hxxps://drive[.]google[.]com/file/d/1ceSxkMRw5W2FKlzvnxdxbP0gGYK2NL7Y/view?usp=drive_link

Resubmissions

31-08-2024 06:57

240831-hqxdra1crp 7

31-08-2024 06:50

240831-hlznba1bqj 6

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2024 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ceSxkMRw5W2FKlzvnxdxbP0gGYK2NL7Y/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
4304	msedge.exe
4304	msedge.exe
2068	identity_helper.exe
2068	identity_helper.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 2460	4304	msedge.exe	84
PID 4304 wrote to memory of 2460	4304	msedge.exe	84
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 4280	4304	msedge.exe	85
PID 4304 wrote to memory of 1008	4304	msedge.exe	86
PID 4304 wrote to memory of 1008	4304	msedge.exe	86
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87
PID 4304 wrote to memory of 1064	4304	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1ceSxkMRw5W2FKlzvnxdxbP0gGYK2NL7Y/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa527746f8,0x7ffa52774708,0x7ffa52774718
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4349613002748448564,10217298128181578283,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96142ba45f7203a8c4d877b2d70588b6

SHA1
e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7

SHA256
dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b

SHA512
fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b367ffa3cd6896506992c5bb8b91addf

SHA1
93c9bded12fd3a814e4a87d1ab6b102818a9996e

SHA256
a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96

SHA512
44e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3a19134b-2c5c-4efb-a648-a050c2632afb.tmp

Filesize
6KB

MD5
b1ba59a933e2e8126e59b1fdd489dc7a

SHA1
a4315deeeac7455b75e595190d1f62f39af8c1d1

SHA256
899389c19df41417d5d8eb912dae4107e9ae6033f44553cdbd0510444b8c4671

SHA512
8480b02146788f448fb6de35f3c983a3c6398f0dbe5bb5fdc57874404339da0c4e76c4ec5759485535b7fe33473ebba77c8a2f4410dd849f06e82aeec5290b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58421985-7b92-4518-b855-8158ea0e4efd.tmp

Filesize
6KB

MD5
ef520557eee4b0b9cd6c06843b96dd0d

SHA1
eb415a505b91fee57e3a4b044288c44c2cf08bae

SHA256
798c8d1c578159bca11e478a42baaa30459dd52b96c98da55c0233c78c4875f8

SHA512
013dde592d2e8ce85d98704e4f4682166d116db814ee5c75faf13281a590c16d103c3df6242a484ac401fd48cde47d22ccc98626ac583a48f00da24f81e5cf19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
ed51cb36d34fbff032422ab6b273be36

SHA1
afc079a5ca3b3cdc3d901ac3190f512db2b5ec7e

SHA256
bf5ea035de2bbc58f4e5e2cea78c37e0b00cf92bbe5bf6f9a832741a44e29db2

SHA512
b1af5385094868a31101bd67b140e86ca8e07c64923e17d6eb2c4a8b7ac2cced471eec5a08592cba0c3cfbbd082b3e08f06f233b2e2b652a22e3d6f86f72dfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d93265275f10acb568cb23421723366c

SHA1
23fb1bc715aa8fdb8cbd6965580bce7701f1a6f8

SHA256
d87751be2542cb3a5cf3b27dec7d1f615d9db4b46c0f9c22b898bed08695fd83

SHA512
e43b414107b5a37581966a216c5fb88ae39dea43bfb550b13010b0808c9d64d5b8076eac66d972e85fad1bd8fc1b94409cd97f710fed794532d972e501b3cbbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ffcb3e11035584a8afdfa49cc1aece3d

SHA1
a59a3bfd335563e6d5aa6e63fcefb13af2caa1ed

SHA256
ead0726fd2d5e55fee7709454f18225f7b74dde085585202fb919f536d24e43a

SHA512
f9095daa673747b2d13e49d74de3d27c7a09e463607afe30e3cfc0a66392ea8dd9c0f22bd8847a8c57af05a1baf5a2c86d1c571f41e6a404e98703505606d64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
57cc1daa657aeb7f9204a42f5a948210

SHA1
fa7cde08736bd9c98cb8e6a266d82b38dbb31a43

SHA256
811d53cf7f6e91e1dbadf9408b3890c634c27cdca75af6723186dec9f3da88dc

SHA512
61bee4847e27e73657ad3cf95d0e76759cc2a1e3aa05d640a4f4afc776b679d53354a7d71d99fd625c85a99c01326af5a43f5f63ba0633693f1362e0fd48f043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bedfb8c8c04997e65d0e5a5c2d7dc549

SHA1
677f3f08f78a891e29d33232f29f65dde0b1bf09

SHA256
28971241b7280d65df890f1ef28f8fdbc688d94b0f7839f2a469571011070e90

SHA512
a69b475f4367383cc3898b0303f58534922c5129d6dd313053aea773ee82c53c783958387a31034aa41a714585d4fbeeb0af807f1bd8b9d709b8981126d1e55c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
852d886f30a60b001ee9e16d15da655c

SHA1
713ae02473e2af931fb4455db3be07a00c734e97

SHA256
0c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68

SHA512
09625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ab7b99c93c22d72df66793fce0cd6f1

SHA1
e58e571cee55980ffc43f8b3fa2af4ed08d467e4

SHA256
a617b26b0e3cd26b745ec34cab55bc90cb1089b70eddc53d5f1d6a5e8dea1217

SHA512
270f505e1ac7c253ed8a9b2bd7d91101651bce8a44cba887ea09a7de3f5d429cf19393c0ecb1f644dff18563843dde5e1248d34d07e6b80f2085a0a69aded284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
11daa4552e460f04c62c55f54abfcbbd

SHA1
8fc49feb367533dec9e9c73e73e6ed0960bbfd45

SHA256
5c6d6983ec5e1fc9cb52d923885b515a5194eee76528e5d8ca6eb19e88682fb7

SHA512
bb7c527e785e4d00d963cb3f049d27d28c936e7ed50813f3dc4245cacfede89bc14118b29b3d367258917d2d64cda64588be6833206d8b23bc7c1f9c5b523d9d

Download Submit