hxxps://drive[.]google[.]com/file/d/1_RVEpnP7H-42DnsVPNVej8iVxQerIpm0/view?usp=sharing

Analysis

max time kernel
1015s
max time network
1020s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1_RVEpnP7H-42DnsVPNVej8iVxQerIpm0/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
12	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
384	msedge.exe
384	msedge.exe
3400	identity_helper.exe
3400	identity_helper.exe
5540	msedge.exe
5540	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 4528	384	msedge.exe	84
PID 384 wrote to memory of 4528	384	msedge.exe	84
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 1380	384	msedge.exe	85
PID 384 wrote to memory of 816	384	msedge.exe	86
PID 384 wrote to memory of 816	384	msedge.exe	86
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87
PID 384 wrote to memory of 3044	384	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1_RVEpnP7H-42DnsVPNVej8iVxQerIpm0/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb870146f8,0x7ffb87014708,0x7ffb87014718
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18083082902522153140,9550007428807369371,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\351520e2-c6ac-4298-b07a-a6c43d21ac8b.tmp

Filesize
5KB

MD5
bcaef022f6df1f4a516fde57997c6850

SHA1
f3909407b1a67b93267d3dd76224ef6c7f0a53d7

SHA256
4c313be63b821a0560e052b4750dbbca642fdb9dc44ab03c4063ee1567094b24

SHA512
06097fe29b196d738fc5683596f01e43b2c75de38c257746a01d1f012ec88fbe4bc3290589661276c208f4356500d94039b0ea798a795ebc35f1c99be8b71e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
74d2971d1f967ba0224d4b567d0ee48a

SHA1
7e3142c37e3578c624605e910bb03093ee4bd32b

SHA256
7d14e1fcad36bfb24ad5f3f2dec8365861135ad50d2bc825ecd2b774a79f1e72

SHA512
e939cd3135af8621b79a134d541cdf971dd1c1d2234dab7bc0028bc3c35b13b9fccd8d3d86ab6b167a4fea3b90c9fa0b36319651c616d4f140a8e1ae193d076f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d63109999e213ae6b200284aebe1c216

SHA1
9f0c96af349953e630ffd588ced37084e10f996d

SHA256
eccaa2b73b6c06c8868b9ae13969fb62f8c98fa1e30387b244b081a4881a9fac

SHA512
64bcb57cc186be01951e38c7fb9e59620badcd90e58e01fc7c3ebe636d75aea7162086355e09f9ecc0ea8ece1d60ec9cddb1a85b433ccd385479db25e6d0bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8507f04dd1b947408cc74ffc901c97ec

SHA1
2c2156984023694c21b4c0e5310c37b3c8d7dff2

SHA256
b06808a98eb11fa4581c376ceeda992f19595a6b01c4c656b7485bdc07a37e2e

SHA512
fec0b15c0af8ba8a5f7ecbd9dcb05915bdba99832c8b036d83a494361baf7b5cbd72b017da3c6e6d00c1aa1e91846b4c8963f32676f4aa12e398921a7fe9ca86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eaeadbd81bc6fdbbf49587e9b76b96a0

SHA1
03a51112f5926408b07da5d3536608ad031369e6

SHA256
163cf47d2b16f2d0ec102a02283675e16b50ec2025e1b417f65118a10d50d2f0

SHA512
b5f6a8fd123d0076bc29a49638e4d8440b55abe97d8c7d7e41a8f7b77e5df7b73bc5714fea9a4cb117492285fc6cbc335d1a58ee4c743894cb7ec557c3e8ca36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e5acec421d6445f454c502c5e987e401

SHA1
74e548ff694fb86f302fb02616b73a081085a5bd

SHA256
c7d7b39971024e293022b346b48ae5df06744ba4675df3c9430c783e0c51e800

SHA512
3a768de7471c2326209bade01d1a4f6445ce4974f0fa1660012b2ac3a2d57d68f30bd79e2653b4b328e975f799d95e4f1fb10e804dcd051a69d6ebf60ecec4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1851d7b93941e73ff44ab8304c8c2437

SHA1
76c64374066eb01e401b5d0a1f2e90cbec0f628a

SHA256
d4012878475695d1afa7b0bd0949cfaba783c637871622ab472eab5e6a25f47c

SHA512
c2ba5a44435fdd0581dc3ab5644b19c326b3175ba656301d4fa1290d26e495ad2f597e72bfdfdc50419c69a7549100dc68b46d0bd21b183b082c0f12c290c8f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
21292631968b20cbfd2e32116ae97625

