hxxps://drive[.]google[.]com/file/d/1DLWNBTyEUzBI7XFrywLmQA9zmkmLbB2p/view

Analysis

max time kernel
1795s
max time network
1738s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1DLWNBTyEUzBI7XFrywLmQA9zmkmLbB2p/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
3140	msedge.exe
3140	msedge.exe
5096	identity_helper.exe
5096	identity_helper.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 1412	3140	msedge.exe	83
PID 3140 wrote to memory of 1412	3140	msedge.exe	83
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 4276	3140	msedge.exe	84
PID 3140 wrote to memory of 2356	3140	msedge.exe	85
PID 3140 wrote to memory of 2356	3140	msedge.exe	85
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86
PID 3140 wrote to memory of 2840	3140	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1DLWNBTyEUzBI7XFrywLmQA9zmkmLbB2p/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb974046f8,0x7ffb97404708,0x7ffb97404718
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3984906361106749277,3058610260908169647,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6552 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
bfbc3025e337c81c8c0b044eaf75cf5e

SHA1
652826c3b893a98e6dc03b41d708d7b5c8d688e3

SHA256
71c7296d62300cdf9dd30e1bf1039e316bd61840828f7415c51825a9e779bdbc

SHA512
863cdc21d518f9a46249d6d941e9e3470ae410853ab41adec1760fa3b8404fc6d9aa2d6cf7d27b9cb5be2fb4ceb08bfd4a7fbbe46b69e7944f4ec7ee13ed1124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
08c2728103f928e342747c8142bb5b01

SHA1
e56ce3dcf150f735a308a0d81509ce75da5d81b7

SHA256
dd64f8285a6aba40c7c830b90688c24e30dcb663ce40ae282d3da63251de77d6

SHA512
e130a991d787ee9d452748983e12956f556361739a12450a407f77482e10429f91b96031a09d941306a8d539b4a4c3e3b9ca981160cb88155553996545e609c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
11ea8fe443312ebce75d9e82835f95ff

SHA1
05fd5e14496a888b9c1bf3ec67ead89a20a7cda5

SHA256
dd521edf9125e1cecfe948e85483da7f702eef391466975e49deb4df126885ac

SHA512
f73496f79d6dceea3e3712d8a6c3da495e0c6ab0f5b618ce4c9492bb0177fc15503e5421ef0ae95fc0e762388d78e2b9d9b61dfd273ed8fad90bc62567a8f599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3470cd949646105c9d48a41c45a46a0a

SHA1
ff40acb2234bdba76565f8c1d0ea1c27986f855f

SHA256
9cfa30115f04523e245bc2b857e54eb03980d1af6c85feb4060bc84c2a8d1260

SHA512
5bf23eb7db3c9bbc4f83e10f94595c4bb07e6a64643c01f7cf3a7fcd25e1bcb510712ccc0964e62807dadd47bb438b0e880285bb312fd42212f686edd29b1369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a0de9cacfd6f876169e6ae4d4eb8cce

SHA1
1fbb7e4d51e0145ba698da519879fd5fd2ebdc02

SHA256
95c6b77fa51d5a0f6f7bb44ea6fa5876e8449707e2ebc8d6f708b104da14bc43

SHA512
b73fde720ac0e4249d75c140528fb5ea2929f2fabb9d0fe737a2aa14d696828394d5ab2d3b0d2f9aa7671ff1edb2af62d7d202e59d9b17e79828863d765f8de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ff8cc5af3b37e9cfc6248e6ed2354336

SHA1
9fdc1b6b57f6057dccdf8ec9decda94a710818a6

SHA256
2657c18e087baf787d2b49d4dc50d3e640db063e9f77d437161b6cbc6a04556b

SHA512
50592a460c46474d6d77c1d5654b046170cc89f72ade135e5c5efcdcf94e90146dbbc6a670d767fd811173cd85afffc17905cf46496d83da1def880addd768e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0e68c0de839feea97945c453562f307d

SHA1
a6524f2e9445277a47ef279398cbb10a76b7309c

SHA256
2484078fa5817ba1c6cfc4642728e1557e9bd9149bd46b7250d578a16607c694

SHA512
65686c1586ae8e765bd122fe7948756a4badf585c95f4486b3ed66bb1ae7d555e55c83e4ac69833ac9e12321b16528010855d694ab79d41f6c0d4e01d6b70ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f43a5a2de0ce07994a9afee48b02b668

SHA1
e3e3ed70b59e10ac4366be1103b029a5f7a68288

SHA256
5f727f4250e9d8a3f91931a7e8e3eb0852586374009a079f8b47c2a0de3691e4

SHA512
539bf60218f7f5e248037859ef0dd69ac17fd6438379e93e4fb1c125ab2b15ff06d67364372b27809ef3afc809bc3a0883fbcff313173512d79fcf9515a97464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
81ad91d8689f183ab2cdec8ae4ea3f1d

SHA1
49a981fc12897a3dfda49915679632f56dac9968

SHA256
2aa6e25f3500d2782f7c219bc914f9550dd1694da0d608d7f7720159309d4b28

SHA512
5bf1516782e91ee154a53534c3b4c611f701e17b04f93970a190c7b5b5cf4caecd464414e75e017f7b03941800468d62de26906c0dbb1aa391aca75d98a60646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a58b329b827e30cbde298385364b2915

SHA1
e08a4ce63fc1f4caed3ab92495fc15ca197276e3

SHA256
53829c8c5cecce276a75550a6be164a70fe23c406f30a02535876584af2c98ea

SHA512
733bf6637e2b2af799855e2e20511c14226631a7ff3d15fb9dc99f9b7a57c85a813aaf0749769219ce35da58be7ecd6d13ffcab68180d2c969f205e0adb2ca5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2bb5fad0204ddd7d490776ca0e17ac2b

