hxxps://drive[.]google[.]com/file/d/1zhx2sDigW4t44fuINHEUqkqU0yKuRA2T/view

Resubmissions

08/08/2024, 07:05

240808-hwkbda1cnr 6

08/08/2024, 06:56

240808-hqrhhavbkh 8

Analysis

max time kernel
1726s
max time network
1727s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/08/2024, 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zhx2sDigW4t44fuINHEUqkqU0yKuRA2T/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
2600	msedge.exe
2600	msedge.exe
656	identity_helper.exe
656	identity_helper.exe
2464	msedge.exe
2464	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 4384	2600	msedge.exe	82
PID 2600 wrote to memory of 4384	2600	msedge.exe	82
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 4376	2600	msedge.exe	83
PID 2600 wrote to memory of 1984	2600	msedge.exe	84
PID 2600 wrote to memory of 1984	2600	msedge.exe	84
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85
PID 2600 wrote to memory of 1320	2600	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1zhx2sDigW4t44fuINHEUqkqU0yKuRA2T/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbda913cb8,0x7ffbda913cc8,0x7ffbda913cd8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,2267278610760784936,14453637752835239662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
89847f24578096e1df1fdf66d09eb2d6

SHA1
c489c0b6b3cc8f2149677ee363efdbf829a4dcb6

SHA256
2f3ab14eda7f6e7dd72c02eca580b36022679e21930e0e933cb66fbf2d4c5c15

SHA512
ce47353a21bf90d7ce9d8d6f1390ac0f30642742d86f6124001a98ec660d68ae952183483ebc4a0a44a1ae5786cee9d119b553423a669416b1c1292bb84742d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc418722c0206a94f3ea199f274fe29b

SHA1
623b7aef8ccb4b189b3456a414b956e14df448b4

SHA256
a210da77529600300f75249a605603ae4ed3a874592a3251fd9c47df6b93ec69

SHA512
b16b61d143a111078870c14042f18ef6b678bc0cb53d5389d05e63dc24705906f266b616a6ad47c6aae64612d52e86a365a20932f5cd491b404ebde7601bbe9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
512b0fa4dac09fbf1719b6795659d23b

SHA1
cb748343c1db9709213942aeae2c8585a9a6b7fc

SHA256
ccf0ac19c5dd585ea762e626ef2fb60fe8768c79c58d5933f2a7fa5b2b4f44de

SHA512
1840103e22d941f5c3a1352edbcc24a3add8e352e988b7b82f39778ed6d40bb56f5c4d56e019f7c067b94e805b9d2428326f1e55627c1c75e19c993897cae1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4f95e07e3257371845920822d863d056

SHA1
4e1faaecf5cf459b83842d9deccff7538d761d18

SHA256
a81d9cebb45ced2abc84749e755b2aed74d85c23391b34ff8807905eb7c62ccb

SHA512
86a7d66d5c20c4d056088ca38bc30e7b7b74b954024cc93c94a4f7fe1ada3239acac3afdbdf797d765994b623f3a5e15032e6c9c9b57c725962aa16e81866460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3893473046ff93ee137fefae7ab7aeca

SHA1
c0b9808a9926f0937189eeeaf2a761026273f867

SHA256
4db312a88be2ccca4a436489c1e2df300671fe97272f6e7ba509fbfd973b4e72

SHA512
3027e19eec527bfca111af4000622528ed0646d3b2777ea443deb91a3ae01d20f036e19e54a131b1f20a0dac8b37326482b9bcbf568a38d5ce52b82127977d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ff262a55c4f17bb81e29d525396dc564

SHA1
a55c67836b7105aaf25fe7ef071c7956dd8eecc3

SHA256
44d78520dc5b7831a7a81caa9ecb5bed808344a3bee02ede18f0c791bb83b140

SHA512
0138c3b64a76075dfa8ae06cfc796868fce433103ac9387d8fa3567f69847cfa438d0cb3f2ae8ebbae0fa9c77cc8366da3aa2cc1e9f7448f2ea988c924854f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2ff1d4481ca500c4b7968ae3d10bd7df

SHA1
250ffd3ff88d300e588e2b75d33fa40c00ad62c4

SHA256
95da6ebe6ca391d1e440390b87e206f05f1bf8fe80d4c2900cf6306094686326

SHA512
46bc1a89ae66dadfbbbae7af698dda7384dd877f2b7677ccdea18a1658e6009f6827be5f192e033a2c8ef5aebc0b40e7091ecdf55b4222270d993c2fcd11d55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
813de66d0b64908bff8c3c532e6430be

SHA1
9ef409d7b67b52a686498e7ff9ae868d4761535c

SHA256
2ad94218a84236c6b5aeade007963b0be525c3a0b8a65ea3ad6d1ecbe992ff03

SHA512
63f67675dbb88696707d249a34c8ec34c58dfde791a6bbf9e3fe2ed6ac5e8d2382f1be55ad8399b028a937f869af8f55ef39ec9da23c4c7d996e27e7bff3b97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d64ddbf55d751c6caae2901a4e2dedb4

SHA1
b3c384b6edc16a898a007478fe48e388d4a7e356

SHA256
ee231bb5c974dcff63ec93137b87c6e0a9c83d5fbd08f7b8a93666c351d2fc96

SHA512
b063bded83acc9b43450b2193cbde09e10b4ac5bd63873749626fe55c07039f6223751a14434d2eeb434e970be4b28dadc85164d0aa686b48d780dd4be6eed49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0e42cddf15e27e7792608afa3ff407c1

