hxxps://drive[.]google[.]com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view

Analysis

max time kernel
1724s
max time network
1725s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
4784	msedge.exe
4784	msedge.exe
372	identity_helper.exe
372	identity_helper.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4620	4784	msedge.exe	84
PID 4784 wrote to memory of 4620	4784	msedge.exe	84
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 860	4784	msedge.exe	85
PID 4784 wrote to memory of 3728	4784	msedge.exe	86
PID 4784 wrote to memory of 3728	4784	msedge.exe	86
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87
PID 4784 wrote to memory of 3076	4784	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff51c846f8,0x7fff51c84708,0x7fff51c84718
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17629121955780683099,3255377459983888176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
d6f2cf3da37a1148fd0785cf9643babd

SHA1
45e332a206c16074378520093b677585d063142d

SHA256
bb90e8cbe8f6f4b53555ab37ff46370820c35af13b9b3ac088ce039150893c33

SHA512
e820a15504b40dad44e5e0aacf54019d16ca9bba8904b7ea1aa554568a9e7b0c8da2fbd67780cac205bd01a1f195ba4840dd0ad3811d7348dd3860076045352b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1081803e486e658c53c58350f25089f8

SHA1
6af01eb63197c239e017c1bb3ab6c6109d03251c

SHA256
e0a153841fb70b94bc1b7ee211adbe78b04a22657a531d95c848aedacefad0f3

SHA512
00b1fc16842ba1f29f039c85e1c33e88adf72f7c39db434a7237828bf6995f7dec8d2f35612ce053147d521e0018530ec29a7fc148df75003c12a1b527f819a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
828682a1b292cda62592a2629e97548e

SHA1
6f261dc68494611d5b04cc3b797029ca1df29a30

SHA256
381a836f1bb9fdfbd6880b4527741f7aee9e87e5d3e0968dda7b5a8231648fdb

SHA512
97d3454bcb1fcac4bf639a63af7d9f8964c00a4a9a732e2db7e75bd9d7807a844511fa865ebcfd57312cf24a40eb0684f336a3174f7fea6f3a95a831bcae6487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
35ce520935332e0ad29fef992e441251

SHA1
14db60709c9005410ef50942d42b2348f9001bb8

SHA256
3d7a880eadb12c02d8839b0a5dc36925294f2b2c4b854944e913ef71b353183b

SHA512
271aaee34b9919422162074117fa86013c3ccf6a77b9a1c151b0101bc59cac804701b813d885db792d529204e9418af2d9b721f465c2abeb6527c355ceb0ae40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ab8056a61b1b154d67feb2c6f255ea0d

SHA1
6a6c5b41367a14a7f7c2bea870832135ccbb9d1e

SHA256
7507cddc8e04bda36fa055740b5c02cdbbd09f31bc3cbe3e7503b7c5692fa9e3

SHA512
ee89258487241ac57296f47c9684819a2914fc4fb348ae8f2e07bb815f9f8d0ef972c1729ba104f2ca5f5b5767308b609489acac662fe5f8f0ecde8b782dff05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
896adf71b10f46e762e9b0e00a0c2922

SHA1
6b32ceaa0a9ef7d46395b62be98c8b080df6b2fe

SHA256
d4b355fe22b5cd97797a78d4b9f73c01ddb67c751efb069889763f4df12ea180

SHA512
5a1b940c38d4d2c198bc4ee1b02719cf1f8323f6f88e9f819f035fe97af8513c6edc04280df660de86dea04af0b7d53c8da58f362a2dba8e931c44857f4aa1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3dc7b64d6cb68dad66406224063c5faf

SHA1
dff8fd88a81f6e4a3fc9f8b2f4c84105a2ced6a1

SHA256
28d90fe017a445890b1615d965d73898f7467a91ff21a193c65730fb34cf779e

SHA512
3891f00ba1bfe4ae761ab1957dfde0fffdc696b1efcb7bb7cd178353a41999df55bcbafa5007a1d819e33323fc34de0d23cdcedb4a75b15c29c18fc63513d95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d3fb9f0eb9d79c2ac716d86bac1a7bd2

SHA1
e1ce09a5c019c90784a25a1fe9716515f504dc85

SHA256
f906566e5b9aee60796e1d51437df6dbd34328ffa90398b8ba3f9985664f4189

SHA512
f6bb817f80cbfd411b00c7ffba4e17c3b750f2825899cc29910d10ef645da038d9e68eed5c06205ee8f6fb52408b0d21835e02d78b728469d14514d4b520f8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
61c10b8bf58c6777d7758b6db5b68a8d

SHA1
5803663fdd0a70729594e245acebc8a929346e97

SHA256
cb4282209db6a97aaf2a6062a0905a718698d03753ecfdd237b02f179ae1f4d8

SHA512
a1da3abedd272dce4efc61a9e9192db49573c0182348dff1b82f02f906a560844571af425f84df0354e0ff85488c7a3aec0599d8b988239bc43152321121404b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e6b0321ad9b9532bdad7193207445536

SHA1
7a5a17794a2361eb17a0c51785d0f72a79b86eb4

SHA256
bc9b58445e1235ae0eb3cc2ce28617581b04fe1533a62601a1aba90ea3f8d7a7

SHA512
c0029818512aa65fc2a0285df6e5b666c7a3ca1d59efa70c4c65cc7ad3c9f16efea9bdd3a0d4e5c025a86ce82bf19676d212c33a3d52f0301596a884295d7951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
10efe42123f1782b5067887299aa6c6c