SHA1
0463da81fa578e23f19f91f1fab8d56aa9c7fc60

SHA256
613fd35dbd617ad352916499935ec38d92e17fb3c142793a10ccc6c01b2dfb39

SHA512
80f2d5125f37ba5af8f2621791c6535cd8b41c3e40cf2adeb08693c39e9b274324b4fe7b8eff76f17357aefecdfe366ff0357643290717681e5becbc35832f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4f95846be4993419b8434463446a2fd0

SHA1
b3add076e69daa644d574c4c07807f36eed4ef9c

SHA256
3644f69c57b49e259b9f9db45468311ec12bc942aa659699ea20f449e3dd634f

SHA512
b6270190f2ec10672b7d7549cb2704da07395f1b22324ef064271c961d045a586406b065719d00731062fd52e70ab5738ff363d59254060bcfb9ed3221ef83cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
34467e8802db8f74dcd23ef62ecae332

SHA1
3fb094142138d578b6fe8edb7e460e9414351d4c

SHA256
05711bd87f5d0397fa413577330732a181d9f2ee9eac97a2a22a2d4347be4924

SHA512
64499426bab39ba8a0a8df0913c75c009956bcf9d1ff90cbfec3c99936d52a0e9cefc67da514b47f571bdc3e314f4d017ca831dc44abf4e4b2a45b444a704fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
efa9aa1e9eed2b8e5904c0a782f7009c

SHA1
526920d1a764b5ce0fff9f8ed1b2d9779a9a560c

SHA256
75f87aa0aab37811addebda52affd8b763c097c4fd842eb6078a3a195b7a6d3f

SHA512
405a239a4aacadf9601b1445efa5e157250ace6b8b10fb97ac1f14991ee8912540f90841e9f97de38f650537985104fca6eeaafcd6bd0f0a2c15e267a9038f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5065c50bb7c294377242bf75123c2ee3

SHA1
4944875b3e422bc7923c90661726e8f84d311aae

SHA256
6c0aabb10c0c3175dede190a27675db944fb5ee8f362874c75dd5ab117121b5c

SHA512
8d97336c0e24dadba158f24294e79715afc488f2ba53f352dd204602df8d41ac9dcd7ef42037d39d3f817216bfb2261d7a04bcbbe98782307989a8bb9cbe3c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
20025a141b8182f202ef338066ccc77c

SHA1
8c012eeb3c3ea54ec1f3a92b2e8fcf3cba71af1b

SHA256
6257ca79631777c52567e59f5ee93d1f2b2e1ac3ce59e64f5b768f35b21e16dc

SHA512
7b73d3ce65c8e0f28983700554c698665431d27bfa1e4ca61180622f09ecfc7d48c18e55e183c0b160e0ce30fc9668177fb38da6130137009f6faa99591eb9d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f53895f0038c6b06234d35cddd990811

SHA1
9917327a83601444b8dfc083e48ffea582df2da1

SHA256
cc56880f12ec36e08fe4514d737c88586d6ffb58f02dc616c0d5dda413659035

SHA512
fb50cc74afb561a9d940fd65ce4df041ebc987841d47e48209b4dc745f175ac13ee0117855c05523afea047121cc3931a617238456c8b21165249e3075291540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56fe68d308001f344ddd5d93389d4ab5

SHA1
41f90b4ff015a38be07e764c363e6854d3851f15

SHA256
e6c15f56ff80ac002b8756dc5955fa0203303437b07c639765add8ff1fd22aea

SHA512
e8a545a2619e33718072f16cd31007aae1804ed0eb18a5fb383d16d9f28f0b7505659b9ac510f68bd69410f56082a859058799f20cac93f6c1d07b95174dc812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cbc640aa4e3bb3e3b652d93f1e045855

SHA1
bebb471d83000a00112d40479838376ab9cdaa49

SHA256
0dffb089792893a579f20bd3b2739e68a3c96b842a99b95cf877fe070653ec71

SHA512
40015bfdfaf7daf0d8d2fea7964108fbf03dfe382829ff743e7ab0259180b72cdf3d8c73406a39ca4f2e7c2afc7be3611cb4a8fc26dafec450da0ddcaa0188b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
169cdab11fcd11a0c2e04ce084e66518

SHA1
b3ef3d9d23e9299796485c431030c40bdc5a1998

SHA256
bf1ecce12e75533487762db0f93809664f12c6260f5fd180ed37438992093839

SHA512
ab8bf1d9449b09c54b61a8bf92458bf58ed450981b1288980f5e63a1ea1920aefa6f42701d3e3667ba7f9dd82489c4e4f0d1f2eeb27b4cd23bbaa7f83eaec9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71fe72d1e45f78485fc21dd4a87cc747

SHA1
7f8572e21d570022a4f33a5d53b1e8903518d4a0

SHA256
48e27e291de9be7ca4928a07adc7f66dffcb3c6c4b7e2920441c5c7001651fa5

SHA512
c5febc9d462f258a4be3dc8b72526790d1c533194e5dd4c2be24293769a7aa995ee2fa4520b9c349880c305e4be54608b2d028395104c16945d5f6e7a396bc7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7fbf74958926996ca0923afdd60312f0

SHA1
d6ea6490d39259562c396cd000fcba0c26fdfdb6

SHA256
ff4f57bccd4ebe0f51437c8764da28d6ee015f5a5eef09bfae3ffba097d22ccb

SHA512
ed2daef4d96d65c5f07fd1a79d361e137de7a30f90920339b49d272fdebda0f478a573fe1d2878deeeff53ed29f845b8745b44d75bcb1fcea9a70b53fe4d24eb

Download Submit