SHA1
9a81e865f29e4a5e19569ef7c4084059e8917f42

SHA256
38e667b1b0b59362c1e7146a7d2f7e6c8bbb8c58d8bd0e65d7e64b3107148b07

SHA512
805af011f22b103c15e7cdd3c4129f7d6c5c240b4e050eb311059edd89f0363df4e05261c34701367f81fd8a957b64f6044d33cb68411e3e552d50882e3cf333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c4968c82297ad29b27e3aaf62f2cef65

SHA1
03b9eaacad13bd921c45a34cb836345ff3d58aff

SHA256
c05821ed6f2ec5d5122d33b7fc8eacfe1158c352cc8dedda4054158e2917c02d

SHA512
b704c14abf185ac6ee378bd69c903f9589ba4a4822d227b033925a3ce494dbd10aaf512887d016e5d5b5e8dea85d89a892bf059d23b66b04922dd280b88e05d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7308e285ec453623ddedb3d76bce446f

SHA1
7fca6edf98bff98012a42fbfef78a8207ea2e385

SHA256
c3e4785083003760c2b23ce122e59f41526af1df9ea77efdc744bbbfe342b642

SHA512
226f54d12002449085a77b07a85018d2807ab4c413be617c8476de1d82e354710d7a88fcca21495de90f641709828ebcd81cbfa7dd48b69ce6168584a8c49459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8e69fbcfcfa84e741d5a154f6e77f6a3

SHA1
954d1cada628e9b5eea7f9799b65ca15c9a4e07d

SHA256
cc7205f951afabdce34d59ca073acc995fbea4fc9d4aaf38af301e0c1b3e3550

SHA512
5bce808c2edd08af58d2bbb0c0ff687541e5adf7933b93cc5b59dfde4d623579003dccb95d6ec2dde1c31f6e4e961d74c06888da21557a0fc2ca339ec84d109a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
453319694f4760e05eeb2d37ef703e1a

SHA1
44cd103e0df30d00f4d34e885be1c1f448ccd1c2

SHA256
75740db01a6f49e95e97ee3b5efa03e75ee35f2f6ef9c16c2b32bd56a4ed02c9

SHA512
055c3a9ff69d2cd1554ef01428f6e70eb0ca7df7b08621d31d20971185cf38053dc4006cd4b93dd85635aebe586433bd8053d352f712459995f510d5dc27bcf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c27325d32a2affd7e20d11907c0bb510

SHA1
ad757f3f433404fdac2babac35934abe493fb72b

SHA256
6b9f7ca3157c054c1f2c1417a430eb408967d72dee48441f036d0a136167ba49

SHA512
dd4fec6f11eab41c1f8e6720389325ef54c0e90d80cb93a097b54ccf9c65cd5250f0a664ad69c3663bcb3d0ef6ca8cfbd5cf88fad77beb17320a0cdf7db89beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c3726d02274e2ae566200f22218ba535

SHA1
746efe0bc4c7f8bf2d15eec972e53539ac174257

SHA256
7007c264a507bbb36a8dc75f356dab0258d62f09df881cb8e087910c75f68ebf

SHA512
5de1cb97adf504c9bb14be9cbb9d42438e94b5cd3a84c1c01dea38e08bdb75baff2fc80dd5580ef9af029d42f7edeef5f575edccc6b1bdef9ae342dd88ef88e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
db9ad629fd0373b6c2a357e5fb588c4d

SHA1
b8de784d0e0d39e137faa1042d38577ba8bd75b7

SHA256
6f5bc1c92a84641d4ac329c56c8ffad108ce2a95b9fe2dd41cc0ee03ece09a80

SHA512
3a161ce72705fb84c09a6517c3ef414f53b6d2fdd280193048718bcdae66e18f334c6f289356bc75f330ab743d3c6db4ec79ee5326851f01c2e6cff1e448adac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8105518b1f11da1cd848a1397a8448c

SHA1
ff87f52799dd0f9ef1de5777e26e948db71ba673

SHA256
be17b32899a5cf568c34d7da518a3c2e6298dbfb0e65cf0553ab7dad4ced9b63

SHA512
110ae1548fe30f93e08710c7a46246fd36d1a8993840da62d8841edb213032f4f5143138d927de5328636f16f5f60570ed87c9e90e7e1ce0eeb54d72fc73fa33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8663b9d6c3143891504f2ee301756996

SHA1
e0857cf22b5f622fed3886e40d49f9b4a5e9d03a

SHA256
155573d2a57f82924e1721de2019f280d5191e10850061c879de0ab355f93a41

SHA512
d7add69163eba55da1a2e7ea18b19dcaf70d691b3bf91a595ddc16ad34924b2d3dd2bafd3e5be7c5049a75530f225491afe2d8a58bb87019e001b893f233edb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
695b306bee4be82eed184bf4f9ddf0ee

SHA1
7bcd4f8af0b91e2dcae5a9e54b6603769b3d09c3

SHA256
c0e69f1c8dde40f27225569d09978c0a84a34d3539cdfce41c0122f07e440d5c

SHA512
b029be04efa373a13d2e52aa1dd594d18621a4bc77f26adc42ef2a08d93d55a4f6348df759b56e6832ddd1f6280c0abd531dda37121dc5953ffab59acf1a81c8

Download Submit