hxxps://drive[.]google[.]com/file/d/1jEeC1bznQ47765ugntyIhyHeou52oD6M/view?usp=sharing

Resubmissions

06-08-2024 22:29

240806-2ee5wasfpl 6

06-08-2024 21:49

240806-1pa38svgpg 6

Analysis

max time kernel
1724s
max time network
1725s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1jEeC1bznQ47765ugntyIhyHeou52oD6M/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
3908	msedge.exe
3908	msedge.exe
924	identity_helper.exe
924	identity_helper.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 3808	3908	msedge.exe	83
PID 3908 wrote to memory of 3808	3908	msedge.exe	83
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2496	3908	msedge.exe	85
PID 3908 wrote to memory of 2152	3908	msedge.exe	86
PID 3908 wrote to memory of 2152	3908	msedge.exe	86
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87
PID 3908 wrote to memory of 2604	3908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1jEeC1bznQ47765ugntyIhyHeou52oD6M/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab34b46f8,0x7ffab34b4708,0x7ffab34b4718
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2936074847496206639,3134948228385629728,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
15ae6d588521cafdc99ed61c22042007

SHA1
90bbbc0777ab5eea7800a4a9cba428613d72cdd3

SHA256
3ef33141d4f96a554e8168f900892af0a48a8c5978da42bf206998f9ee3918fd

SHA512
364a075bddca48024638064cb3a6db7c076727205a89afce930ac35a5bfd78e019b9693ec844b700bfe449d5d0f370932e9ce8a28def9034d5cd6df6685ec03f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4932f98309cfcd3b18cc1f9bd881d76c

SHA1
0061d966b77961bd30596f13adcdfe03273734a3

SHA256
f0e11a4c1a697460f242b92dc2f661246b422b0516d162a9f474ac1bc714f8cb

SHA512
7326c960ee1b737fb36e5c509cff6b0acc9b1a82350800c776376a9b349306a3dc9508166c1977c23095d7f84d13f5c43bce29d54c9bcbf78bd5911a22111622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c45b20301e822ea12e924610299d1306

SHA1
de94a3224389f2334455c8cd6157098a62b3704c

SHA256
b0610b69e2145a161ff3c2918309e1a43ba6e17a74934a44f11123c80aa38ec2

SHA512
7746e20fd13787ecdb25dc8a5abb3d90bb931e563909b6f04199b82b4afbb8df3bee5277189fd9dfe9f5689cf29e796c2f9b2d5c77ef9d6aac5e5471026d5271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
03817b389e13a52c0f424722a0e7b2f7

SHA1
3ddb723da62bcf9eb87f7304d509fd8102d16981

SHA256
98f627458a4d97e2b7e9431cde36b0c90fd9f6d68caacf10d5ec972595336216

SHA512
ffdf81a524252a602263087ed3187969217f20e130cbbf21a55414dbbd661bb11e533f18d0186c69ca9f46b7c305c73cc8f4fd90b050479f3eb286bcbf102667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
93b4f917a5b069ce5daa2cb83d0ba135

SHA1
76436e017715f213b031ea5a7a4310bcad688b6a

SHA256
d38d7b438e8394ad569d9492cb2d4f28622ece4514afe46891f7516b5ec6f03d

SHA512
b051fb41d18f1e8219d0e941ce2a0af4d32c63399a034f31f29c119b3d297d4436a4f4275f0f1c533fe595deb9b86d861bb7c031405128263524f64611fe9b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
60d34304aa4291c4a05a9980edb7e963

SHA1
63480db250b3394651c486c38cabd35820c42c6c

SHA256
e1e14a4071ce964f456b86884271d369d472180465c8eaa826b429f7bb8bf39f

SHA512
bce558749e3062709c48bd0ea684f415ba12d6e4ba2da0a5900245c569e5dbfa264cd572e5dc28ddc40b6198acfa9e1760cb11853a59ea962825d8f35417a889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3496c6e9dba4a5753cde516fc6055d81

SHA1
8e060ebf3dd08d2a1798ff8760107fa83e31d3b6

SHA256
508879aecf531ed02480694166bd92893822efc5947e855c6f5ee82d64a45395

SHA512
7f86b8e24386033239b68049e8b52b2c418746a136220dcee4312220d3d5169c0b9d0514742adc8a5d914743a8d4463741246582090bd0697285d7f64c03a57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a9cab249434ba04b5919a85670456efb

SHA1
dae8fad3cad30c7b6859c25beb14ac8e2dc83c59

SHA256
ac53e91bc0f7600548917739859fb207cb1f6ea58846199bd8318d1d27ffbc85

SHA512
2c46eaaf4a55cdc63e9a8c01f6223aea35cad0779fcf7d5c09189fe3d7fc113914e643f7fda78b95db44cc875302196f5eb59205992a5eb5db5cd3d5623fac85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7d79e37d98d099dc53504d09dacf45b4

SHA1
a9583956c625c4684324b67fcac7f5da2314aeda

SHA256
b6c03fccc26bb968c52f4b3db497e1858c604a9db252d9034929286b1f59c713

SHA512
eb287dca94075ead6f02839c7bb4b6d505ec8cfbdb6f2bab05d58a08c9b90e48e67cf2be3464f098b14284f59b955b32b2bbb46ae6f7927e9206c7fd61309db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
75d9010154332d1d9d3c9ea6757b032b

