hxxps://drive[.]google[.]com/file/d/1DLWNBTyEUzBI7XFrywLmQA9zmkmLbB2p/view

Analysis

max time kernel
1723s
max time network
1724s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08-08-2024 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1DLWNBTyEUzBI7XFrywLmQA9zmkmLbB2p/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
5024	msedge.exe
5024	msedge.exe
968	msedge.exe
968	msedge.exe
3460	identity_helper.exe
3460	identity_helper.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 3700	5024	msedge.exe	80
PID 5024 wrote to memory of 3700	5024	msedge.exe	80
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 3812	5024	msedge.exe	81
PID 5024 wrote to memory of 4396	5024	msedge.exe	82
PID 5024 wrote to memory of 4396	5024	msedge.exe	82
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83
PID 5024 wrote to memory of 3932	5024	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1DLWNBTyEUzBI7XFrywLmQA9zmkmLbB2p/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffff8783cb8,0x7ffff8783cc8,0x7ffff8783cd8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13313526320369800249,8539205728697969638,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5612 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
31ccd245c94f09df6456b131fb44ce36

SHA1
5944970be0237fb23c1740508eb76c66fee0e48d

SHA256
c0bb5b695ed7fdcc9e9b49d93663a5f8d99038438215f90d5bd75c1ed635e8c3

SHA512
c4c03699b3e1aa67ebc73a4a14e145ccbaa6bdd049f17c39c4092a484165fec02f8c68970d61ef08055d71d38b8ac3370f4d3de195c100b0f75006b323f3566b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
263c5b7072b53165f10cce1de9193eba

SHA1
857ee3fcf55bdd7a20f768465ed6dc12055b866c

SHA256
81cf52e0d8aeb2ac169209ffe958270af4ac0c9f4a3d287967cdc1b980f1f3ea

SHA512
aee460c663ef1fc8ba9f62caac8221e086af8f825580151a52d8227c7edd2480cb48a77543575a258ef5552b5ef48ee5412e301602f230fe862d3e0a8f14353f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e1811818afa4f1ba768b7a33e88fdacc

SHA1
78ca7f14c564b7c2040532ce4411312c02595a7c

SHA256
583fdbd92dd5839977149b106ef5695c89959c13138e02903beedf31c2d37d99

SHA512
b6cddc024bf4b0331512623bcb7b4591c5d0727bbc6b15229e1d3ba493d00ff43271426fc22331e3b6484bac4b60fa5da472f8f536332e7a2ba1129adbf87d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
983264c022241ea9ad922f6920c6cea0

SHA1
d88a7416fd786f3192d0d6cd5d249b0e1498d9ae

SHA256
41c14a69f82150e56ecf49cafa90bf028351bf457a5a4691ba20dba0586defce

SHA512
82162aa2e92a48f96a7299094fdf450f2f8f407a08797dcb52aad91b417b884c8657777b29eab99b33f35f391a7a09660890f71e3d133297202e199bd08f9f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
014e0f7fb6336d2085dbd00c95446345

SHA1
abf7846782d08503cda3b5bea74913ae8afe7dd8

SHA256
c303d9e8b4c1ae5fb3928509aaac87ea7a072f5c8870e944a588b1e344919b7d

SHA512
52a2619f9ef60a14ca110f74516e2dcd013bc45f83a1b3dec9ea32a6fe07b1d33f1021daa2137caaa252d75bb63bf049e9cfb43c4d7d1e24b1763521d7d43c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c19fcde6516626e7dd8b82cc55d7ca20

SHA1
d02d508b117ed37143aae493d4e206bd1f33dded

SHA256
c57193d094cd5adec89c1d2a7e016475d8c3651f46467bc220513b2b337ef447

SHA512
8a0e7ffe45073668e0a0380efa0918650c3efb3dda6ff9d09ac8c91c8f822ea9c43c196812b7e638bd03d0c316b9db17706d6299e838e48cdb5eecc99c014790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aaccf764f7a45b3aac34c6e4a68a95e2

SHA1
b8fcd43fea08c7e3139ff2a5bfa4d7df14fb7c4f

SHA256
2bf04173125b181f93aeb71a4ae1a7b0fa948b526e23f2650663ee2500c85a47

SHA512
16b786e9e296280974caae4712c28e0d7be3ca7957062b80e8dc2f64d2b700cff103ce4f287fc31eef2867698fa916c1712969d487799da2c3b5766bdca2e313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b538ef7ebe6a4c6223e2a3c973894daa

SHA1
9b63f7aa6a047f3a3d11fdf4e47c1d9c585d40f9

SHA256
b2cd6183ca346e0d4a358561ceaba15166445d02204efe92ada2f74484ec28e6

SHA512
77aa02f1c7a66e91294bfbb9022648251a1aea272af7efbccdbea6efcfb8d2dbc6eb5cb062631d110428c1a3af4bf275bd7d5890e43177284a843f190af3df07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
595a144e5d9d539a4e796060a39b0701

SHA1
4cc9a6ff397b736407c0350ca905785a29967bb5

SHA256
908502ca342d3a51f36489bf6a9aa5d7727d447f9e5e6444e31731dba89e85c6

SHA512
0d41bbecb8903c053ab757bf4eeda6345642e4aa40d8c9312e084bdaab80182dc186d3a17e4cc6c5a4ef854e88a90b565ecbdb08e448a4185cb55113ab69709a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
31c2d9ec97514e14003cd01750001e1e

