hxxps://drive[.]google[.]com/file/d/14gBk1bLHVAIouon6HJo9kxuvf5k74ASC/view

Analysis

max time kernel
1723s
max time network
1724s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-10-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/14gBk1bLHVAIouon6HJo9kxuvf5k74ASC/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
2116	msedge.exe
2116	msedge.exe
400	msedge.exe
400	msedge.exe
760	identity_helper.exe
760	identity_helper.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe
1240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 3296	2116	msedge.exe	78
PID 2116 wrote to memory of 3296	2116	msedge.exe	78
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3144	2116	msedge.exe	79
PID 2116 wrote to memory of 3056	2116	msedge.exe	80
PID 2116 wrote to memory of 3056	2116	msedge.exe	80
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81
PID 2116 wrote to memory of 1572	2116	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/14gBk1bLHVAIouon6HJo9kxuvf5k74ASC/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0xdc,0x7ffcef5f3cb8,0x7ffcef5f3cc8,0x7ffcef5f3cd8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,4173972690843574978,12275865346829528371,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2544 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
fac16a816d80cb075cff25c00a2f6624

SHA1
99ea41a19b42abe966f0223e5c2c51f28703c0a0

SHA256
aef54532cbb41cd4ef922a680015b5fbc8fbb9a70cfc8c25a26bc52f04152dfc

SHA512
76953888ff793f6397782c45b6f584ada7b1e26114b1b9acccab90120114ee120b3217dfd5ffa8b91498a46500fdde9355ce8f0910f67d7c9cab8a7771eddb04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ed69df821c994f99954404aef634e4bf

SHA1
1c48f0303808403dca0e843b3e89ef314637584c

SHA256
a96ca64f73cf90c93d45060a5a76d0925fa77d4714c8489f3d624816f48fcdee

SHA512
c03cc5ff9612233bf1bbdd710c43801a46ea61e4d3a415ad677a756b361e94bd0ae92c95b2e295ed82d65145c3d5f60b0e6d6388b36b2af825979cb95b3da8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
810fdfa2cd5765c08d6f545e8d0d7a69

SHA1
19d8178f6a2d112280e962aa06436d2131b4824d

SHA256
1e177298455348e81ba6375b968f6e506fbde84b0915c282404a346d6a7082f2

SHA512
265e2cb06016a2071eaff2e0d29c5322d61f8de2ed5f1baf03c4a5b3766161d03e7e0c45fa771712695708560e1843c459bf9496d6ee4d7c2e5b97ab70097416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ace84760e7a47a355828644a1d34a70d

SHA1
2062d3616a36406eeccdf6007afdf60aff8ad839

SHA256
5ac4675833a4e76297fec91f6c4771356ea8dc452fde1dadf3d52b4c6362a690

SHA512
334b18f11552ba994fc49bccef62f454b529219d4818e0707c5ff642ee73174253729d397f48d0dec8135e2a293e47d325fceb00751d99708dfc433515a499e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5cd0ce0375380ce346c6ac26f53d75f

SHA1
4baa7ad39ff756cf46068d370c5164d31342788f

SHA256
ad7aa154cce6c6f5912aedc94515e16f13a8f89a0762d4993b11eb31f47525e9

SHA512
ae5b78a434bd227301f128da270330d1e5062cd83ed15d50d15224b8bdbb935c2a7e14c8bab810d9880e6302c5a5df2cc81d10e13ebd03c41537cf6c0fe90021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
48122728e95d328f7a5a52a0e26d91ff

SHA1
f07cffc4c0e6f3ac45010b5407a76f3f24887507

SHA256
e05c72b316fd852869ea39351f21752c05896cb16db0be93327152239eab7e20

SHA512
e02c675445c99c16072d5911d17eeb247f44e5ec4db01ada4705a2b15f5d25e253dbe4cbe992e39b6bc7a4375369284c8b73a556624572b469ec5b3d33a33c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d08fff55dffc2389006c34243b379fdf

SHA1
9273a0f48f34b922157572b8057e744255e4114c

SHA256
aa6c592285588f8605948b0a84153c2fb79b93f33d7c52c1f010e8d971e6d6b2

SHA512
c7aac77d004cc82f04d633b8eaf9993af5e2960f1da4d8aaa0b8d6161789a1ec3a9182a3b9512b47c5ada5a2bdde162825cfc1f9262bf0e7fc775a41e69ec973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aaf73616f9e76c99135a19be6106a882

SHA1
5d33d5704eca69aa218c5c42ab37012341154f2c

SHA256
0b446cb14a8eadac4655874f5b6ff0947ff5cc2d8b09621a6cb12004d15c4ea2

SHA512
30c2495e3cad302455c8aad80cee5514c4b55552dc375abb51aa2b5dd1ee487714eb769682a2e4cb5e31b212b9cba9be6e537ef0ae9094c0918fc72a9bac0bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
447593eaa099c5bdf21ad1733b66f963

SHA1
f7d02f6bc5943ea8f9a48614dc58c043be9af5ac

SHA256
4c9c1a57f7a395ff40664519e001e9837de28453ad185fc5a5a8d1747a54bd2f

SHA512
bf0668262d99077ca2391c29bf8278fee5afe7bbb1c1ea4445896324ad54f905b93facf550a861750d855e12f6b7c06b4ad12109930bc14ed5e43a379844bcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7bf3b2b173ac9beafd5b106f7b0394d6

