hxxps://drive[.]google[.]com/file/d/1hC2EXp57Mz7nty9riGYHQAw2RpiyY0bs/view

Analysis

max time kernel
1800s
max time network
1727s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2024 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1hC2EXp57Mz7nty9riGYHQAw2RpiyY0bs/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
3780	msedge.exe
3780	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 4364	3780	msedge.exe	84
PID 3780 wrote to memory of 4364	3780	msedge.exe	84
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 3528	3780	msedge.exe	85
PID 3780 wrote to memory of 4756	3780	msedge.exe	86
PID 3780 wrote to memory of 4756	3780	msedge.exe	86
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87
PID 3780 wrote to memory of 4824	3780	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1hC2EXp57Mz7nty9riGYHQAw2RpiyY0bs/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6d5146f8,0x7ffa6d514708,0x7ffa6d514718
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10309298104266348074,8646719773628628092,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
e6bbe0c50d6916ebac9c15c17214067c

SHA1
1e09a731384c684c0625abaa4493e0e058bb4b5b

SHA256
6e8fb96648a01591b6e4b3a7a9180f646452637907b2a3d2ffb8f5251585bf28

SHA512
afe4cb574a916597a1183d94aa91f49faddc4b2785dc9d92909482bd430e0c4802bf5f466e7c14272d1414a35357cbcea17b5a96034e8860a6b0199bf892e6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
84423d736dda57f0ae1a2426543876bc

SHA1
a891888580fb93a2025d4d90292d4dbe190a630f

SHA256
f466aad249084241e15fe7cb30cd6aa380f6036d94ea7ea4ad22f79a4746a1b4

SHA512
813d308ea4fe39446bb02635767aa68b2cd1588b3541d3bfc03e9f113db3ad51ebee2f8e92df0ef58b7d4dc50d7c91ae362732e2e83024e0abcd263d3c46977e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
61f997893b58b3e7ce4f1a3f480f4b10

SHA1
06f5065f248ed50c1609d83ca212fbd5f3ea9c1d

SHA256
6f6ce6f6e60c140beb23869ca39b9ddda0154d11b8bc615ec55cae7e4799b650

SHA512
1b0087ee456c816adc2e344c22e005ac6a8e61a69e090e8b813807b2918c6f5e4891630d465442473928381d1be1dfa1fb4e4090cef4448297a452bdd69826b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e475f99a3b7a2e9d3876992fdfd34931

SHA1
9dcec02a3ac6af91fa35425aadc8ffd9bb48c0cf

SHA256
109d3447cd027bbb061f4321f7aeb39a650656b5192c6c5838455c5da44fb15f

SHA512
1ab39b1f6b3d14097484fa29ef3c93670f3358ae0468a676263e47849f0c5a3fa3f59458247ed514bbc68b0caee42fccd8d73a54265d0af9e746c719d991da7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
378380256c821df43d3e0c6d4509104a

SHA1
99db4d477e5df0ecfc0ee3b88d24965d18ef09d6

SHA256
8404f5ec54ad488ae39d5a24887044b4107cb3abb786b59fb932a1f7bb9e2a5b

SHA512
ac5d8567fc9b6df4a5f1c9fbc9e69051f6c1e99a32b148554284b69e300a18f0ef19e998e949d9038e143107479acdb66694f97d0ae0238cf7dbddbcb8ad56dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
507ae413b2b6b8ddbca838193fc7dc62

SHA1
f90d2a9f93932295450d6295f62eca9f072ab1e8

SHA256
516aa986489ba56c7bccaa2139620309053957aa375071b967cf23439721f3ad

SHA512
ffe44ac037f37fc8b2e238b22ed0e303bb88741e485aded35e06ef1788d60a832cab0f21fb2382c07443c5a645e6e4d2346549d8a0d8dc4fc23b8924e19cd5ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5d71b552e948d275e3f6a3a297146a9

SHA1
b0bf8a82fcde26ee8a4d349b4dc876cfae2e6942

SHA256
38b0867fa6045c39a27c17324e45cff3ffd9f2d0de7cacd2f618bfb204f0096c

SHA512
3086b27595268a6390b52ca08cdf696fcce928d684b5402fae3a0f2602adeda6b5a739b1cac33c12f8320fe548821680d36df5f964c90f25334318c1edacc570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f7ea08c1d92a6e3fdafc96b89b342ea5

SHA1
cda359c5cceaa346f61a0771ef5b38c430a10ef6

SHA256
b05664b6373aa900ee57e6ad44033327d40d8b340dfb18d692b94233c2aa9061

SHA512
6cd4931aa279d837289554c578741cb8b676f39ae4ee683974f10931c83302e9f7c91f8f44367f36a51d403a33d57a3236885c62d10217d16d5127d178db13d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b969cd651a0bdbc8677ef1164c55d791