SHA1
f813a9262ab91d7bef2686114e859fe4d1aad7c6

SHA256
9a0db476934ca092c574509e11dd1dd0bb7ae123b19d04b48a07af1334a27cb7

SHA512
221e3fb5edfd08e4f1d85f879fb9a15079ac09e972c71c18dec0d2f64f0772e67b654316d53c9773c7e52d7bb72e97a6a9afec29ed81d430cc71111a0d2e8b9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e15666732ef7f44473220ab237af6d86

SHA1
4ce847a1eb4f35497d13fdfbb13c0b029fe139be

SHA256
c796dee670ee9754f38f961fa99076c11a28f9af3344a8a1da309ca099a91f2d

SHA512
39a1a9afcefde032a75368a0a580fac0d806cb50997f2778298f12d1b67b7071a2cb42666782a715662d38094984c7cec62ad73b4bbbd9e794bcee39d40475fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
32b6cee11f6ab96a5f5c3f37840d7096

SHA1
b1df2dd373515ae7483f9bb6f7fc2b22125280a8

SHA256
3837c6703dd6f3b0bfe43cf6ff91601eb1f2aaaecc14c72b3b3b39f8c86c054b

SHA512
101889b25c2f5641b5a88b3955742f17c7c7054b43f12f788e6259ea02997b2ca3c39bb16ce537c0d732b51ccfef9b119fbc5f2439a76b7da3ac06c0db97da3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3fcc02ee4de5b143eef56074453c8fa7

SHA1
ea11c2ab74e26bd9b94c8345e8f7bda6ba000cf5

SHA256
b4c8e547acc7bf228f0bcf8029bf5b0a0464363bbcb6905ac32c6d59429c3cce

SHA512
ca6ebdfc699a63b0d5240dbae7a2b27754a08c5fb2faada7f11eea1d317d63486ca5a24070a28ed980f477e5b0286d31e839f66de98b233013493955abc976ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
410d2f2714175559b0182043185e67e1

SHA1
bccd6766deb2374c43864aa4d7016aab4468e03c

SHA256
68daf1601c8f5ed66f905c5c7d2a109a053b9eb33db1e3b8b7f28524c2b80e66

SHA512
f2f675ffdf9ee911e2f40545b780d78b43e83a60cdf0b2a61caa67b8a865271f3992b06677b621d626179f932078cd14144e2dd820e0520d15f0ff051cba1fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf1a489a3be081878206840137fa31d8

SHA1
1d734deefdc8e9361a47fb4497d8718db085538b

SHA256
4f11e3045351ba34ed01d849365c8bf9ffcbb746d548885c641ca77251f1e233

SHA512
bcf32afc234f151aa19570648ccabadc736dacbca0df70349b6bcaef2a8cd83ff02d960ad5cedb29baea4617e250051f69cf20531c43f863587785145aa9e400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e6616e0a517162abd8ebc5b4d8abbc6e

SHA1
0734f90171c2356f1e844b06b1b821661ef83b73

SHA256
4361519b78d3779a26025cc6a67504513090f258e207152cbb5dc5324107c791

SHA512
a2708f075850a1e0d2e48ab7afd4f72ca63319aa712cdeaf6012862cc8aa3a378ca61cf56832f30b5a7ac6c053c910bac4b41e5ebd015124049d7a1ea5683b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
afcce31586a99544432cce476a2642bc

SHA1
bcb8480eb1aaee8fbc0c10f91ee3375aa0e1b0f9

SHA256
4c20e443c314131f91034873c4d8020c70e416c33d66e574d2f65e3b50c36ede

SHA512
d6454231697a41bab6acfae16bcc35c44be2d82205d6ae6f09f33660da8743bf31e7adabe5c68600162cc4b9ecb700c9edad5ab634c8bd5c39a2e71f3fb7c03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70bb5a984128df81244a0639d4b2be76

SHA1
fff5bf60b0685965ee1df63cbe20166035d1ee07

SHA256
8a00d0d88ef16e2c45194f22225de76de149ffb27df801355c53c11291d658bf

SHA512
6b49b76b9b92727973f0a9fb1cba54f7065c6f3725d73bc78b71f6748102c9cdc2b1144b4e1e548dc491142b050d282d49d15281415091f3524af7294d4bb8c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
158bfe231e38b2cabe677434c80fe076

SHA1
7f061079d50e64ad625e4ae9fefaf1fcf707ce84

SHA256
d790965716635bad8452594554b9a986bb4090c20b8a0de254063297db2503cc

SHA512
363e0593b726b34fb873177d7cda53544785709390740c1e67d8d486221dc462a16fd0f1e551afb7ec9ea059778a7102d5e2a4a07f716a9eea38df33eb63328c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa47b965f11d8dce018e4ab4e4f8cb02

SHA1
da9f00d88eabca07d1bedca2d82b16fee72b4dc1

SHA256
d5788f65e9b1c3f89e603a2457c8a587c3c87df28f8a62e307e39efe876d5015

SHA512
952ea7c58378bec1b4ec13ef7e4bd77cf383e1eb58c8adefd00df3bb1256ffb9e4dd701610cf8620c8f869efef660f820b08f8cc532b86a18c9638b5d59932ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a41bdf719e9d0a7f6d73a57c3efdbcbf

SHA1
79d247beadfa89206680cfd8e9e7040af1f89522

SHA256
63a8f86a8961f4daf60c2379b4189f29e7cdddcdb2d09ca1696e560a8abf09eb

SHA512
6fae3abcdb81c681b54d9577d5cd786ce28e2a893d24986aa5f4dd9f5a5942dbac14129a66b488c842a714b8c1e84eaa4eaf03fa36e74779e50bc3c39fead397

Download Submit