SHA1
6991a327409932e9726bbfae757385ab69040620

SHA256
dca7f811e4f786651d4d9a550fdffa72ff7f85493f2f40a4320631969bb7369d

SHA512
1d10269dfa3cca49d601cb37aacd11abeb7a3d4bef8e9ca6fb7d0c52592614028fc6ab85482e694873ecbc1b6218530525127b3731010e3f7d9b12368d0b5037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
01af1534806c1f7835ba66974237dfe0

SHA1
0644e3d2bbddd5b4362abaa3920ae3bea8d66f96

SHA256
cfd695be3cc2167b6fbeb8954cf0b17e19c13d065550c5d2cb5a5ba6f38c41ba

SHA512
efc633fd6bf14f949d4a062c401ece672c6b109542f43ed3de016f756fdfc0536e1fac297b05ed83a34d21a6140171bde5787db75b9020dacb29591cc070c94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
84a6273044742ed61ae427f32f1eb695

SHA1
e145af5d03442ea94c172d5fae4b3d08a50ae72a

SHA256
bd8322252332b83dd6aa43d9fd895eb6ec0fea70c4a7adb323dfd7895fc36b3f

SHA512
bac34f87932df29a68598607051738395d4193d873ae1058e578ce51455799a76277dc3fd8bd706ae0c16be6790fe8caf6cb2579b6682f56f8e829498673b72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
86224927350db5f62ccf8162ac0a2e50

SHA1
348e8a49c459c3788967faec22ffff59292c0cc9

SHA256
8bace32eecc25f20aa8c16546c093d4388e3a1761708ee9a1f64e698baac8f33

SHA512
a69948f683cf50c12253df16c9c1796b46402eec1fc4af7436a743ebf0b8c3f8d3027fd1a54eb49daaee355458f0e4c5c313fba4849d6154ec6b71fcffbce9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8a788223bb21865a25a21469b3a9d0de

SHA1
b2b0a907b7d4153a6e66966e944f21cd9268f7e0

SHA256
a7d131f58b1ca7d17b898093eb85a7bf2b5880eae87338a2be1a1da7e162597f

SHA512
1d3d8f44e52f3a23f232aad649090761ca67f302178e68274762deee2ee8e9d1cfa2c819f70eef2b6fe1b2374ec806ed22f154273d64176835ea869ed83abfbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d922bdbd9a659b83606aeb3b105666b5

SHA1
69e3923fdc261f6c8ac44ebbd6c3e1d4843bcb69

SHA256
a6e2d33dfba6afafe85b57c70b71390bfc9476bb5ff44b86913aa836ff21eccb

SHA512
4244650880203411d8cb5016e04eb13370ef1a780f6fdb129d16470825288f34579e8633c1f913f4433c84811649576f40036bfe79ff98c839dde0e8224b7275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7f97a64b427980042f84cf8739c0f90b

SHA1
779f2140489ef23fa0f0164f29f69b3574247fbd

SHA256
90a8d2929447e8953131fdd2a08cf60034dfd3660ef6c0e6515d8d3c9a92b3d1

SHA512
9bbc56e5506fa15c0deba0ff443177bbb0d2dbf12363bf12d221e598d3c9654c1a296f4bdab0d1db3ce3697619e3fd98c55e28d888a0f05e9a1a0d6bf11f25b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d063673b528ed6799ec791af86bdd98b

SHA1
d268bb038bcbc46f02330a9641ec4fb970ad8318

SHA256
b43df7cc48850c950b11753195e8c62010b2061f9b7dd0ef2ae04c6d3be781a2

SHA512
ad7cfc2ba3678104b3833040c4e22afc3835948f5255c69c68b27f795881d0be9c674345fe1242addf6c0eeea3a0a89d2e540b11309e0d2347f6d5f1a44a57b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4cd557c5f62234e870d875d509db953b

SHA1
b49c5b958bd77525d5e7a493eca386ea985f83c6

SHA256
57a5992644c35d69369b8fad49c32e3f8168ef988c3a06b76d31b227d23cbdcd

SHA512
895d2652a8bec130d5b7be36cafdefaa21e1965d3b540f74db1c015168c05d93828fa19d5f47d4b43e5d4ba0783c45cccdafc4dc18581b6d0d6d4a2845b78f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e20320e16ba4ad5635e48c889dc19d54

SHA1
c4c2c4034b35e5157d24c001db799fad38553daf

SHA256
1396eb7221538b8fcf9f98289752ccf2e086294f431a360b645c00357a19306f

SHA512
b3d6185c5ee8568782bbc7299ecc45ffc0dc343e8dbb4d5ef65319db4319a550696e16b3cb5417e8c0ec57f6d5b04f22c8a36e5b200cf8ff1500eb830b3cdda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0e7dbb9fe28e8daed8a8d6a1da0771c

SHA1
0761154244d725ac6bfc9655d3769132eb52a726

SHA256
423b3c9841d5559f1e52aefb3f9ad16d6ef2b118554fcda6bbc0abf1ff4eea94

SHA512
a3470013c2e6d5d893f71180e01f480337d578a3ec5e9bdb0d71886f1f1b9c9fd79d9dbc6de859b7e9b7dbfcc892328a754c0709cad6f1176bbcb3da44ef20cb

Download Submit