hxxps://drive[.]google[.]com/file/d/1KQgKPGHx4ZMCIlytHuQir2go1Zija-Og/view

Analysis

max time kernel
1800s
max time network
1724s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1KQgKPGHx4ZMCIlytHuQir2go1Zija-Og/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
2344	msedge.exe
2344	msedge.exe
4748	identity_helper.exe
4748	identity_helper.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 4708	2344	msedge.exe	82
PID 2344 wrote to memory of 4708	2344	msedge.exe	82
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 1660	2344	msedge.exe	83
PID 2344 wrote to memory of 3460	2344	msedge.exe	84
PID 2344 wrote to memory of 3460	2344	msedge.exe	84
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85
PID 2344 wrote to memory of 2428	2344	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1KQgKPGHx4ZMCIlytHuQir2go1Zija-Og/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfeac46f8,0x7ffdfeac4708,0x7ffdfeac4718
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4280654567755482863,5756792286840175284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
89e5afd9e78727f42376834d14efed46

SHA1
4d783bab43cce9456c718a6327811ee412d0bcd9

SHA256
8d29d51063ac52f7633719fd137b0fbfa6988f00b792b66b74b893318808c8fd

SHA512
d2a78bf3a18bef6143b2c6bd0e57952c6086f8892d574f29d2993eee94d117a5de4f68042e0ed2ecd4994782a78cf55d7ecd942794d06a453fe770eeb2c94f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
823eff7de21e4fa1422b0263d6de06f5

SHA1
2821048b78bb398bbf09b7a169d6e09b87075589

SHA256
fa5ff268bf0a4151947a5433f1d3650a8d73c19f515b23b9df32864d0bf65b31

SHA512
cfaa7318b2cf0dcddff53cb43ae48fec02ea5eca954259e7fbc9b48628ed16aae4314717996f19aca0d61a73d160736e4342f4fe29ad3530dfb6465a61dddcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7012fb815d9912aafa544551a1cabd03

SHA1
0e0d2560771a8b63fce13e8c1ce30dadd6b8529b

SHA256
9217a41e2e0e94876def74f273ccfa01076c4d2b2429cf2fc7b8cb3d4c9bcdbf

SHA512
1f6565910bcd7c740f59913980824378f333e5419c0ccb82335874f70647109335ec2411bd6c42fc0ed19314179db458be1201ce8909be0b6f69699782aa2453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
885ca81a0a46ac7a4763f55083b3d23b

SHA1
6a89dd427721cec19879dc7010e8b73504839787

SHA256
dccbd33780fdf5c55b8ce8feced58422916f58639b216710b230eaece17ca6ea

SHA512
741c8b1cc85b5fe2aaec55ccc74d779617fe88bcfdd602c12235bf2e0bc34c5bf66d7eb891226ba7635a335b74efc4f49ce81726f76cfb63b00f94f169dcb57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0babd741c3c358804e5b0b60e355bd2f

SHA1
8926539e49376a100d0d8647aae3f0c54f50cbea

SHA256
f5c0a785fd8b9478064a7b17d80d9ab3790596e69e221bd63d48ac841fa6d7be

SHA512
38466420077449ff416c36768d5a73f1750c9808403900726cc6cf6296e1c7093484f4c9190eb01e6349f8d2a9bd4a2659ac99e77864fdf3f9f1cdec68e405f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
00132a27a5d423eac548552868db1ec8

SHA1
53d755a090775b66f7794f6a0214833bd007a563

SHA256
3146472f881f31bc930497e3125a9e57b62a9d242b56f0a040aa91c8d0d4192a

SHA512
d5b0795275ec0ca64b88e1778dea577d7f797083ec25fdb513fb6c949d17e28cdf7b8721a21dc47026013f3f0ddbfc1896890ef173df73a99157fb4309d0595c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
da40283c2f44184265503fa564c06bd0

SHA1
7b23d7b211f640fd2e1aa165415f1fb688e0fdf1

SHA256
32c6b4cfbbf55a8a2c506522e52c3b9b46b922a35c18f32d140433060bc03e67

SHA512
7364c103f830058a96f789847b368eb54879c309cdf7d87956d2c954c85aae7b086a976da7bc7ecb7bc7c7c5970765a931320522ba6bdf18b6a455f6772973e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b3d86cf393f17c9020112ceb3dd740a6

SHA1
d5c4ea9ec5da1d8a84e2f23d4df7ae13d32bf6a4

SHA256
3f7183b9efea1e3895305e95e3e1a418e41d97dba57937261a8823a7cfe79d1d

SHA512
5498aee07fd25fd1ef89e27bc941f6c550ad90c4e1b78a2b4dc9d7c7029c8fbe69ca6eb62eb8d3b508c9b7aa82be51f73eb52dc2e03afe597a30f5054d46b355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4603f7b8c128566f0b7331bc827e21d4

SHA1
7d3b0f17510abd01f4af4b393a2f1aab25c96019

SHA256
b857e68b73beee698866ae5ee9a277ebb95fd70a76529eb99eeb90b78f67f201

SHA512
b53a9a031638bd63045139a6e58a36e34dd774b856c14396afb89d75ff75cd5b7d209afba3522479354da065d2bad77676b88c28dd4b45d1f68a0d8772760ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d9f90c65bb3be3a11bc862baa12b909

