hxxps://drive[.]google[.]com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view

Analysis

max time kernel
1728s
max time network
1729s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
29	drive.google.com
1	drive.google.com
28	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
1452	msedge.exe
1452	msedge.exe
3228	identity_helper.exe
3228	identity_helper.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 4532	1452	msedge.exe	84
PID 1452 wrote to memory of 4532	1452	msedge.exe	84
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 1084	1452	msedge.exe	87
PID 1452 wrote to memory of 2516	1452	msedge.exe	88
PID 1452 wrote to memory of 2516	1452	msedge.exe	88
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89
PID 1452 wrote to memory of 1560	1452	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0dc446f8,0x7fff0dc44708,0x7fff0dc44718
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,13270562818099512369,10370357621978754964,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\36e86ef7-140e-4705-83e4-f4cee6160774.tmp

Filesize
3KB

MD5
86c84a0b13abc51065a42fe8a721dc7a

SHA1
78cdc2d42a5024c1c1be3b8f0cc65b3d6b9121d8

SHA256
560bd88263906a567fce14a8c5ff5ed58f595946a17a790b76d56842c6eb86d0

SHA512
ce17dc325eef8802a391e43c41dbc098df5e61994e9c20725caceb293a629dd264a21fab6518a5d75f28dbdbae693b6480203b977bf46761706c30b0988b041f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
d86e5f005792c08db5e8e0e4d09a86ba

SHA1
87aa8aafa2c3ed15c45b1cb86bdbcd8eb49c8eff

SHA256
2fa4fdda8265aca74cf515234886fc64088f09b94de91386431b324ebba0bd0e

SHA512
0161b7dafe9a58c8909563723aa7bd64dd1d1a02f18efd66b1be85db4624b1529e1bf124c94dc2fee1e06700a7f6019320e67d50cf0d295fe24f0cbae866e2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b11c4b1c2f83f50507804380e9069c96

SHA1
6d909243b8f26633cef4eccb37a0615da8ad8de8

SHA256
e2d5be58d60bca114d912e7a94bb10fa310e1c1fc1cb8ead84f7f6cb0a985bc4

SHA512
1a3a82e741b1996775b47751aac34e3887c55522535285ed11b22117639753d5c5195bf1b11fa3adec209605e3df4b63412ea06b5d80e7d95f37b8850f429bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a388f90eef2c1646748832e8a3631685

SHA1
6715c7d0745e90a4a038a163cdbaffa5cff208b3

SHA256
59e468d3677238b94adccc684f34fd8681d5f6f207292b66aa99fad512ed072d

SHA512
9872383cba62c475940838fa22371374f76cd2e8c7a6c208a7b0e167e21301a2f0487f306ff8449575ae040d30e8b2b68280acc6e73025c3f54947e45d68604c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f0f24c0fa91079b7d5659e3282a88b9d

SHA1
c2b10140d251101030a621f44de74647d40f8f1b

SHA256
71bb43276d6ae9a917d5badb5ae497f846a3d1d426a887d60782a56f8c2f096b

SHA512
1fd18dce716543136ef5d7db7fcda631109f5cce00aed3771c0851e8bfca88a8db78be33361b11bbc004bffedfcfeb3a3fbcdc3791d738a2f7de3dc3ea43fd21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6567d8286b3daa9ec380c54251e7e496

SHA1
8a34e34c01916d64746b591c01ae6a6893771cd9

SHA256
822848fa98389e79236455c049f724415be13b5d0f73a1cec44d2ce4633c6cd3

SHA512
f095282952b4bb8c9296c13c5cb714dbe798d5b2eaa515cd7ca484208d74be7c4e1ca7db48e1265c481a60e03121a17d39d2cae1c3de1f0f4c38f031efb544ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
80816c026733a47aac5541c4fd0df02c

SHA1
b246df096f2acbe806b843c3c9ae4eebdc36ee7b

SHA256
b64f466d7bad6e0c5f833a66002d7c23bee2f07b51498e01188e841d02903118

SHA512
863306c28f44430f50ff6b7df5cda166bc5a527e495f90f92f6a31652b6bc6ded250317adf1337e7a40f755d6a3cc145788545e8c18f42e5e7a2a98a30b0f3b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c3a7a8bc4d1210e8a407f6ce3a2b6b14

SHA1
3b2132b59bf7204528e1b4942b806da247a24adf

SHA256
b1597214f554a82872f074a5b3f707c328a0880560c9961351b418efd5267f39

SHA512
00e79b15ec538823b696a45c816b68c14fb8ff93f2de2a25733093c41b2e3b771bb9b2e2b74fd441341ba137bd07ae9ccdf7fc4f769686034ac85d3308867e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
28080b661c10ef44f09d5990e83981a4

SHA1
a3c8b8505d1305d17e2b9614943343b3206f9cc6

SHA256
ab6cb13dca7ecc66c6da5ebca8e4a568fed71454d41406acdbe107c263269bbc

SHA512
b1d0c33a466ddbc3e2e7fb69bd5477ced79214628f4cdaa1619e5feba82d21a6692d1e7afead014593832a0f2e836caabcf2360ada726266ddb594c50337e74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5b387cb905e0192e6bb0ab0f83c2054

SHA1
7b29a9a51c226460b09d01956cf39e4ad2780da3

SHA256
a77fe6c9ed50d2402a0ed198bd0b0511f16d5e48fab6d7d107bc936fdba04ec6

SHA512
c41648b6ec2a0d809c3e3bfd3c213a1139fadc6a98a88b593440e22b86c68194739eaed72f2b044209f1aa98fc8eb756924ab1f458672bbf15f4fd1e30332147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
95b5416ad5452bd8f50de09dc60a239c

