hxxps://drive[.]google[.]com/file/d/1WqIH3zHI9-qci9JZ_fDW08CClj9XT0Gx/view

Analysis

max time kernel
1723s
max time network
1724s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1WqIH3zHI9-qci9JZ_fDW08CClj9XT0Gx/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
1508	msedge.exe
1508	msedge.exe
1880	identity_helper.exe
1880	identity_helper.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2340	1508	msedge.exe	83
PID 1508 wrote to memory of 2340	1508	msedge.exe	83
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 1956	1508	msedge.exe	84
PID 1508 wrote to memory of 2216	1508	msedge.exe	85
PID 1508 wrote to memory of 2216	1508	msedge.exe	85
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86
PID 1508 wrote to memory of 452	1508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1WqIH3zHI9-qci9JZ_fDW08CClj9XT0Gx/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e2d446f8,0x7ff9e2d44708,0x7ff9e2d44718
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6273667461174851201,5719242167087226341,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
2e48317051252321974e1007d756d0c6

SHA1
aafbfff03ac0c7daed72f26fd39ce18ac035d16c

SHA256
16e948f01880f791fd4a98c2afd659a48c93d1f5d291ab5f783a768745ca44a8

SHA512
80159ae82d9479c0e120dc423ff040ae653e0a518cd73e756f3c403dae73e15b738999e32304eb6e60863492189baa21d6f757af1fa4fdc11a691621a4fbcfe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
daf3f2e5b28f02bd66bee2c4cd586302

SHA1
f6dacf3875c24265a6359b3d983bd986c81ed8f5

SHA256
72bf2f6977707cf2e2ac689cfc60e5ce83c79d6c4513c812cc1e560381a44095

SHA512
3d7672a79651bb0efc8dae8da13eecd6f65b9cc93b8f4840822390ccca288f551c9af9c53231c0cac3c113b7b28d32219c281dcfc3be1a8ebfdd8a4dcb6cd17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6da7d1f9548a227beb403580adf5eab6

SHA1
4c1c4692403ebe3d3de1a4280777d77318985c78

SHA256
06ce04c47afc8b036af336b1792176472d44cbb663c296b6cd18fa6f544a7504

SHA512
2a5db1aa64e35a83215c0ea9384574afd8bfea50853f8640cf7630636a56291247958d5b48f30198c2e8f2f8f17508885a0e5bdd7dce57094e4979e4d6b6d6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a102485286d1e5c59e993699edc7cc7

SHA1
62cdcfbbe565688f84eb13925a601477af5f9943

SHA256
950c8d31b3a05ace51f9d4cc7c2896edc0b1d79854da221166aa1554afeba691

SHA512
c4f7e97663f3cc7cfd0a34db10838699149ddd791d90e30ae583a6e2a4d90a0c1bfe5ddeed1939e774618f4f9a33212bd0cbbf6084a5180e0e2e9437b377818b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f0d869e0a5cede6d35ef0fd2a2329d71

SHA1
eb72c9a5d4bddc8cdb67e1f7de9e89f7c886a81a

SHA256
51c006c84e275f3836850819172d18e5143fe2c5907605413eb28f9aa9bd6be8

SHA512
d2ca96433c49e0e454bb84ea2bc68ab385ff4c3e7ae81098af5d3bfb1135e136215e18e75a4e4dce105d1764f8c5ceca31a5c4f20680fa38320d09fa6a51d693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
21b9a780dec32f8f4095b9ed63b7e133

SHA1
4a88b9668e848a378cb1c0db2da022ce158e8ffc

SHA256
47a588b0e9d02566f8bff66d4ec3c81fabfc1dad4b9603b085c81cadaac238cc

SHA512
1ee50844d704034b408f315d62c59bdeada63f53eef94e0814e1911f5446ad3b7294de2e062f63acde1e3aa75cab0eadf2384c9a5bb79cd35729fbab37652f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b3430561bd80b9607b31eb3f7f5b1936

SHA1
3e518e10b17751ede17c9251e0355e8431bc94d8

SHA256
4a81627ee8937b418acd0cd9d76a7bba1bc4e21189743d012c47181606891932

SHA512
0edf18fa75faf933d739c5c153a8a8ae2dbc5a8c2528985373b6b10831435a88f6adcc101ef696395a57ebb836594d739dbb960b96c82e5e0ee2ad20d31e35e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ede45840fc749919643c9950ff648b89

SHA1
ac9deb1524e51665ce4fa21b3adcd2132d91b29c

SHA256
b7341b3bc2c2cb72cc668533abf6cddfc3abf1a1a94bf801e17072dc11409933

SHA512
d22e4010c84778afdca52b6fd37869b77fd9b6a7989f490cd5a6e1267d9b16db94d677a3898aeac69eafc15d0405168f2e78776160c6d19f45f250f9d13d985d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f608697dbd65ae987618586c3d358dd7

SHA1
a8ff2f848777ea591d4b9a2a44532961fccc1a3f

SHA256
a71996556e1cb786743cd5bdbeeaf9a17a3a0eef1ec7be9ac3245b833ebc6d1c

SHA512
22f4db279972f8e1d30eaf23d14c97d0d48754eda93cfca614077e1b3ad4e39e4475446caa766ad79a9928f9fa76e7ba4d9266acd2f34375c475515a40fd6dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
68da48d272c645bef7690ce39dc37f7e

