hxxps://drive[.]google[.]com/file/d/1CYketd6VHB1PctFJDyOKH7ZpzuD9Qidm/view

Analysis

max time kernel
1152s
max time network
1155s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30-08-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1CYketd6VHB1PctFJDyOKH7ZpzuD9Qidm/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
7	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
504	msedge.exe
504	msedge.exe
1212	identity_helper.exe
1212	identity_helper.exe
1060	msedge.exe
1060	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe
504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 504 wrote to memory of 660	504	msedge.exe	81
PID 504 wrote to memory of 660	504	msedge.exe	81
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4680	504	msedge.exe	82
PID 504 wrote to memory of 4852	504	msedge.exe	83
PID 504 wrote to memory of 4852	504	msedge.exe	83
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84
PID 504 wrote to memory of 2104	504	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1CYketd6VHB1PctFJDyOKH7ZpzuD9Qidm/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe4,0xe8,0xdc,0xe0,0x10c,0x7ffd4a053cb8,0x7ffd4a053cc8,0x7ffd4a053cd8
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,4429465824778789776,15026852743185399823,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\69b0b012-e2ab-48e4-85a9-55b2ddf01612.tmp

Filesize
3KB

MD5
516293083177292108e825445159a5a1

SHA1
cdc0427170daa11d5cda641c92ffabda7fabb1aa

SHA256
569fda80cd59fd3e4f93b5929899c4004b1284a0d62a73c49e6c2bc7eafbb956

SHA512
2f8fd973281b7cb0a944da1357a5d881c8fbfac38020ffbdae135a2fe52a64fbaa1857b81441555cf8f51096b2f08cdbce7982c8b691d27609bc12162b453cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
c85dd3f29a35f44f24ceabe5ee54f4bc

SHA1
8bbf69bd1219a9d572c93f1f01cb299b6af07f6e

SHA256
38d13d4526da315ec4c53434a8f373ddcf0a973660e36df2a2fd246634437243

SHA512
e53f1bc89f04acadf4a8dbe2664a831b1ad8eb35210e303d72f60b55c4e894656deba0508db934127ece5cf139709482ca800ffed518385b17cabfc68fa028c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
32e898c4668076d150afe6693b356d64

SHA1
eb1e1341acd8697feee994c516b4c014df2c9aa1

SHA256
7b653e3d5033b092fb1c5d1d19e3d3481f7359335c996902de4dae753ea2c5d9

SHA512
e1a47606fba664420a8542e263b2cb253f66b8eaf33d590bf3e00e7facea49b0181f42e4297b05d116b50bea517f2397889567eaa4792111b62019a9e86c349b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
329cb88b39d40863daeb688b47a4cb63

SHA1
8681f98771aa227e894248711274c08278940a6e

SHA256
bb62dfcb2a6307b83515d0675716c469e7e3a39335754eeb8d99890d88542146

SHA512
266e00f8a6992be05eac6b53ac502fbb73100e8936f23616231531b924bb7de8dc57581de8ed2b46272ed18915090c657d960e4bef0e5043852d2047a3d5a037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c3b304c969c84935578d108d67155208

SHA1
cb955041ec868ea665d7baf0157d48b8d92a05ea

SHA256
c3883cb37d3089ead315c51b75828e2ac38003c111e57aee68c92edfd7041b9b

SHA512
02c476e7d9cb13d4f6c7de67be0b8b4967ee28d997fed3ac9c3885730ed9b67ae7907262c3568578d8a12f775b7e28c3d8b7aa74b318cb4986762f7533738771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
04edd3433368610aaaf37b032e057927

SHA1
f059022ee9e589f0855071bdcc79002858838534

SHA256
c9b525912aeada1a6e3aec4fd58dc268fb3a2a85d2949b23589bbc258658777f

SHA512
a30fb1fade137be19a945841e1c14e9b245cb2cb31e9b53fa78c81a6d6fbc8ae30a269dcd71aefc3c120412ec382f31e6a90b7d433e4609dee55a52981d37e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f3f7862e99d9c2b917c0045286f9bb83

