056b57373ef4a49c59efaa5e028ee007077281680130ad4830047975a40e502fb835861c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
180bcf267dc36f71d46b5c92f8fe93df

SHA1
35abb09e65379dbd697079cfcb2e77644fc4ae0a

SHA256
7f0890af4b6fa846814e3121a501c9a0f85937881a65fcfe6cabb7a8ee859f52

SHA512
b1a499128d3695af6a8054a2f2e63df8f6353ccfdf84f340131eae0f35eb9ebbe8be7d06a3a174b26e739a88f2e212342453f3c6e742e656f90fac1f770d70d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2383c0d390459534692fa02d0634b261

SHA1
2e56956bff910caa4bc2dff7da1fa3be55147a00

SHA256
96decedc2e2f9b40e0f1f2fc0580b24304c9c65fd0e9f823903663af8b07600d

SHA512
70c6beaef691cc7b5f7a98689f407e7ffa63090848b5c2d3ca77569eebc1dc7f93f6e8ed9e82007006cec069b28b64dfd3a1c6da0811b333da171a6f97357ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dbc3065c3d41e544b69d6dc5705ff092

SHA1
adc059feff59790f65a4aa9801de33e9f3503641

SHA256
c2ee15f6d48452f5bf3efba17d423acdaeb88a1a9b2b1a74c79fd8f123a00fa9

SHA512
f9716a2894bd5655eac91f7b13abadac639dc49326de95c26f774ca6840f564e834dfa59940a6f6794415063403f27fc83cfb391abc254dd25c682c4e198dbd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
748cf3f2d50484cb104e5bb391422e35

SHA1
cded03d25ace94a49c05302cb6f276f64a92d0da

SHA256
83c1b61561389362618473a56e94112d807c0cd072c1eed5e9e3079fb14ba114

SHA512
6d7e84b309eda39369d35e7bb0eb5671a5d6fc599c72e2b30ceb77b75ff1ae3705a57151cea829f42fba51b545f156e11a9fd17c7d63e59d8b71c992eb4758ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d7397c0e3cb762a44ea1eadbc491ff70

SHA1
2178ec9f04bfe87b9fb5a54ec13bc0b43e467a98

SHA256
aa9c2becaceb6d4bef3f70e3b425e648ec34354f490356fd9554fa4881a3eba7

SHA512
a14c7878096bfdfb281e21540ebe968f7f92eae5e35151f7cc6490ee3fa9a9600c2d792225d8f9744dc61c635851a747aa93cdb262f008c65885a4708d6b7c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5f8d7173304564fe50dfdf1ef0606b5d

SHA1
c62e0bbfc54310e1e4b8d2ca52288f9d9eace895

SHA256
eccf2c7c851681c42d4f21e8d5eaa14141b1efa10bf3c2d6edb645793e464c8e

SHA512
40f8070c9c3723e0c847635036c28206ba4db94e9e6940d759ce90dce586a3ab0ac3346bff412107f66eb3e121c828c43d5b715099e339faf3aae468f7dcf1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
983d88c2b6802599484861d89ecdebdf

SHA1
e212d40f5c8df195335701f59226143b87c72361

SHA256
49c54fa525b40fcc702885ccbf40e44d6fe63a2c7ba2c2d2505aa5882fafd974

SHA512
1d61b6041e1fa36f90da28e322256d31232c9d39e4750d76f68dd2f5965ab8f6256fd5791d6b9274ddb2074ad815fb6c16283b602217f17e4027a6b88a498900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3be093929b242442b7c90b4c6094f5cd

SHA1
f5037bdf2b9b67757d10b1a0eb1e1463f2371141

SHA256
b7b62e1a64f0f44215647bf44c18ac978add1dd4c8a75caea2a7d9714fe576bc

SHA512
07e7d66f3d6883c92f7a5e7a2529b93f5441432ea7dd53677b4e9224d5fc8f3e10edf337866b312758becaef92ff986da7be16fd4fe0d4d7f0cbce67bb8062ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ddf9f33d8cb0fa711e509c5a41fb4805