SHA1
efd88dcf4aca18f8fe9d8fa675413c34df9ab3ce

SHA256
df3951b1a88ddbc2deb859454f48b1ef8562d4f03d83427004d03fa58d173617

SHA512
4155ea8d50a924d4b061f993668f4e209b06748363713745ed4400304d78bcf75199ebc9d19a660d06512dfd2cea47499851ad5750b0773fa81b164d9d9ec8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
96d6ffcbaaa9ec0155b61a85f17aba7f

SHA1
b7fb81e46ca9797427f6b4b8991a7fc6757b16d5

SHA256
9dd25c62ceb3d9fd4b7fa5f748c7ab90cc0d84fa14f081ff9d3bf0527af1bf75

SHA512
9254c9a21d412e529bcbdc7f3fd1afc7b031e6c5107d0169f2e92a98adf0cfd2b567bdd1d6bfb4d3ec0486717dbf2c272ffa9f0036e0c5eaff9fd1f961cae66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7683d401ee5b76a8759e8db9684bc8ed

SHA1
eb6f7fcefbe475ad1e86402d836bacff251a7a8d

SHA256
9b16237246587c42061d9e2e9d32b5a39eff973eed456b643501c25a3fd4956d

SHA512
8467dff0be4ca17959e523e6af940365092c7cf2aac29eb195cdfd2a1dcc35d2f2187a13e348bb691c82654cd8bdbdad7da997d23911c29230c055f401d82f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aaf7c98090fb7459b36878cfeb583a89

SHA1
969ba3a2b9e4f95fe3eae9d697f3cf7c73cacca7

SHA256
049e8b9bc85814a4ed0e3cdbe58f52889db08abfafcdb179abb1b9083ccb179e

SHA512
4180e7d887dd95208a3621fc0cbdd81ec4acb47f8ddc62a478a799533230e237c309319bebf5c50f292309c8143747bff0bd085ac7afab51513133a233d44430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5ecf78b4933490b6c3df343a36145a0f

SHA1
3db4f6e174d1d04921a8ee39850f7daf10ca22a8

SHA256
261b24b36e8472bf46cd7cd79d1820beb02891129a3169a1111c1d049dc170d9

SHA512
bc301502723861cb5c1e40c68913163af91a680317c9848ac1a5e935cd698f98fb94dd4b0cbb8750cb273eaf136f08fde34344f73283bd54cc04976a762656a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9fcc27dc4604e5eefb216ce9cfba574d

SHA1
2116fb09e4754ea7e2cbc68b5e3a06b1c2cb59cb

SHA256
0d390b45acbceeff6b1f009af133be3a88911596fa73bce3c9aed99f777ec4be

SHA512
29cbfedef093ce7d997dd7098a2c69660b625533bf6c46785b058b2e696bc27d1679b9f5e5cbd88f3ff43a2fe3bb9526b6bfda192b4cdb9a8d91cc546cebf429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
96d91a084385a47ccca8750265a0a05a

SHA1
db641fe5b1a8b6d35e6b47780cfadcbb38607521

SHA256
1e5c38c8e92663617431053ba1269da3c184242b3107eec16405b06bfc07f933

SHA512
d5bb2997a1b504b86f1ec1fabaae01c8c3be4da0222490e725283457c25626cc541c27968bed6e5eefeea0df261f6e691f9e0e7d3359c84bfc36b9ae31822051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
131ff19c07e180eb6d40bec566a96ba3

SHA1
639ac90eda5934209ff242e60301d6e49c3f756c

SHA256
2cb705e443d3e0871cd94f619d2a279a608eda3dfb1d6772c0865159078d885c

SHA512
8b543bffe3f84843d0e01d42925532a8f18c2627259943a07480f05b03d7a5b01aea3685406ab2ed214d671a5d7b83fee2ebc25ac32a8acf4da8d80ed7329aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8bb46594eebbecf32eb88312a591dda

SHA1
f18ba1d3af633433910ab32ef27d50d4741479f7

SHA256
f0c8e59bdc79c7e750488f6ac67e80828b70c4716df41b844571e25dfb26a9fc

SHA512
9b0cda1fc121e564d5ed5b6d34c0ea524af7014cee585221caaaf06f2a8e39fd0e6b99a2b8a15b90c9e9c7ad47086df50d009fdad1788b19a4a128e0c75ab0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f0cddb1e54fdfe627078e58333af183

SHA1
0fc979ce12f62294fe8d5459faea97ca4c02b30d

SHA256
ec7e3f3215e6d365c204737aaae6c96cc6e3341131b58c16d80363761a00dd3b

SHA512
a5a679b02c5b70f18f0854a1494a87215546029cfc447c325b00db46f40c630f4372589089184a32eadb86adad5b757e74deb53fa1eeb61207f96777855d0193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40d1a3a50870deb2c3ad19f1254f3e41

SHA1
4682571863e8831ff443896f93837f2b26622876

SHA256
cd2509f01965b6f8bc8066c7238d9f4362affab8b61e61076e32ff9ee9209503

SHA512
03a34a5b81f9237bd44d53cae0ca9d23c62dff3f61af277fa1d0b5b4e72d3560d32d5d6635c760a35e6fbbb45d232355a115d7a1d93ced4ef6e2777176967606

Download Submit