hxxps://drive[.]google[.]com/file/d/1QcCkpV4P9C6cCu0XG81IshTSrP-5bLwT/view

Analysis

max time kernel
587s
max time network
531s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1QcCkpV4P9C6cCu0XG81IshTSrP-5bLwT/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
700	msedge.exe
700	msedge.exe
4060	msedge.exe
4060	msedge.exe
436	identity_helper.exe
436	identity_helper.exe
5488	msedge.exe
5488	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6068	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	6068	7zG.exe
Token: 35	6068	7zG.exe
Token: SeSecurityPrivilege	6068	7zG.exe
Token: SeSecurityPrivilege	6068	7zG.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
6068	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 3564	4060	msedge.exe	84
PID 4060 wrote to memory of 3564	4060	msedge.exe	84
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 3656	4060	msedge.exe	85
PID 4060 wrote to memory of 700	4060	msedge.exe	86
PID 4060 wrote to memory of 700	4060	msedge.exe	86
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87
PID 4060 wrote to memory of 2344	4060	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1QcCkpV4P9C6cCu0XG81IshTSrP-5bLwT/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffac8046f8,0x7fffac804708,0x7fffac804718
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2304,12058091396143994926,1242540760441482464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5664

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Finzar Ultimate Bundle Plus Collection\" -spe -an -ai#7zMap31595:138:7zEvent14307
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6068

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Finzar Ultimate Bundle Plus Collection\Editing Resources.txt
1⤵
PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
2905b77698c720d2fc20b060b3f23337

SHA1
a0232e7313282a0a4f36b276d67f351ad2e2994a

SHA256
ac13d6c89be77a20b9056cb11b91087a805e580f7d6647191168b2920b7c737d

SHA512
b63e5d421458504f7c91df447c84778a9b4d1abbc22c38b4c39abbe1f0d3ed1eed1099e7fe03ec57ca31981e6c44a1ff342c933648bcbd30c713e5f8cef0d29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2a621b0fb091f784c3e38d22531d6618

SHA1
60bc27a4b2f227668a0297df0fdd72b190c777bd

SHA256
fa382cc1a000661bd70e10f5b48eda37d26369fc9f2628ca7d345229e365fb10

SHA512
f2b185a2d6ff3136e8fe8926256eb0e51bbae02f40a050518c76e5fa75f882cd780be800c71a24df421559e40ce0f279beae572211cfe6e825001b2ea59d2904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fc43cb5ee1c720a90f002775d59cedf2

SHA1
f3e1d5e9169b4f8b763e715a689c808c606135b2

SHA256
5e1a00a0cb474e603182c458a28a2fe5efc70930d708c8060a520753d22fb834

SHA512
2514f758790f53bbff05b3bd55579f6455d1c6b999ea4bb8c33f22ee6a0c1f4cfedf5065ec77aede9ddf6d47a736770278fa47eb2275db5129eaf94178ddd56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ef3e64f9433b97fd20f576d4b948f795

SHA1
dd8e4f56ad84bc38909f38b1f7969a833492ba2c

SHA256
4b4ab8797958e7e474b53e0a7cfb198202bb42047fdf64711e639ecd6f9f3912

SHA512
f276476be8426c78ad34edf9aeb31df75c14629b23e9516b1fdd4c32b0cff412ca57d8512f02d1fbf3b13a91271d57b7aab1c6bf13391511280c26a55ab2cc69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70271cd260129071f2ecf93d97e330b0

SHA1
a0081f135e1e3f249994cc2b7bc6817a8b8140df

SHA256
d85439743865607af3b90b1e740d917ba912710b3c09e2ea5767c84c936cb1f0

SHA512
3e3192280007966218d1e2281dbe37fe4243556c8a01a08f811fb56266ac0bb28f4bbd3b6812162d79971b67afe01dff9de265c2da54812d4a56f61a74792c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a71ca3d01ca4dca826e29ea7ac6b2ee2

SHA1
6f9379401cc5a442f671540c047baf7a0d87a118

SHA256
8a303f4873e079c87fb839977d5ec62332ff7f3bbd01e194e986bfd31118221d

SHA512
06db7a133e06577eb29e6450a92bc4d8f92d863bd07745239ec4fc76a8f29ec4c33a8b48ac7a5f0c0eb5a8db49f7f8776547ca7009a24f50b5e18aad88ff773e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bf599dbf237494d85ddc79e21e85e827

SHA1
c5ced465e88f2f575dcf57ded6f897e3f00938d7

SHA256
a397a514a7e48f2cfe4a2185c16758dc4bd487df450afa8e0fc70bc2d0abc4ea

SHA512
0c2fc711c83237d9f634836c9361f14a00ffbc3ddac9208f9da68f4be9f879f16c82c1a476877c74ef045e7289395a5ba0951358e9d682e52ba31e37cd35160d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5dbb2ee760e8e2eb4eb8cac873c4890

SHA1
3344d04bc8733d9f0ebde7267011dbb8e237fa65

SHA256
cab54a04fd7c768c3e844f825080663f2e4aae47f8dc8207a3e7e3b09162e0f5

SHA512
1fd38bc8b978a59452eb4073d3e1c41cff4eacf07cc57f111c996a87fed6a0f4c9d3c966a2fa4dc227caab5f5a3a921981b972f114b9f622856c1a56ea878cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
061c9dcf4e0ab31bc7d92a0f4f8da7d0

SHA1
08cbe862abfaa6fc07a666892dce36d24728a9ad

SHA256
81529c038741d080bf434a8fea734a33ca48a58ed2f826dcebd7a95dc1ddbede

SHA512
76207e57463fef8e7b1a3e244b146ae3294062cbbdfea2e3da9592bd4a6deb019b0c562bd9962b1586fecef44bea5ae808c64c78e046c0517d4685288c7ee6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
592b036c2686fe036ec6317511cbb52e

SHA1
c248e3d3b54f072182a87c5ac4259acadef991e0

SHA256
9bcbb1522640d3d7474d62b00482384e3b73f35a6a91ee12a5f69a418cfc861a

SHA512
94685157be9926640fb8461a4b0f84565562e6996f0f71e0b167a09ac1418ce640d0955348371cba50a0b4a35ffd3872f74b6728f00c662007036ea57c84ab8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8837c2106a84174d50e505dad1ae24b

SHA1
1faf8e69c138d56132dd5c7ce97811d853f0978f

SHA256
a9335d313a82943204a83c7d40050375fcfef01032c980b17bf20e0432de2fcd

SHA512
bab17c13a01620f81e952e63df998240b3f928ce86cb16bdbe1cc2fc9ebcf47bdb4f8e9b2ed22826dfc51751cf43846311a7e8c06dd8a90587c2153a50dedd91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99309b9815e806e78ee5c5da1f0db3bd

SHA1
0f5993598e7fdfee52004a3598b21e3e201ca9f1

SHA256
544bcdaea0312797c1b271622c172bba2075cffb8a8ced108130ebc267389f56

SHA512
33eb2dbdee3f9c5728aa49811eb1557dc2074256b369f1fca48171d846f0567e698a67aba444fc666b25475f0aa5dedebf1f0b8f447622610cce4b749b26a5c1

Download Submit