hxxps://drive[.]google[.]com/file/d/10XmMguhuElxXDVSDtsl9Ff-O57MdLPdM/view

Analysis

max time kernel
1800s
max time network
1727s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/10XmMguhuElxXDVSDtsl9Ff-O57MdLPdM/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
3032	msedge.exe
3032	msedge.exe
4732	identity_helper.exe
4732	identity_helper.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2928	3032	msedge.exe	85
PID 3032 wrote to memory of 2928	3032	msedge.exe	85
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1916	3032	msedge.exe	87
PID 3032 wrote to memory of 1852	3032	msedge.exe	88
PID 3032 wrote to memory of 1852	3032	msedge.exe	88
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89
PID 3032 wrote to memory of 4284	3032	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/10XmMguhuElxXDVSDtsl9Ff-O57MdLPdM/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffded4b46f8,0x7ffded4b4708,0x7ffded4b4718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3544044804401085391,3580525766209234195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
91aa7c4b483ae354fd805ad19bcc6e29

SHA1
1adf5ee9439537d9416f1245026496cb0a40f0d9

SHA256
035e987a8c1849420b67f27eb69b6680c9790f6e78435c63246e5009483d35ea

SHA512
ee89c7bff9dd248e20f00647a7b556c937c32a214c1e34770f470e5b13bd1e8c685bd99c236c54d3623e5f0154939dde876f1d07406591ce60a2b46207fd8971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ec7f485d4131904e474eb80efc6198ff

SHA1
46e6317736a3807acb3e6350e4e4f2c08d4f0314

SHA256
c31646bb9ff780ebf7a588d6489de773b9573648aa6626e7a2b1d180c326be7c

SHA512
2c2644c902440cbb9398c7f4f241991c7e3f407b211be8398f3e3e8dac1549a2e9996606c1a7d49facc2dda59a7b8a619a86077ffaa5247a99f628361ee45a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a6e65d0dc226a09e95644fcb79db0d90

SHA1
f5d4a853aa824248c4220762ff8ce36947aba485

SHA256
f7d0944d1369930671253421fe778e035361cd475bfef2bb7f56ec4cc5b1fd18

SHA512
9d81bea7682212cd74b9f347a1f6d4f30623099bb07e9de9a5ec3be54c1b0c744866d0664af97e7da0b68495cf9528f89cbfd2785d9865f5d7a4ecca58b800eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ade0b5f77197a1af1b36a06610de02bf

SHA1
6db20e8531ba4025c30c610e9ad10722f932d037

SHA256
db95b024c1a15754bda88d7a1514999b5d80fee48ee21945b5e8eec72f19381a

SHA512
0b5d9332de6e61a342601899e1cdd4ead12cc9e9b420283da31b4013546f407de65f623b21cbb6eb7c2600e360f3db406b850eb0f60e84b9dec9ab1023cd2722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2d7e3d9427a683f0e101e1cc3e435200

SHA1
b703a9d5f36e556491f118c3c6ac2b7c738a8d61

SHA256
3318a63ad06a955b37074b83a681814a4004463c7fa29c002d3e189e8de1bb7c

SHA512
754fefd14a12c5cee19706fdfaad26a176c612e94d2c564854ff6bc138c2441d5118dd6ac1e104537add18a1ea8192d31cf1868dc2ae43d44186c1df0df20c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0de8603d0fe9d6f37cb423a1dfc55467

SHA1
490cd000a03bbf8d93cc40e7f162a36ef047d296

SHA256
f199489ecce209599dde9dce35ef4dc676a7231a18768cd3133eb2b0c8050c5b

SHA512
4e4f1195feea628f4036c4e74d8b3cb407ad847a24ccd549777f42552e3421378aad5382df747a1d4224969fc2c7af0c70fd8ea193fbb0a4ff688191014f34cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f2cb8c0eede7703a9c25b15f31b59cff

SHA1
1d23bb221d876c87a7453825fbe23917ea8c6394

SHA256
149882832ba1df72be8f188891eceb7a1156d9059daa0a7b7ddd4a602ab504b2

SHA512
dee1beb40607cdd32882982aceae79d498863fab3d3ec7c0eee747c5cfddc2c0fe263e5aabab107ffe97ba1edf64bc2f66c6643f800216596081a34d5d49db65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6fce50aefa8c54dea77bfc70a742376e

SHA1
94e9ea4b440cb349e44385ad88460223ba0a2f06

SHA256
72b34c997c0b40308af0c2c02ac2b6d4cc1d2b9f13126733445d0bec47e7084f

SHA512
05fb34334f3d1d218b89797ff49e6a7d37ee078fec5d3d2e32a66c054f8e39cc11e4d894ad994067cc6770b7f2aed1ab0e3d21c272403b6fda6428c2e6a9a12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
df40a96f75825a1959998eb9e4458749

SHA1
2dea87311a17f61cfe8554029c77932ce1d578a3

SHA256
5ed05711a1fce1fdb3c6e4c8f6df6dd4e40a72925ed2297dab2e5ea33b7d45f3

SHA512
a0500d5eb83318a1ee2ce945f31154c5bddaa7f22ac8cc751556e29b66432bf83f0f2390bbef29ff0bd1a396d2d771396a8bd94b580d6385fd57de2b438ced34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cbcf1c6d817bd159d568cc9e900f2134