SHA1
3275e0a5ef8131089fc6d17acb6098015418838c

SHA256
4e0d01799a7b4e5e92236423f4e136fda5dd467466642e03b5fe95f25d98cdad

SHA512
9a7ec537507b28950f2a2bb4bd15a6428f0b01dc2111c6528e820f33f104142efc57724ef1f10b1ef3df78ea0ac4eebb3fc10a9a48bfb520718d5bd0772a7be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
742e4b7333b1e765820c41261d6c796a

SHA1
c724cd26bcaf38563573e06cb5e96bd5809ae72b

SHA256
13dfebef01b1e652ac0acc167a887dfd714f95c421b02f7bb2698cf9c96677a4

SHA512
f5987e801c13332b7cf4ac389aaa395245d7cb81784ecbafc02fa2b30bd66ab6396bdf8506c7c38b3f6058f1524a647d0d3cfd032a48972d9c8d6dfe13a61b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88f1e57dbcce0765394c7d429d293470

SHA1
93cd0c8d1a21d43961d58d87b82bf1fe533bd04b

SHA256
60c600ea932a899b8f66e8b094ede13381a321a0aa79fe43d8b056ff89eea0bc

SHA512
83d8a792aa7d0e9a7586f4e0ce567a56f7e9ed4c8bcc66cce36ffb089500e9e215d9534a72c01f75ef98681127aaa8f114c1e9702ab7e1227a26c2963b2c4985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
91ef95a331f0184ace3f98127f036729

SHA1
4eb98f03ce41c44c0dca435f249feb74e99b4225

SHA256
3e2d3885a0bd0efe02c15ed71255f367d26b1ba75ec13421682c48f821f1adca

SHA512
5710021900eeff14a29926b8f4baedc0d8d363205904693b7c3220030fde91f08f2cb741d0a9f3943e189126539dc07b43fd8c9009feba9c5dcfcf423489ab8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b033033b49094a0f7efb1d5d30ff6549

SHA1
1392ae40560b5173d1c3659485cf2c0224afc267

SHA256
46cb2355b5e0559f249d79c593138141b598356cd648d634d33c6dc6936712c8

SHA512
58d24e4ef43fdd5e557341bb2fb483a55d5c2b6d198713c262dff6ed79914de20c055545768671dcc3fe7f11ad86cca5a053802537208eb91bf9e1a2fe40767c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
abe1129443ca5747bdd8d08bdd9406a9

SHA1
417ce1ad87e9a7fbc0ec77b163956398dad0bc94

SHA256
357fd3a6f791650a3e8639542b4b4bcb5d949faadafa4fdf34618dc0061ade05

SHA512
98af032fff26ead6944050d2130f92c341ada6cf2a63be084b8b246ac79b74c4eaa1c03318aef4914b8eed047f6dfbac56fcd29005bb584d55b11c00aa883145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e83b5f8eaf3bf766d6524485360cb47c

SHA1
c25c2d78699d7d396d17a4fd1d90cb7246a081b9

SHA256
71c10d45353df6d91fd5df7bb4ca6a0dc142d38d04ee4f9faf9e8ab63558723d

SHA512
46920cf0bfe78755de43e193ae3a3d64650b52eec109932f56daa646339f1bb66d4c2979cc970404641738bc65793709e97efa58b860347c5f0291411daa11b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac567d9222ca8cff8b3e178657fb0eef

SHA1
fdbc0e18684468be18f854e493e066148278af30

SHA256
535809babafeaaf2ad7aa4871646a04a34e1749ee7bd335ffad4a97b8b27bacf

SHA512
15b8a56e5559dd7f890cf603a60ff289cb1b60dcc635ce33de9eee72ce24a21de55714f58e8875e402a78dcc9ff71e550173788d297726de57379020681ed727

Download Submit