hxxps://drive[.]google[.]com/file/d/1qpZGRTQ58IM-KErL8WJhtyfbDOA0cTHA/view

Analysis

max time kernel
1725s
max time network
1727s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1qpZGRTQ58IM-KErL8WJhtyfbDOA0cTHA/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
2460	identity_helper.exe
2460	identity_helper.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 1260	3112	msedge.exe	83
PID 3112 wrote to memory of 1260	3112	msedge.exe	83
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 396	3112	msedge.exe	84
PID 3112 wrote to memory of 4772	3112	msedge.exe	85
PID 3112 wrote to memory of 4772	3112	msedge.exe	85
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86
PID 3112 wrote to memory of 3628	3112	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1qpZGRTQ58IM-KErL8WJhtyfbDOA0cTHA/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffc279146f8,0x7ffc27914708,0x7ffc27914718
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6783146519504183334,17908197124157982959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
390a9d2409f95e6a15686a13a3269fae

SHA1
b6220c55d2438eea6079fbc6e4231c2aee225262

SHA256
93d4f2ad25ed62b7a15d2c634c5d73bca1bc8b531bccd336944be45064368935

SHA512
124442d9073180e49f7251de2b58fcd508c21ac5e532b44f3923cc38a5fe457190d123f8da278347be3bde567eb88eb8ec326ae3b336b87a2661fc7efc8a82c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
26ab2b32881d82a0480470ae2be84543

SHA1
97416ca562714dcd458a6ed84285d2d66dcf1f9f

SHA256
9f95f5429b4396f9fb3567de6545d741a1661f9a29073fe33bdbca57317cfc71

SHA512
41b7cf6198c18e84d9ed51e5ff605b202ef933b64561edc0e11b1f02b8b08dbbfa4b4719e8a9c08344813f69ab7832284642a7e1e4c0d7f2d3531e33d813091c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5a460f1ad7e828230e8b5e3e0ae8cc22

SHA1
0d35ac105b2694fd20d6c8c6e0c47b16e5096a9f

SHA256
b5d2775deca111803962d31603e392e502159b3c1ede34fd77050cabf43204e4

SHA512
6c8c2a6e0c9e7f9b0f177fd83c7f469732e7d6b6892b65bdc64078a8e124546e8d60460c8d5bdc07ed2fc2ba6fda8e6a642b7278ae4c8cd5264f8643209488d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d2dd20b6470a9075d7fb4b4bf95c0917

SHA1
96b4a8092b15d33803a725557faca47ea5e22c86

SHA256
13830c648674ff72df95fbdeebcff9646645059d523817b524f3487b92f76365

SHA512
a67560803d01850e1ead618b0c99fa4ceee111da1473733c105f27ceeb640a5d84f83e913e0d946883a83bf43b7b197ffe86ef95b54e08b4925379e989dd7345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8cbf43b5316e96150ac7c81544068bd0

SHA1
3ea6ee9aea5bc7b585bcd35805499fd51c6e3558

SHA256
4dd223d6971608434061b5500cd85bfe0c252ac4e51b2b8905809c3a2bb7e9fc

SHA512
443bcaf8232d8ddda61d9b6c69ace39635636c36ad125968550c9ab114b9526fe1f4891d7e458e25f4ee986e3a6d027e5cc08d714f80c12eff444fe2166ef8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
108e167dcfd13fd8a9384c0c782013a0

SHA1
2f8fd718ec67d0eb1b641711c5a5b0d8a58b5262

SHA256
318d1c53cd06e945e54f054cca97d804bd6c5cebdfbf8db8419ca8b0b610d301

SHA512
739d1d7a6d5d95b2a701e536fd3a9f39b49d9b4788ef40774d540a15d5d8de1a822e2bc9deb221a5574ef4158efabf79f5e01bffb22acb7988af3a9aed018f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3448098fd072e45c1a5c4113a8d41122

SHA1
7c2f04ce79acade0780b5b093844e8155ea29185

SHA256
4d3094ba2f974cfe74aa560114d46fdc4dfaee6e87938c392ce7bbeb07cd843c

SHA512
e1fb19ad5e36a48e3fc565ec180b1068fbe1361eb94673f39e5f15976bef89571f4a6848eb28f2df5f2b497d1898542da023126bb8e6767d2781a08ea7cab64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6d381d66d8ab33f359dbf28cec73d5be

SHA1
5a82f45c51856d7d11a42248fd0c97f07b7cdfe0

SHA256
cc028b3d72bcbf77e8b0504269c742ebef001f8c3f95574cebd7eac5ce44824b

SHA512
d2e5c5785830c9dba3cf20e2e165e0b2ddd4c5225a4859526fa1ceb2c1988d701760f21817f9d6374ee8ca315f8575bc4c0f24e80e946078346925aab62a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f47f6e35f8710cb3576e03a18851d189

SHA1
1a0782f227226e5d8768927f916462fe9a3c933f

SHA256
4cc8cb7542942b4b799cf4692dc3818b0faaded3310cda04d307032e0cb10a8f

SHA512
84976808fc62a6372f26f8c1cb788c7f627708bb0ee7c43b1c78bfa2f50da4f0835262f0337410f60e60e289727c47f5314dc0b96d66c5d183a85d69023511a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6a9ad6493f2e2f64aa4c1c16b884a7a8