SHA1
386aeffc4c0ebff7e8b6431520b6e26cddb81465

SHA256
327fba8fa7ef36849c257c04dabe00c473af6f7652942f43cd4e7973ae1c5fec

SHA512
4b467bb016f8e80bc08068be7748efd2efc8c27b72d1cfa59bdeecd96cfcb9769b0659c97d70f756b3af7527e8fa61e551cff33632a3dc71bb5a0f3cc875f345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e3c2e272ef1e3f1b5cfb4629b731d467

SHA1
06540ca5f09080013e5a54a03d691adb8be7bb85

SHA256
775ec7956e529384c16f6ccd6cfefb6d210a52a0915fd62bd5926a8e01fdf10f

SHA512
9303bd83baa3899e86c061f87715e729d6e9abac9b8c0d6bb133781c1c535cad81da469e917ffc11ed8034ff7cb2f0688bef3459353f4e21d00c82af6951b4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a3143fc0fb79da97ed42f67f80c4471

SHA1
23ae4ca4171ba5d0721114dd81e6ece75b8f9134

SHA256
7d58a472911ce978316675475d5b0f4efb3a41257bf4302d08ac5b68f0878a71

SHA512
0785fca2d88fea983162c4e7e8af02076ff76be2a1fa390c333b148310e331a3270447a32a8c61e0e5b57f86d3cbddab4878d97e7d9b62ce56d0dbbb5318d0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aad09fc99173058ee80356e27c8d11ec

SHA1
5c6147c8ffcb0bf337943ad81101e1b8cd1e2f36

SHA256
88d82b0653d355ed9cad1196edac72fd685a674ac5eb7af56fba707cb61aa492

SHA512
13279d1327612adf83acb8f96435aedfd444885eede1007b82995f432e296007cd704e46eba099a6fe9086dba43bd993e4c67401ee357ef341ba4413ef94990b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
76bff378eb1502fd5004b51d083e6f33

SHA1
6c0466f1f649804aef83a27f14c3637ee7dfb505

SHA256
99da31b980f3b3acc279a792408cdca17f13f4291f622e1ac7255467f31eaa02

SHA512
f710fd2dd49663d5b4e6c36d22cccbbce3306e228318a6bd695eaf699396d028684e5e393f72d4b9ed562535566c3fd4044e80eaa26a70e516500ad91ec747e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
578ac9fff6044ad0698e63acb2cf0b5e

SHA1
cd48c49ac5edcbf4a3773f18cf99fc13e36eea50

SHA256
5056e2e907df27876a5d685cf0ac76702e06060297d5820b9779bffdf17a2b52

SHA512
f3fe99ff23f9f5e0b27a161f23bd79f40b5251400dbf2a0132307123694a91fb2b337eb962f14a9f56faf9cdb1377bb687bda33dff8ac31323e96d17ffc75a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c1ab8cf06c6e73df6e7eb5860da1c904

SHA1
f1ee938ced7575a73beeb7b628c1633ee7cc11b9

SHA256
7399b214811078c7998f4e51728eed942109edcaa96ffc71637d71e277a5f428

SHA512
e2a5deac98669bb43c2b7498395dc843f8f8a1b9e2d5d2f7b7caf4d91be54165f0fd695e4b32499eb50e8653ed61cca479437a0b2b258cac02b390e54f5d0c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e6a6c6512d4a732ada51b7c4df7db8e5

SHA1
a40fe029cd5779caa6f1e4db00fa30f5115b7e58

SHA256
fe8e368ce69d7f6da8affa60bcd7936b7f50f1836e296d3db0a9cc5850287cc0

SHA512
d4565e8529f3251f8ed7a8d86be93ac2cd42f519909a081ba080adf5e1edfa7332720da3a11a0bb3b0308aac283cdf890239bfa8eb0850bfdb85ba15590a85dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a64f6180217f90e16902e36138701161

SHA1
2dd28003f8d8be1abcb552fc8e86072d133be151

SHA256
a6eebfeba63bc94a09dfa7e68b8a5b3bfe002db125cc370c3c5123032cf588a5

SHA512
b1f4eea954d3aa28c966b618cb834350ef71fecc219c7601ed9200ebdca53a34c54736b187e267944d1f5907156017a0bd22e70c2fe5bd99a24864f4204550d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87eee9f1ee3a29960a3d5a3b0b0fe5ac

SHA1
3aaca892ff74b4790b84db43591d04b067bc12b1

SHA256
5ef69ab06a0fc7a9d98e99e644b2076f3aa865ddeb585a6fe9fcd9be452a07b5

SHA512
a543f5a52ed494e6ac90523d0dd09f107c117dbdcc7431f7f31e860e846cc176d3930e419724ce8a727d927cdebb9ce0841e36d3832515ffaa0fe6284d976755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33d8078391b340f0a87bf47c29837f51

SHA1
869b36205ba1ae7a02184e16eae1a794706f8303

SHA256
28c17fd29c127f12a3b3deb4cbe29667fd0013e92e64f09523bcf634133036d9

SHA512
51f09fbe3310594ca3e90b0ee1a9a26194e80774d782aa42a86707158d3ebeedae5e2ff448b0e90181b987f1574081daf58d2b5cffa646fd067b5b43807c6eea

Download Submit