SHA1
5a6c5cd0a1e105aebff7b0066aec85b76d231ed1

SHA256
8a43b2916595c9ed34b7f37e6b3a581f30412d2a31b999ac63d387847f112bef

SHA512
feb2d6fa6b6c2c136a0004aaa8269f82a028426c111fce18ec9430a6b8f5275c27790de68b580f72bdfa050c7d4892eb5ae07a749e492d924155edb892384c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e144020879c26945b358b4f0295ec973

SHA1
533610336ed46726791586972dfb4cada972f38e

SHA256
175cb891eb890baf90d348f50f8bf891835af3f0aa0d452dffcede2d239d1812

SHA512
630f2d2d15565162d457dad61183d5a9155aaf78b7acf861a8ae6981da1d64facc7cacecd33ae347f6ebf847a1719c45aec9cf47a8a8f17d9dca652cab57ecd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5ef3368ade60df10edb059f81a640478

SHA1
7b43da7cb0509b6a8eeba2a9df9e8fc8b6257b42

SHA256
3d90fb6537045e58b0bedc86d61dd4ddcee06ac77d4c7adfd345bd744aa220e9

SHA512
5f640c1d92495de62114e3b12295f700a8a3500888491b366b310c1f9d69e95aac362ec23072be380ce39200026d4d9bc3057185ebe8be8bd1931f3fc49299f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6c2f89a1877aadd4dc0154687aa9553f

SHA1
8112db9109f6c98a2de6eed498308a7a40fc3e50

SHA256
0068eed244319b6d2bde203adca465eb4a3a8edc93bcc246c21bae374020475e

SHA512
48b4d33e6331e5260d3619306ae00391cd8aa862fe5a7775eae206319c1317ab9680f3e4df04d5dfc4287b3890def57511cc44a7726424e87ede8728153020bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
814fc5bd29f6801ca770f82d4078fa99

SHA1
a9f3eaec3aca3ec88ddc92b71fbbf8e50387826f

SHA256
f47513e047af0aebbc788d4a8343d576c40e600f80101af23769ee4f09e0ad50

SHA512
da867398a8a501949822105b5014a7c9ee898765006311ef264c3feb0e3fff52d330997ecee91a8ecbc07d686b57d47bb56bc19a3723e7c2a662be80a83a8129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
df10fcdcacb2f4cffbc3ad4b18f035d1

SHA1
a948030b8cc68896914fd0653e7e3af01cc88791

SHA256
1bc1dd78c91664929845f9ed645f8fce5fffed7dc3ef1ff8df92aac7db12f587

SHA512
78861881c63fe91417a43963319069f48f5fe905c86b18329aec9d009a39c118ccf106bd890a36faf8ce6560f9d041707f497217249510c23c9696c5f277b142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8252a7477d433344cab0780ce34d6424

SHA1
3bf9e00fd148711f38e2e2962415db555a9f8137

SHA256
21e9583d0ae7ef0911da9526d60acb763bb265314f8f09859253be39bcab49e2

SHA512
5c4e2cd6b1e34e50cf06ee2dd59a6d05d7040e272f3c68c6053dcdcab0d47f07ea1ebbff4ac6f26020e990ef1377b898ab317eb0a34699859f20bdd43718e351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88f1649c8ab209781b9d3a6650ab459c

SHA1
092ee8c7b33b4e4c3ddcf6941c1dbbc1cfc7f0a7

SHA256
73c5abdf3826b95e100709e2009d7f23c42fa0db32071d56d6e1c585e59b03a7

SHA512
6931f332d7977528ac3f8d91a79f71ae22e9f1fdc12479367baaaa357484dbebf979a6186afae21bf4f7e631cc0f065a9665bc70d4bce1028422cd38d133304a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92b99aab91a17a4585a82db3edbc7da4

SHA1
9c21b71f99e2ec631d13861dd9c257a39bd21822

SHA256
d5de8dbc88082ae5eef209e13dbaa206de48eb629ac56bf3b83e4ecac3612232

SHA512
06baa1a5ccdf240ddd1694130b3658e8533f9df870a2cc064bff7b208801be6ce3127d7bd89dca771d9f639eca222094066c53ec280ed0dac8131bdd1203f679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dec0eb5b3135c38aa2dfc017ec482dfe

SHA1
140b18793773b737ae44326c690fe455af2f3cee

SHA256
c39e4e505f14961c700ba73173d94cd816d1c3c09b07d137a1f6cbc22c9aa42a

SHA512
7dc6495f58743c675cdcb1c68f93edfdcf8f2ccf7691277ba30fab994fdf101ac4c42e2c1ca480bde98e3abe548b220ae1782b82ab0ba52f7b73b3476f15771b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7625732d742cea1863123deaf8845a19

SHA1
81f55e6253971689a534d5b0e33572f036545938

SHA256
91ce8298f68798781f49cdc7d95bc2a7b7d62e08a5a4aee192a8fffea55bffba

SHA512
bc29f8f577c3b869f51308f6173efcd5895110ffc46fd81543c9ab8d4f44e53f768b608cd2e1017866cd5a07a57b50903feb2cfe4e76b56a70b0a0aaef85d3f4

Download Submit