SHA1
434eae50e9e2934e5757b2cfef71fdf89f80d6a7

SHA256
f1686a1aa8819ae452ff294ae32d9d6a353663b87267bb4a1ddbba7e33baf621

SHA512
5b6fd1890149006f7dd97bf5f72f413e8cceef709eb50db0a5a65c978d2b03f91b9926a06f3f323f1c4a0741fcd790a04f7b0fd8634f2c729c44e9920843cfbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2bc1e1659940d0b302dff23dfa6a3b9f

SHA1
8826ae662ab8d5e3ae7ce5ae4b744a181acce71d

SHA256
bef75b9712a2230d76e982ea67a8fa456e278cbfad461ce8f6ffb394a08636e3

SHA512
9ddeb7833cd644e6e73d683a8576d294ced2069fc4d4d68728123ece5b94ae7c45bbf62cd715e13260214fe189dc76221c213d496733a8956df5bde010380018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8d70348508cc0266ab1c88f9f9a9dc51

SHA1
d22907984d692cabda206b0e5c9bb91a1238aefa

SHA256
72f593836716abafe973a38c981ca16beb632400022ddee88af15b37bcbd7e39

SHA512
468500287f4a3195fd82640205711a4a8f7186cb2e7340fffc2b2567af4ad50f42a21b592b0ed044c1208281dae97eb12f79a95730e5eef3bc3c623258b0aa24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c9a1174e4ca6458657ed9048fb6bcbde

SHA1
06c84199ee063d01cd9bda7be0b48386be6a0cb7

SHA256
45396d2a24e0b3ba9a1e7c5952e2a01460c719733832420ab844528bff02bc00

SHA512
aeea672ad08cf0b5fcbc61140662c8f0038cbbc488f1a1fb9d318a66e10796090abd462be6114c1ef3dfc86a8ebe85029dddd500389fd9d334010333d5dc5d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
11ff11f5aac6d9bcde6555a60655bd99

SHA1
9c981784da82913f402a0afcc6483eafe543203b

SHA256
05df6dc743f0a28d7fa7724c505315d06e0accb70088299867707fe5adc079ff

SHA512
ca1ebf329290b6679d85ffd9248650701c016580ca5c9b145369d0b9a357262363ddbd9e751b3ae9611d5eb7b0f9524f3100949795bba376ff0dff88eb2b5500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6656704e6348e1d477d3fcd287d7cc24

SHA1
10349d532ca69b376696eda1025b684a2927d4e0

SHA256
85570ecbcc097649f03672a703370417eea021f00875b5e0fb18764ad959b0b2

SHA512
488575a89d4c4fac63c0f25885146e08789f5e5310e0dcb6e5fec67c6087a17c41215c5bda0aa55f13f3ee42acd7bd28b176e22624b21578343d10dcf09f3f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
458962a278bb4043e4f3cd5f838f2413

SHA1
de052a9139c76063f8d8745ca6e5d2a75226237f

SHA256
1d5cfdd677886415f7fa0bbe288295775b4ff79b971193beea86f6ba1d3dba2a

SHA512
00e85cfcbaef81201aa2d58685534993a04c0d631b20db05bc59278cd926d5db94b5b1ef637ebecfc9d78c9fd377d15c03794955b522f705546a5730c35aabd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f83d19f867424d1d9f0e0ede8aebf153

SHA1
264f6ca0c7de37b54b085cf65381edf2d1a30aa7

SHA256
17e88824810aad34cdf0992700a42df67be973307609f810c168fd2659d3e9a7

SHA512
6594be4c7ff4cf836bd2105babcc5a9e11608603b9cc2537e0d7786442a2303f140a4d6c6bf16f3923eeec85d50537b8079ee556e8b37a61f2a944388d957b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c94a531d1fe8cfbe7747a747a3ac38b

SHA1
c849a0757a47ee7ea1a53ad1787c8224b695ac9d

SHA256
b5ae297f084b393f857e61bd4c83102fe9748208ba3583230727eef54cf22ce3

SHA512
9c18d85e0088d2684025ebac711cb7cd659423ebcbe41e9738a9657f153ceabcca57e8b61f2790cf1379a4aae836882b6a984509d4d3c3380bc1a3ed89f0d6ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3aac8344d252cf2a6664c86d1c9dd5e6

SHA1
dee53f2afbf251fd2ed223bdce21e7d01ebdceda

SHA256
906b732ea7cbbf3dc68a678f14ff02a5b5a3a1259e1a91d01953f9684fc9bce4

SHA512
ae8532fae80d84c47b562d79bd5a447db91be05d574eed15b02f33bb57865718a32baa3e192bd99c1eab4de19e0ab62d1cc1093b338398da36645e064290c8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f8e564f49b3798e7f4c4610eb528dd1e

SHA1
fafe2c76696ce4cf8c16642d8cbc47d408bb70bb

SHA256
7824b6f375f3f3af43d997c963d8cb7c28a00a7ee24c3944bfa5d1a0654625d0

SHA512
2fd8254ca083882901b822c2f06c9efc8743db61c219a83cdc798f7bde3ed48f1fc38915e629388d9f0fe105b012e4c126a045d1606eefe972483eff30b7a93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
087bdad7ebd8e0f6bc932aafb7fba410

SHA1
2f84091ce7e5c54cedf25ebd26c41dad6d39b660

SHA256
a8930c53dcff8ef0a9d71f3901df4e93065d4508ed3599082aad5c233f97fffc

SHA512
2afb672b426dae3cad99cbfb262d41410fa6918dbc95d8f6baca58db659b2c1e9eb1484606f385c1ad9b2044fad4dfec113162e6c0d5c29a87db68821280aea6

Download Submit