hxxps://drive[.]google[.]com/file/d/1ma_yaGZR8MZBlSEhZ8zumbd0Y1vOQtZQ/view?pli=1

Analysis

max time kernel
312s
max time network
313s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/08/2024, 09:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ma_yaGZR8MZBlSEhZ8zumbd0Y1vOQtZQ/view?pli=1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
224	msedge.exe
224	msedge.exe
2256	identity_helper.exe
2256	identity_helper.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 2444	224	msedge.exe	84
PID 224 wrote to memory of 2444	224	msedge.exe	84
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4816	224	msedge.exe	85
PID 224 wrote to memory of 4872	224	msedge.exe	86
PID 224 wrote to memory of 4872	224	msedge.exe	86
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87
PID 224 wrote to memory of 3568	224	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1ma_yaGZR8MZBlSEhZ8zumbd0Y1vOQtZQ/view?pli=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd472946f8,0x7ffd47294708,0x7ffd47294718
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6584 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14994778948310427794,7852409079919027902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1636 /prefetch:1
  2⤵
  PID:6036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
aec071260efb4ec2dd5b209a64f3e9f8

SHA1
0c1cff346fa4da70cf9a2d15e3d8a2042302d525

SHA256
78fa1d2ef0cdefbf85f93f239acf1e363755d439484973e0c590b6841fac68b7

SHA512
58014c314865b8bdfd26b5f9fc0edf7b4ad7506fd81ab9976908ecd84b9035404fca2d26de0cc88d4a07caba43c8980f3b40e1cb5bf82e5e40f1007a21822b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
af75007c811bda1913cded3bd8fe16e0

SHA1
5811623661839c6c00e6555e39b4d6941a221a40

SHA256
d3281130502021d482be195d040e79331dec122e5d8ef742cef00d085978c2fd

SHA512
a16af1fa122774a23147ef7591a3a8880d45b3a45ee486f6c3e259087680f9e4a0bdd3779858f568324fd40804ca930de9ef661927d25075e040441b44c498ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
85c8af2c0fe3f58e95468d1e2b276b71

SHA1
ac524d530385d401c6c4607900976e92a5e18b63

SHA256
5167abcca0ad3354e352c2862c72649d0cc13ae0d2046fd7b703ad058553dec9

SHA512
5c18f5544275ec7cf0f53b585b56fc4142329f19f974cdf0b2b5945735d22160365aa021496574c4da043c38e742f52411bbea571ecc871c69b5379d97d8d5c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b6779f8e64cf0e288caf67e3ee96b290

SHA1
2ba140692a66006217974ecf5d98421a3788784f

SHA256
fcf27457f87c9ed224684ac08001ef278abc9658659f709d5586808e714a1d9d

SHA512
e1436714d8bfd91bfabf50e016f6a5123d139f877c858d616ff5ef8743ba338882adac583aa5d54b94239752fa43966b9a2838bbfb2cf2d46d111e6a31441c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68a1d499d73ad70b5c76b62f83de2b4e

SHA1
eb3e8d83931d91e1943b68785d7fcb3e68f5eb0b

SHA256
12ff17d912ec4fb480a4ba7daabc304184c2c4175fca91f6f249372c2a565304

SHA512
8b1ae92c7ab4f0511b581c5c24dd6d39fc6a3e923e2edb5f4d7b5a89868ceb6d22b99e0fc6200aad667629e51981e83c868567535d715e95b21f8dd40b8c8f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f31831c8ecbfd6cb395405b48c26590

SHA1
4f845569c335858b29fb6f27243badacd1abb58f

SHA256
de86ec6745e54895aa32da10067ae7d103b3d494610427b82176ba0f97133dc7

SHA512
25ec1a92e65a1b49ea5e4c5ae9c03d3ff7f6b4f2906680eb174f5a4338ad25982e167d4bb8dff23fce0f41f82624badbd00c67289d076592624ea011f16e9a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
722369b0ce278ccff1753dfb45d642e9

SHA1
7c60fe69746594a756c7ad5a7ec07903b47a5841

SHA256
a4021f175fe397a93fc118aaac5780d674b4e25389e8a4ffda1ad02a973ae72c

SHA512
bccdeec231c779342d5f0e6936501418b728040b4e2014fafb3d55fb8afaea62640891d6225c655099d56eb5f02fc60beec534d2498771752922f77bcffe0ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7f711cb605922849734006726f2fe4c

SHA1
c43502b52574c8c69eec7bcd33aadb05b3c0fd37

SHA256
a9bfe188e20b02a2bd7c84d993921650889afb37b50817e1d1c88e313936161b

SHA512
fa18725973216c3023fe4b3f7f168fbdb408cec1201d1996f798dc9943b23d484978d800d6e0978a5594f6aceba91bdc645a89e22fc2637ab1c5222990b212b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e5648844-c8a4-4da3-9415-90a8ed8f1dc0.tmp

Filesize
3KB

MD5
6ecd1a4af3953483e8723e790b53983a

SHA1
e20f784e4fa010a97a45f567b5a6dfe116f115d6

SHA256
e700d0e23868dbb0c54275d3b95eec018325f4342dd69e587f131adf321f2ac9

SHA512
79654b2afff94cddf03c74baafa7d74412095dfbcdfbc38c7634c80125b523a247a90e15aa0e862acccffb420e0b91151ccef2a41514f155db5ef5737de324d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f8f4d991b7cb71b636a82982be7b4660

SHA1
daa221f227edb89497100dcfb1b501fe66a3283c

SHA256
c599dc8a207b7355d69aeda9025af8625057a70c434d219f86f81e0eafd0c087

SHA512
05116acd55d0d816c7d14068f2d6839491a0d61ecdb4d1839d6a568ee94e11a27db96011736210321ec61890f7be736b46b3ddd04345bba5467a01488ce1a443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0877ec57562167e4007e7c4e982b62d3

SHA1
dd65effd7e5e42cc7b9f92d573f2c38902baf689

SHA256
1117b8ff06da841b88dbb2f54aba4136a0ea3bdade8c4a6f2f3701604676ef52

SHA512
1945c624eac84cf00145722c312211e91fbf00b412a40f50aa59fb6c6627879632d157a49370f1f674b76e804c9afc38ab374a84833004acf0c7af1793b51d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f7f839b4-0a99-4960-960d-97e6682e3bf4.tmp

Filesize
12KB

MD5
93802bf4c0e5ca6aabe4155245e946e4

SHA1
1d5896ca2b15d9bce8780d315c5c9f96bee3405e

SHA256
63f25f9a0efacfe2939fce0261bd10c40da2d45d5a81b25e15528d4c7b6fc8ac

SHA512
dadafc4de74fa4514bc6772a8ecfe658e25b1079b6f9d4e7feb4020b4037d7da860ae279481fd3002f33caf49463d22ef8543d5a8b6d88907ba01ba9dcc6bdcf

Download Submit