hxxps://drive[.]google[.]com/file/d/16HqemiDtiGq1QI3yUk47sG8tmPmeer5C/view?usp=sharing

Analysis

max time kernel
239s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/16HqemiDtiGq1QI3yUk47sG8tmPmeer5C/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com
126	raw.githubusercontent.com
127	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{4BCB76CE-7FE3-4D5B-957C-53C0DBE210EA}	TLL.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
3536	msedge.exe
3536	msedge.exe
2660	identity_helper.exe
2660	identity_helper.exe
5532	msedge.exe
5532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5192	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5192	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5764	TLL.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 4436	3536	msedge.exe	84
PID 3536 wrote to memory of 4436	3536	msedge.exe	84
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 3944	3536	msedge.exe	85
PID 3536 wrote to memory of 4004	3536	msedge.exe	86
PID 3536 wrote to memory of 4004	3536	msedge.exe	86
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87
PID 3536 wrote to memory of 3888	3536	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/16HqemiDtiGq1QI3yUk47sG8tmPmeer5C/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffb5b46f8,0x7ffffb5b4708,0x7ffffb5b4718
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,5271493711134926255,15190694769919763655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3616

C:\Users\Admin\Desktop\TLL (PC)\TLL.exe
"C:\Users\Admin\Desktop\TLL (PC)\TLL.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5764
- C:\Users\Admin\Desktop\TLL (PC)\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\TLL (PC)\UnityCrashHandler64.exe" --attach 5764 1826269433856
  2⤵
  PID:3520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ac 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
890321f549a17bd56700ff690f451a55

SHA1
7958c59c347bedfd6a8070826eb92bdea2911e64

SHA256
e6427870af37b5ca6c8d39c887428f3ca1ad0715b28666fa2ad5ac62ce30c827

SHA512
4d272a788fd8639478c9bcf41ce70370e49de201b1bcc5f5775f9bb2922bcd1c832ca1479ea77e1b0cb4ee913c90ea3ca7b8f729ea090dfe0ea5421db20e5651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8c4fd440dda92aadc6d6619ce109af92

SHA1
184b20026a80f57a27d4eee5ff09fe973133e9a0

SHA256
a9554b3eb97db56e781b4d45ee04d23c5e73d38d4b3bee40708a03fea2059529

SHA512
b540f93faa9a09906481ad327883a447cc39a8ca2030e0f64ad9f6698a27e8692ccaa5b25bd13503f96b1a6b8cf05074ffa27a2c659bf4ad812ea567dd5d6375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3b9862c5a1c95a4f7763df25a04b6746

SHA1
269e230193585475d3fbc3784bf820c9b23afb3a

SHA256
008cf2a17af777293514f141d6662ce60b6d9406595be7e91464d4baf01c3176

SHA512
f06d3471ff80acf23b201dfda6b0cf925ac207f0b05f513291d0f04e6d97786d36c46b6164385cb936b84e98d0a90f0d6e8a7ee52d621dfb93c1802068b3234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e7f688a48d885e5312516fb516c4ea5

SHA1
bc4c7cbc059ada9da7959e6b4e60e38edb3e7f51

SHA256
7a175f969c159d20cfbc4d1bfea2cbc2a40fd0444a78fc2505cee46bf9946391

SHA512
edca8c2b24c174fa9cfe738e76fe85f6f5e7e8d9966a5f0346ac7e1f3dc2d36e053986e465de9953765b315b1ac85cd7d04e12042543b547773dcc2dbe66a62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd4c943c1d42db3539cfb683507a7ba0

SHA1
e72ce0b02e8ea75f0a99eb940e8459d1839c73d2

SHA256
c322a64650b3b741fc9eceb5b8478fc5cfcf836990e3eb41ab79f78fd35a35b0

SHA512
1d18dc1e3314a5b0d7af03dfbe4704c99a86401da53affc6fcabd07c89fcbd310ee2fabd644194761d606ca77f4da96dd8432bd1a3e8e8e3318443cb956733de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
664963a21e2b5aba69d8ecdc1a30937a

SHA1
d17fae14657427fe7ff9070dd802865814f05e3f

SHA256
88c19397a4a50ad37aadc1065147b1da1da3f4bf0a8936d2646e4588f254ab2b

SHA512
ec8aa0a6ba63cb4853f6d52dd7fce31a0a7a852a9d7f41832b32c7c3199109fdcaaacd2b2e767dbcc81fb5c35366f24bf8eec21d188cbe364d3703bc293f51e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39436003641527c713efa8a67f67a37e

SHA1
eb0a3ca8951de08cccb2ac14d25d09daaf6ad5bc

SHA256
d4049ea55ae8390002c34d2899a91674e5311a35e9c2e13a0904f3770760e898

SHA512
bc47c7898ef2e8c0bf853bb8f8bc734ed926a3a0638e9d3dc540067352064236c98bdb009bb7dccbfaa8a9605a3e51405b43d67f6b039c45abf995897aaa399b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
487334741ca1f8357827e67468e3a903

SHA1
4ed296f5c763f2d488d4e63f499a82e38dcfe8c7

SHA256
0f04c7370c4d2d9df4b55198b12636b43328a1a7058ec4469a1a169dc8c3a858

SHA512
da76431c217da48642215028cf372fe4aedce143ddf2e07f0e6d6980da57965632c422a80adcd74bca9dac481a9580161656b415df81c083e7fb602ee18ea910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9fdbb55bf1e8e0ee9271dbd26a5da0c4

SHA1
aa6ff1d00f5b4ee417c5ab70d656be3e6715d910

SHA256
deaa1b3632feb5f95605a2b6010d067a3eb734e77e2c5943b4e4f91ae075ee1e

SHA512
26ccd1e6fa20acbd26eddb238eb4815c95b48e08f304e7af35897b4fe51fd20677c6ac703a1fbe87160031e3462ebfaea039115cd0d8520b24100ad82f055b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a59a5a986805d661e4498606c25dc49a

SHA1
21f670ab67f514b5003f4b023284f8b0a947016b

SHA256
94520053454e104887a7f69e5224d3128ea52f2762356138edbdfafd97f4e1d6

SHA512
c48e89d3340b3051bb6a39f85ddf4f6b46562a9cda1e0bbc8021d8ba1e20e84592c7d91c3530270d1c68f67518dcb755ee694b921d4f2dbab1516149f8948211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
560ee09c52c48ebf0bd5441f32e61662

SHA1
4456cae51f4a5ee2aacc20290ad85d74c26c6fd6

SHA256
041b71bcc4a8ef22ac916cc9fe13372cad2b817b890e87d9c6497dd9fb94b2d7

SHA512
7d31b18a8e5736d006f023a1c9c36857b5df2379c37195400cba2357750b340fb6d2676fedb4bc5f74e7d23cf83474f6e1d41f370ef59a1d34b096007b0b79e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60c9053dec5144f522930c47fbecad9b

SHA1
5d2c37d909bdb741752eaa39b42a4840dce7f532

SHA256
e8e24ee5c07460326be7b776c6d67ad384c6b3cc02ced3eaa0721b20d46dcb19

SHA512
56820e61bfd6f7ba62f26526c5757072e0c12426b38e0fe933033f50623fbea436a25ca7bed0ab520010805cd0771c55e2dfc30eac17f330ca88f6d6e50b8810

Download Submit