SHA1
2258d02fef02dcf85a5bfd994c0c929fcafe9d60

SHA256
fd00b4eed896fc6e09a053766c0157ee224219664ab740bd4e38b2ace3197735

SHA512
74a03a1afeaf5e5b15aa693af77e5295ef1114e13593284d3ed5949358605cf599353af9af088ceb4de0610e3f34fc93752f468d35bf0551f98fae6967b91d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
39abadeec07b1b918027fc0cacd315cc

SHA1
96cccdfe065109974c81c5c370d1f0011819d075

SHA256
2e1ca159eec5c73d2b9d0a5fd45933facc24cade2320030ba312d8c9e397b8b8

SHA512
5286a714ae1a84705553523f27c7efc42f91bbf74fbcf27e33328e0dc77258c313ce5c63a842224e9fe31be3ef13b49e5861103aae309df11119bd760483be22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3a817ea71e95d834a2a026de6d605abd

SHA1
b3de30f8da3d0cc0b2ccaaae00f93d1712d45576

SHA256
13d4d9cb3d2583ba624aa8e19ff574708e19a967f5a28e338f4f0c99875ab479

SHA512
cc2076ea07c0bada455e93b9badf1b0c0a5eab549552468a9109ff271ceb9e230333b57a442e464213e847081db9aae496bb01449beefe5ee73364095dac9738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1f6d96a622df284309275dabb499ceab

SHA1
d2f160d2afca93b71bd662a8ebcf597c6cf61d4f

SHA256
46499ff43da4fb074e9943f0d3003828398b2da8bdd722f3bb8c749f37ebcfea

SHA512
5e8699b9dd23c14f3b4ee8d687a70e8f7f64401e9ef64cff6f98c1c06c4ab5875043907b4ad6d1c6e63d862df62763358cc9e4fd4edd8d9a52e5b26e0dc4a246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b31124dfbcca79c5edee944bf866c39a

SHA1
062f664800f254281f3f905b163a76024d32e824

SHA256
4041c5d4050eb1870ee02471cbfff1fb862a2a0a6973943ce7c3f8242c4a35ba

SHA512
710f51c040079e3d66514bfe2fe6af7494611d0fb9c4af8ca9ccaeadca3ef63e44d0f29ac40952546c09b4ed4d60fcd91761dd0c5e6bcabdc8d840466c81fdee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d9bda0e7799c4a5de8c25d5dba1814c8

SHA1
5acc1f85b43bcb2d9e0f13a15e00c5ff6b9a90ea

SHA256
866983fd968880023a1bf287e659e191b3cdca239beea5b8a1dbf98647cc113c

SHA512
23f1133a42e15fea012364e6fd12003988db038c7c8d12e32f897fa155c0b7b6a18265ba344170f270e07b639563ee88698bf759fb9f506c17779f6c19074bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e44a6c036a5b34e28e71479a552eae0f

SHA1
ee67ee8e3d4ce381c6ce7eb7af32f57fd416e4be

SHA256
af6775a80852c31633991d56e69569280f89d2bd0f6ec6ff94254e4041c8d5f1

SHA512
86330be4e4fc57ac962e3e8349156841d13baf267d78bc62dac4a6b07a2b6fbca34a8ae579f35783b3774b0a92a4c8b03f78f0a5887faffadb4bf003eb0ba913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91408c6d1549bd4e9b9b59e30caa3f8c

SHA1
cff9dde430a852654a446cd022f4d578a932a686

SHA256
bcfeac3baa0c7d53c0b01cc088aa51e4419c763573fdb2f3fdc411488b4e9256

SHA512
ff0e8147a8b442fa5757c29bd9f9e3407c455e26b931692d24a07a4143cca33769d474336030e8bed5461cfd4139c8565931fcd2f13e4519238ff934a30abe63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c8deb12a75c2cf4926b848f2bf3b7f75

SHA1
d7fe9d5f681a1946d20524ca1fb08a099459a8ca

SHA256
e3191045ba505560922ad2e85e0ddb328e70ae3a9c407368669c7f00ebfa1af7

SHA512
0dd87231b5296b3acb560026c21d74bb084c39a8421c08198513762f059d1fb1e4a696f0b2cabf23bcfe57b2a98f381fe9c200d54be9eda6d6c103b344a97089

Download Submit
C:\Users\Admin\Downloads\Downloads.zip

Filesize
27.7MB

MD5
a3afaf6a35a8d9f498621f099b954340

SHA1
ad4fec23fabf5f48b0f87bd570d9458775688b5d

SHA256
369098d40c02418c92dc54f4350820b810004e1834f84aea05f50b992fb0fc99

SHA512
8b6213d25930e6480289ccef1adb5c6c7dc2ae93c31244dd538eb23adabe527df6a77d5a288ba5070177d0f988a0cf652a4378e2c4d80642a810616b93d6206c

Download Submit