SHA1
17b1d533fdb86ec51eed0d2328972e62431140b6

SHA256
7018c1414639fdc5d5312edc3cb18b546adeb2944a9702b4250c36aa9aaec491

SHA512
9dc8b0981149c3c68a6efff02c7dfe216a23f88b4fa8733cf665e03c011fa6d90069abe360db6e9253843d09c5199a660efa0894ff94831b3b7866aec848147f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1f02dd082a763cbab60e699dc88fa42c

SHA1
50a82e42a9b57c8aba60ea4380888b1206000032

SHA256
a033a2dc7ab4102c80a6cde0dfca5d503347fa58e787e23a912037e96fbf13a5

SHA512
7dcd5a1ff2afbeeec8be5a6dab4308ead9620b2be1870ea147015e1b5b9b949cdce02d2adbcd81a93ea8242038b4fe9a9e62d3d00a9c016370c20cd97379c2fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
35248af43aa6c67d576b6aeb08995716

SHA1
35b1e9dd31bb53e17b11aa0bfb7af9637ac71acb

SHA256
8a7ab111e72f366608bbf28a23bd33c7f88224d6fc2df99de60b7dff92ecc2de

SHA512
7223904222913643397fda5a09a2b6bd5ccc01939acddc68feb30025c3032eda328c6184d7a15cda6742e9a92f8d0cf8d07590e20a571bfee6133bbd11c86aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
300d9e72f8eb9a51deea42a05260c8b1

SHA1
b42f3d1b12eaaff2e5220c242fd6d3692fb68d67

SHA256
9086ff25b12dc48f3d202d46dc95d1cea86875940fa7005288d87f6913c993d7

SHA512
b9cdc1645b27cd11ea32d3a44c8996da8211d215bff4bce2563b220d076933f146e05af16ff1a4545e84ee3e63c14c6c779f9f0bcdd5687c5790cf806bac1fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f484cea0251ac4c9d93b2868a502fb35

SHA1
423bc3546a9af4391adc323df7ba0ca5de3e691a

SHA256
71dbdd6fa91a53a7006ec7796d01a3fac9870a6862772b0972b8b877108273b3

SHA512
09db6873d58a498040189c273732defce49526e85deb1f577789214bd70756f45115987feb9167ed2306b8c596c954e477a3228eb9da6c42718fddcf004bbccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2fd667db859a1f9fd63d19318057de51

SHA1
8e7fd4343f8b5c240fae46155ead57408d08b3fa

SHA256
0f7be29459ba77f7f5a0511f8ce77ff2befdf2fef41fcc1400174604f2dc556b

SHA512
96062385a54a8f07280e858040680c8d002cf87bbb71407e191edfd5c96ac23e54b36da02ada1c76ce1402635abaa56551cad7483ca6efd70b4001a58e15449d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9d100f9aa2d96d62acab5bdcf9d6e11d

SHA1
3ba80214d092c01408421edf7975d9fc6e29be34

SHA256
c7a2be9810380bdfba2073690a3295f25c430a1dea597bcb5750d548e444ebc2

SHA512
adc96a6c9070b0f4871a4ae48a174fe38043421c5e6b3506f309b3aa988e7fa0526e56e75cd3267972d7f1ca3ea8235ac4c11be4da004ad8ce22298225f6c104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a26a3be6b88f348340e3618ef331b73b

SHA1
3cebe774284596cbf45cfae69576182ec33d9ab7

SHA256
de753382347f1594c1c79c1f68be7620607cf220d871cd633e4e70b635d410c2

SHA512
4f01a1896fab027c8223e4d05f212f7807b3aac07837ee0dc30a0f383c8545883230a0401036a96991da5407bacdeb7957aa25da3f2204b3e2706d1dddada7b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b4de73d077d9bf2236efc3fb369652ec

SHA1
f977fed7b21bda674c2ebd3c539914c39363b913

SHA256
52bd599fe6d4de49ef8b2ce08baedc7e4e62392a6068fd646399c22e9caf018b

SHA512
68cf24c54290bbe20a47910f3d904446426473a72c069f88860ab0ee2432330fec293ff944a1752fdbb9ef14f20d7403ec0cf7d9b10fac25038852c14f2f645d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e77334c9b97838c7ce847ee0c66056c5

SHA1
fa91ffc297c44c59f4bb07b0c9756e45a2a6fb3b

SHA256
bc64fdeeaab4f9afe53eeaddf2632b1a4c3869d3f4a574c1d251c3843ecf25eb

SHA512
8005253e0b675bfd4858ee7e1865356f8625b77bd5feb10fd44f830c3ca77970ca10b94d76df15aee1b5bf9288a5cec2c5b0c7cbfb62b94ff1beac667798de1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcf625e41ee29008bea9237ba4469f6d

SHA1
3721729619a363a53f66212dda3aa4e14dd9f817

SHA256
92fe1b29dcd6e97418b23b00838dcb989725ce9de0847e0330dab06916baebf0

SHA512
d1c712795471a272dd2d4279ba51876b3f64917811346987a780aea3ee35d6f34ee179b5735d421f0afe3be1e17445502491f9c046194896d69fc680393e4214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54754a0e577d4a31941bc40e1cc11270

SHA1
de1246237455f65436906b773a4b0037dd0bde44

SHA256
c3cde0f5cabf0294c642a69bfbb540032034d83376536f422de971e8c349c4ee

SHA512
0569a430498260d00cbbf322ab5b3381dfad054052c1d76812f5bae3b1ad43246233a685d2b7cf04ed7b5833d26a0b2110096bb098932f9e8e4add6726b5a6fd

Download Submit