SHA1
6526c3a4a8ef2e190c55acd645a8e73916edee5c

SHA256
e192b0e6d4e5bd7fae88b17758a56afbde78e57c34eccfe0e454fd3d556c2f46

SHA512
6a021d401a5df4a2521695834cd315bef689224d7620a94ff04a92a451faddc19cb3396a95cd3fadb59413df531d335df73d70572f7b9de510c4a5339c78905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c4a32b353640e845ddc277b2bda12586

SHA1
303790472906a0cf4f231069feb1cff7759aa2bf

SHA256
c74c0a25d6c95d3d05c6f697011be1d9b966b9aa2825403428a8edee6c60fc8d

SHA512
39330989c054cb363b2b13a12ea40372143607b2354c77ee0ef9ff2b57aa0648e3c4114c949b47636852bd2667f644952bf7cbef21eee3c7f1fb8fa7986192ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c45313ffc98d198b3df52992c48f32d7

SHA1
c778fe9bcaef142f085e92d7781e24c591334838

SHA256
3130c39bc7986d609bab733360b40694d49fb3e5e4de19216352e25d0f656fa9

SHA512
af0fb42e2e73e6b587d6c57af75f5a07df315758619f19d84ab1c4f930a7e9ed745ddef8d20005c3c692db9ec54d8e41011a3272f1edc9a588aa246e82aa7e77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
91b999872157f6557b814620f7cf5a8e

SHA1
8658fa4c55ed4fc8545db9c72fa8e3daac6bcf7a

SHA256
e3a820c329cfe9a6ff5890fae34ef1a99ed5790787d7806aa1344a7cacbbd07a

SHA512
9039c183b695da1f619347f2b4ab581e8bfb0fb8160b6b0b2a1f8cf43fe047e2f7653f1b9abd1313dcd760f25d07927f738d92a2e250cd015a9bfdb2fe26fbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2ffeb059dee915e836d18bb63d4cc0f5

SHA1
6fbe07fec42b82be13734d5c3c0ff1a38a999fc6

SHA256
f268900f0ddbbbba834370a251ff70b7aeab30c7878745e8514d9737fb97bc04

SHA512
9d099408fd421328b05a96895ba3f51d46bdb77c41deff0b4d93f910a0875a5f5f050e9a6e219b6f6f41c8ea485bfce0fa569386fa61217c749a8fc37afebd18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6084bc402b70fbc17651cf60b28ef446

SHA1
971fbf6ca35f506b7f90d2db52dd79a756b1b413

SHA256
70559187923953c7ef71f05e0d414b0879d00a077693c9703f84f5c89fc6fa74

SHA512
4e4c38b3fc8e7748aca49b4f06150c89b88aeeaf106e9e8c6c83bc616d2cc66374b2df0601285b4713899a5fab5efba17d6f58fedf7d386384de3ab556c930b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
30c494b0546a08649d256502032ac48c

SHA1
1ef701baa9008d06ae15a298f8413fead7906d57

SHA256
333d49a4bc585b07a5bdd7b218e37170c101630f87ab8993d350df810d1f190a

SHA512
db1ce3816854505c2b1f18ba5771b5aebcd9f7e3fa7bc0b556d356ee6d07a0ac58756fbc569e05164a4667dfda59f061aa6dd8619d0e5ec52b9c69073ea1ba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ae7ef097fe36c136789837aeb90e6047

SHA1
0292f9264b56a45d8679e659c139c4789d5fc677

SHA256
3ea393807a5f8c176cb6be64a7f608e20e8e3fbf9964bdb840b0b673dce138be

SHA512
fd8b1605486a1b3d9ef85c106e5faa9fcb77ba006f122055f8cce828cddf1a4737fa37c4d59c05c1d9d36cf14a4ddf9f673f8884835b75ee94af85d4618cbb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a1ce4f6b59d77872e99a5152e47fd0db

SHA1
5674c7f529189ca00cf5d0b4d3405e430ac75e1b

SHA256
6258356fba36031b0e5827301cc865bca611c92fcf093c3e02000081b7087d71

SHA512
fbe8145a4f0a05be954394f18b8b45d7d90482abbf82bb63c60be155ffd5a64ab7b28e1d597816e9da1bbcd7bbee8b11b1dc017192b310abc0988090032fb6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea3f2f618963a95d656a45dfd5fa88e8

SHA1
631ef763668dda6564717ceccd82b9627dbb84f9

SHA256
77ecd02cc24eab1d416a06df34558fb2fab0bc94b9b71ea0b0b7f72fd3e62433

SHA512
d07c22f01296411b2aa48e5545adf60c24ac8ab8654bc0df358ac97828b9ace35a913ab58c934043aaa57a95c230ee82bd2cd52c379683f54ef6738eca75f126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b8f41187c00f587db9cfc8c632c5104

SHA1
ce123db3d127665724f4da0e3873de13d79cd5ba

SHA256
76528b35b84db4b8d17cfd90741599cf783f661ec258f2d40af6f2f64b7ca925

SHA512
7f5bd0bceec7ee998e240562304dffa61bf9853051c4f548de5a4554f0ff7c9022cf5d26fb537b3a0ecd247825a96a292624b2eece4622571e8f7651a417cc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb53d398c23f8a8cf50fd2bcc2df426b

SHA1
af49e53d2905d28300e14e3d78ef47864b1991e1

SHA256
c22af6748349b0b083e716ca423ae29ad5bb9ccee9713b5a0af6b4313c0c84e1

SHA512
614b35db67e19381a5e0fab05e87e602e650a7b4d237c8b2dea35c5c9d6a880363d28ee021bbd1f0c55f60176590c4c65ee2bc74f932402dbb990c11e63f7666

Download Submit