SHA1
a27436c23706d2f3e17503dc438ea9062ebb6d8e

SHA256
05713d82f6054e273ab2205e2849e32faf35300ebed91ea02031d8067aea8ebd

SHA512
673c5e03434306ff3570b46f965a654440769969166c606a86e0c591b749a74f8e4c308787e166b8b1f6e894590fcd0595decbacd00e10b048edb83afcd261a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
89d288d49e02dd636d7a9427f23df3cb

SHA1
f89ccf37ad785badf05e1891439854e5ac2f0491

SHA256
92a8e823f32ae54f33becb62420cdf858365c0ee1614bc538c15b9dd7c925f11

SHA512
f2a71cf4066e572af0d84fd072a4332abce7c2eddd5632b391420a34a14b378aed4d30ebdb17ebabfa1b3f54007b7c0b85fc3f2fb019362b52781b8d35a983c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5e4e793b1e395ff24558284906444af9

SHA1
0170acb8d27945193509bd40961a46cdfa55a605

SHA256
5448a20a10cfcd9a4f340ea91b5a304987d6ef335d31f198caa314f554286e89

SHA512
78659d6a2649d67f78311a13c608f2da284231dbc67115402168bbdb1750317da3fea5ef082148426c13ce2b6d99e469531237620b8deddf82f612c06c86fe84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2650b683bc859697439df6487826ae11

SHA1
6967bc6a434932dc1ce40f41150de7010adadfcd

SHA256
2decdec0504cdd5ace4022b9397b4967a1c1a6be7fb616387da9586b3a1d5128

SHA512
072d84436194e961b09e94fa6b11be26b1db7703ac392fa82cf4b7907cf7024f9c5a7c3a050b89e482082348f883f3776e5441f3b159d091b74fc483921cb27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
99f674f42f7545b91ef00e22e310ea73

SHA1
de7ce20940c8683a5d96a1021f9211ea3856631c

SHA256
307de2e60c339427c69517d4f91743085b385041d873d4ff1376af71ff43dc20

SHA512
3d0eac63085a84e6d024dae6fc1df0cb6764aeb088437331f1d65e86750aa5091d4349657170a4da0da3d076e883d9c0d23ce2c245001b60714e209a14fd7330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0fddd63ec8d93f97252d5d1f05687ecc

SHA1
b46fcea4793d99f4c327cde26bc2dc68fbd27caf

SHA256
0716b0be5d381e3831f2e75a5bb8ae1f7e15d197b40d833a621e283c135d8375

SHA512
c530f47bd1cb04e80ce3398532552f259c09fe8e2ccd3d8d52609b2d37202f448bb146d3e889bd907bd671a13bd7d593e12ba4d14defa6587f261ee64443a4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f6d6b2e63ec1bcd3d8c90225f1cd7fcb

SHA1
879bca3b20eaf93b69edde3e147ab7273f9c8b6a

SHA256
4d69ace298a7651c22622e035d977ca81e2be12180a175149fb727dd88e8ad2e

SHA512
d26ca10e7d5721ef54aa3d821ed7d92d3602fec2bdead0162f7d7727cf573ee548296839a0a2e71c0e272a3e2a8e9aeea9a515633ce0877121ee15ad92ee70e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
33e660ed402ed3c8449b985ebf2f0392

SHA1
f84481f3ed58d732611a6edc3ad43cba6a1b4a4d

SHA256
3f722edcef95908c6b35dfe92203cbcb226b921029dcdd5df67a5b70d2628107

SHA512
c15ccdb34bd4e20750e18c0f0f2f6d8508c4337900a654a9ba57894a844b390a0cea9061cf4a128047bd8e38cc0a30e78e25ede1c849a10f131cc33a89cb63ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9ff234116a0d765527323e34e52c0326

SHA1
05103050ad28412c4f7395c1374bc13369d2c2b1

SHA256
ba48db3835da5523f182c8dcee3fa33337dc6f7bf979dc653e31c6b25a819f1e

SHA512
bdabe7ba32f8561cbb89b5d2b44fa1e0dc01f9b05393db0185739660984b3190ec34f1f077d70e24df82d85c2c91c734c575b241583604817e6bb784cc292e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a7fec971543fbbf8712168de0974667

SHA1
b7b654e96773a43b88a568a81815a4c77bd54e34

SHA256
6c5b2ac4ae94e40d160e18dd2a12e2972813e8a752f5f2b50d5be70355bd04be

SHA512
add111d8b7e36d584baba55c99dffc43dc6e405f7080a12ac562abf54a76e19ee3a4009309aa24e183cb838201429aab53307a4256f6fb25c3da3a1b30d4546b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c128798c267c36f036da8db2483461f1

SHA1
bb5f23c63952e309f00347491572454bfe171cd9

SHA256
15726d726e541b1bf40386f83bbc87b1178121dad8277641a52c3400ffc5ba12

SHA512
492f05804c901c04a2cbf9a9c60bff25103c5dcbcf6b07737ccce4c5b58cd56032cc219233457522fc50ac80c98093b420968856e47f557595e463acf2611d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2a4f8bd37c19ecdc827dab83a0859aa

SHA1
bca7d3ad5b5f2155ba64f62a8b404dc78978c1ab

SHA256
4693c145a5266a1cd8062de6ac90394fa454c3d8f7d224c5956edc745c681341

SHA512
b61e7c841827f8abe86d41adf877766b6079e81a154a0d4b0745d7f4830d7fa16e5b35d5e6015d733910a97c3dd4a1f0da44b87a070cf331f7ecc437fc5cd533

Download Submit