hxxps://drive[.]google[.]com/file/d/1DM8tHKG6iyf588IPQuJrUW6uiaKcwiXH/view

Analysis

max time kernel
438s
max time network
427s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1DM8tHKG6iyf588IPQuJrUW6uiaKcwiXH/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4284	msedge.exe
4284	msedge.exe
3420	identity_helper.exe
3420	identity_helper.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 3544	4284	msedge.exe	87
PID 4284 wrote to memory of 3544	4284	msedge.exe	87
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 3780	4284	msedge.exe	88
PID 4284 wrote to memory of 4012	4284	msedge.exe	89
PID 4284 wrote to memory of 4012	4284	msedge.exe	89
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90
PID 4284 wrote to memory of 1432	4284	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1DM8tHKG6iyf588IPQuJrUW6uiaKcwiXH/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffcff3546f8,0x7ffcff354708,0x7ffcff354718
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6684 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,4483571696509469676,11258682753448157820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5968

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FuriousFade Graphics pack\How To Install.txt
1⤵
PID:2300

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FuriousFade Graphics pack\How To Install.txt
1⤵
PID:5516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\72d2c6c7-3386-4225-a61f-3b2f5e90e29d.tmp

Filesize
11KB

MD5
25589481aaaf7e7f1a58ffb5489cb2d8

SHA1
3b4390b6caa742648c5e1736d32babb241910dc7

SHA256
5b1beafcec36fe0809b44ecd290ee7d762b0f75dc1ea71dd22a18e5e154709ad

SHA512
f9e7bacd19494869e7202446868c2d02f6efd52814a36890ab0fac7ca74d3b49cbbf0c4e7b824d284f10ab71c0895f6a65c99fdd3bdd2c4ef03ef9daa415733e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
599ceadece45f6631ebc6b1276c7aa1c

SHA1
a3aa8f0cee54463ecaca2f4086c9f12ab6445e7b

SHA256
dd35c6d992fd526b69f2cb49f778125ac5e4d69f710f08767894ca4acc99cced

SHA512
099bb526e079dde10ef95dab4ed1b86da204ab7f7f55b6b76aa58ed99efb521dd7ac92998a8f0af5b4e1cbf5330e1df7263434da16e76b392500827ccee7512a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
29c1f9a01f361935ef2456a95c447d42

SHA1
71e8f0553a92e06a0566c50c937740038f4d852d

SHA256
4a71e7c78b76ab6731981517720402b7217147a34c15ef76de966031caedf03f

SHA512
ce28ae46c47b2a798c7d0c693258715b9be5ceafc7ab7dceef16788eb6a79004b34043a8dac7590d72481fd4879d5ea67fffa4b0d2ef97ff23991f5e65b8b87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b25e81295d2865884d388ac791cee29c

SHA1
fe4ad0bc66a62b8d4c91d859cdbccca5a642da55

SHA256
e58177d71f607359b105641158ac79ee66872ca6b5b33c10042b2650541c2556

SHA512
380e3d80cf584519159e8504bcd6861d6a7192d0ea7fd4b99c0d3650e644cdb1546c0fffd4b6fbdbdc24562beb44d9700ff670e4127b73ac7510f47edd9dd977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
685229848dce05ec10d84650831bbe70

SHA1
ee255b6ad1d738d1038ba066efee90dcb87262ac

SHA256
e53560168d3b439b9fe663b0dfc64a44b8d77b0d0fd8b31a8abb80480df4ea67

SHA512
d9b06a376719620c12c386967a4f3d81ce5f516330962a17abbc9a069402b54f1720d40e944daf580a435379f49d57fb858d1739e152572e710b6d92c21f9ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
22cc5c5af907ace7a63f02cb7f36f7c7

SHA1
182363708af483abe5bb6dd837955d6a8464ebef

SHA256
99aea6da38199e59ece20cd94cf55ea20c11a5848e1e9f47fcfb289c19cadf8d

SHA512
662542a38946258b144bc74e79f336e9448e79582b03e67d108c6d481488f67ae89bed06754b689e62cd260d9143333282ba3391f86068d4094a4ecc643158b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0ebe1efec9372c55038075e82bfaf587

SHA1
d5f0ffa1d4de8f87491ead052469f9d219fb4472

SHA256
7b675bc6b6cde17852f6b764f812ba01f6b26404db8423f63cb562b100b789b8

SHA512
ad9b24e49e485086d6fa801cf36e59dd8dd4da2ecaa4db0e8f932eeea5211838498414c9847435784b7bf8afa8573d28bb6da7693f04c7e27473b9b639e4ba84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8e826589842f3d9d95bc1710567631cb

SHA1
e128e929507d3ec64e0515c5b43b789dc1537b82

SHA256
218f8e7a7ec0100e50f1538aadda25eb26b4883d43ed035014c91cfa284fd151

SHA512
82da4815d4fb0c44e2eca379a49e629adf4834d8b6259f4ca8fb33dd6a5746c82cd6b204f17d7c902fc86b1023ea092b20556dd383c93089d9e745ee19e9cd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7ba2debd9e4fc8b7e6c86904b12b52d

SHA1
ea4a1068719674a839e25b3a61dd848cdabdf3f4

SHA256
678b60c784438cdf881da4e24a8e0f229630612dad99c258ee47b64c753854ad

SHA512
ad791bb5155d673f5b918dbaac8046c7f7619d2bfc971e4fd5f8f7349851bb03481cd8a5f6af4ea5a61e9d624f21aa9da68eb6494a2356c97254c7efbb3dc04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cd508b2b6ed2e368c7d891ef292963a

SHA1
b941780e637bad66957b772a3024f1da538e488b

SHA256
e0072c7ae33fa5c1e59e49689032d074edf75babdc29af47f27af7bda6d1f51a

SHA512
f24337f9cb7aed717a77d928ab779749ac7fa390366114a01c680d2a8fcca96dc00685fe7b24ac02dbf8dc5ecd219dda8eeb9789cef6d78113c3bda6d5271c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8401118df5afb1183c5e0e75ed6e9ac9

SHA1
1f0c916c6b311438ce1a4a8a07f88643e3b0e7cd

SHA256
6b6e5c96b68eb106504d7ef2a836494781ebc9ba78a25121a2627684b8e1fd71

SHA512
8d0bfa631300f90164b9ad528e8eafdc51c84177649baef75c9e453c6b7d037223e6dbd405313486463c69edf332fae1abb2fe8d8368ffb52941ba187e095457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f5fbc609-fd83-487b-aa80-18581ed23abb.tmp

Filesize
6KB

MD5
5f40ad3888a6b03bcd1df06a5e280d39

SHA1
cf5e5cf4f265b3144a141db3e30c461d3ecd6349

SHA256
c2f934ad241e98d4ca88033cea3d89289bd68127e68ab02b5c135b669da671f2

SHA512
330bf631dda80c00ba17d8416579d0ca81ec4f26bab804cb5e4b48f8f2fcec496f1cb771b0261baea6ed57bb69eee9550b3446a238a502c423bca658eeb72cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e252ad14af350d263834c47b061fb299

SHA1
8c662653cb61796b6c94f90512c097c27b293e6b

SHA256
4d42414cff38e569de39704c51bd39bc8a38285dc35de02b97fa161197bedbad

SHA512
38bea5cca296d0e0d2523f27a8567bc298b0211c3cf3e711d18059d4bfbff18959c78ec5021cb1698d37d559122cf689d10be0a4768d3c02e11cfe360f46dd31

Download Submit