SHA1
6f4f700490419897d9eedc409d13000250851454

SHA256
c53ff12c09b233d658b6fa9c06d02eaa304d0bdcaa52e3d6531e8ddafc214735

SHA512
b1e2eade6f57f535983b89f8d44ff2097828ba9dc4ead921b1c66dd293732ba26fd59eb57e4deb52d5446e96af59ac52452d1186127ab41ccc779a78bc4c7717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5aa25073ac8e6474a7c660c346f03dd5

SHA1
6729d7c770eef787bd772f7c909cab0fad6ccb88

SHA256
0d2f7e262ce1a2a8052c57fa2a630903a3cb4da9cd3bf8ad6ee6e9233fdb2c1a

SHA512
331b60b9c845ccfdeefdb68b6aa60af3dd147f300d1b58f59013b075a92fe567f01483a423eac8bb773c6ebc18168f84e485b23f5dce2a075d4e431b1dfe7315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bf072a7468890874b889fc6ba61bd89f

SHA1
4c84af937490975b3cab844b5202a940ca48b575

SHA256
dcedf595b77ff9bd8cc6e770e52938572a806cfa253f0578d9fc528068169fb4

SHA512
a96d9f7b445b276b4c33b192a83a05dbc2149bcd1c67dcbb4c69fca1bd8ef0091bc83e01acf9ca18f41058980a2d1fd0b64c2093323aedcc11a64c638253cd55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5da982d7be65b52cf91f42fa359b49f1

SHA1
9cfd856275c192a87d7c8608a3112e940e24c98e

SHA256
916aa537694cd90ab875ac62419d0143b18f7d5837639d53deecb6b69e7824e5

SHA512
8db41b3a0dfcfaf6adb24190307317ecf5f8d0240ea1e92e0388e958a06a731add06d77f18ac19b6e4bb34e8db2b6370535376a3d5e8c996969b74b0451dada5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3501b89abc3fcb19078997b53ce2ea03

SHA1
d4c015a2d7a12769c87ae99fedf16570717535e0

SHA256
a492dcdcabd02e8cb44d7a1938d10cf10bca1cab2f7c873367b1615c016c4b55

SHA512
8ba6d50856039c263cbdbd5828b6dbc1e930631a503b039e968b8edcea2e1272b541c5b9f92278779d96053b752eb7157b30840825ee44e139d918a9eae07f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7a249ab03d58088db232d5aad6fe4afd

SHA1
0524853dbf0a604606f40be5f6dd5e073874573e

SHA256
2ea53a5bd9134f45a04b5451c40f83b26751931c93c5da8d0fd6ff6ec558ad99

SHA512
5baa5d6a303082739bb660259b26683268b9989b5c75568cc3183caac1a1cd9c6da3dd85c90c96f14f8c031a65bb1dfd233df105b37adfdde5c1f8b6d86bd1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44b2495e6b297df7d9cc482dfeb9bb5f

SHA1
1437bcd219b04ebb09ff0a0ae8e4ddd07fd9ed4c

SHA256
92b9b7d8b28d02d935defc23258199360c4102cf0836dd35e67c43682df3c66f

SHA512
fba44918599b13328271dd4c7753f5a5721cae5d4e24e1445f35a01c4165b55195d48e25403a8e065cb47cb3c1345e0ba6cbfb30daa747b3db0cdb6d4a72abbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9404a25577f4ed2142da69d8c2a5f4d

SHA1
9b5bc646a193af47a22004aeb5b4acea28211dd0

SHA256
7bc1545530ffd5cfe8ccbeb1aaac82b08df82c943ac9c06b48093470f972002e

SHA512
4c606e582cb1a6ec5df2f672ad920460cb35e8b6b98f6749cfeed70147c6094255800133398e56f94ff146bc505555884df11c8d75b70d6403c034851143cd56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b3c9e6a13b8756445dbe616e25fce0d2

SHA1
956712da7e890552268a12ee6356b6bb52cbd82e

SHA256
c02298bfa3c20854a2cfbd8cb9033fe58a65f6272ce418dfde16a02b127a4c8e

SHA512
1c54821d19e30ab6ace2bf1a51e1fb302aa64fdada829df89a5cef021db6ebe14ee8e22939f69e84cc887e1121cf08d5e30a7102bd00c97b5731cd1aa4c904b9

Download Submit