SHA1
acb4a2c80275536e324287bd6177a43b42e361b0

SHA256
8be3cbcc10a3e9349f9a5c991fbbba391e7e2667c36bcc0cd7e598d6a0671eb6

SHA512
f4e6592fd7e3505f7eb89b4203bab3de59e07e475bf73ac78903a964eaf91a4b7393688c438f4c7f461ecb872a6a27a84887d2338bee65346d8fd2df6f44969a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4cb96c85ae5e8a6838e31a96681f1ad3

SHA1
65ac5f5de8bf0ae44b227f7251e0c8c6e88077ae

SHA256
84ec4349fbf2ecd1d4a707ce93bd2428ef7e842641cf300f648e04fee8685713

SHA512
d0df7bc5b0ee7b9f3a3eba87fc753eadccbb8e6bb96494603b3a2e5f71d27fa80697172ffd921829bc73885508c9ae677fa9401152463d9bffd23f1ed72f2231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0e3ed9da088c82097ee851db55f62896

SHA1
9af85e2e85b6d2ca256e1ad88e7da410ac951f77

SHA256
a5f9c1d62cc90668eb31229ee0a73834a8019369fc8e79c53f8bebf5c60758a9

SHA512
2cfafb8616a9b95ad67e8aee28519866f2378b2f112ea59236daa47303a631c7c1209fa11fd99223654f4b2f415f5f71c1afa1c0d135e6311cfab2662eea95cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bfdee0f7b5c2186d93c5496f4aa56636

SHA1
eae8b6fb296dfd9aff0c9752f11773bf2c89d42e

SHA256
95b6bd59ba95b8a6928c4294388d2acb4721d48e1fdc41b0a3a4157a6afc9bfe

SHA512
f9f8fb6559ed0a00b694d61201bd95b0ca166b25ec79b9a19b3d592dec0b599ea73bff1009c6d0b57970d3a7de5744b5e55d75235f8ba5aa23c590ff08a621a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fa2e3799c27defa0131d27f80a004df3

SHA1
4f9d38eff7ac076c9d84e609192b8e0ace4114ee

SHA256
c588bf82e865d9f9039b15c85cbb01990f40ff5ccc7b59b8d617d9bcc9e9dc6d

SHA512
500bf3b5cfe35d4c8848721d25cac649a6c3f738cdae6cfc74a2db86c785f251db2ad5e8a18fdca88b0670dbb6b13a7ce4e60f60443f104b3a5377128fbff769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bedc00667e20f4f89acab832765dcad9

SHA1
9db5deb3cf96667bc82a08749b7852768dcf64cf

SHA256
a9eb3d43213db779fa5965f6ced889cf74ad6b57fc4c9244efcaf7a60a7aa3e8

SHA512
e5e8bba105c6398f53c3892f428a06993b67221346ea5659541262ebdfea1fbfdd4997942cde508912fe0505cdbe1cce6f7c2912ab4bc42687776be82234a740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aca6ac59a5439e4f799d5a5f612f383b

SHA1
5f31a57e794ea72a2d52c87491adba2115df22ce

SHA256
87788c5ef0ed918c51d86fb7bd50ee38de9517e38daff8fd186277ce64dd6c81

SHA512
0adff237f870dd5bb9f4e74618f4e5894d53497f2d4373045df242a9189180d36512ca48e426363399001bd337ac0188113b41cf96c7d2cf434eb11a98a7bf88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
44ca20d929dd2163b49023b1839297a9

SHA1
267ecce6ee021422d5c67d0953c9b5b4ed01aae8

SHA256
39cafeb8d40b2116c2ca8bf36f1e3874ca2daea6a19c95fedfe502ba80af72d2

SHA512
28257f74dc9030a1b4ccefbc769de4e8755ef07fd649d51834d668f320da2afcd83056ce4bf500dd94d48562cbccb4bd9fd392573db62891d24bee94ae6bd16c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
715c396c318e1218a73a95efd4302ade

SHA1
d5250880695b7f55a425705711c2b4a5d3e64775

SHA256
14188e476da933cd1c773964aeff31700695540108bdc25bb9a3b15f9f06a0eb

SHA512
8bacbfe0e8e1b8f1d466a601f115d3ea35aa4d336c6f8d5ce00ab9440b32bbf5cb0014824635d00642e56734af1e00a17bd171b70d5ca539e53680300ea0e8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51dfb6bdf902f1189a32d0cb0b445d96

SHA1
aa9d735967940bb0fcc4b2476472cd3efeb61c87

SHA256
30b94cf5d32ce6df540c326da4d43047ecb7cd36fd568b41033fb2df42d20b98

SHA512
bc81fc6c00668a6b7b3d7457569c397d8d341c52018a7922b49506f2e62eb030a1030a896ff11981e8909512ae2e4be648dc522b285c38e17aafa087e9101f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bcce92f6-f447-4d1b-9ec1-53256c7b91f6.tmp

Filesize
11KB

MD5
e2e313bf234c174e3c2487c5a63e27f8

SHA1
5c0623fcb34880b803677be2ce9e5a1e6d26b951

SHA256
2c039582a55c587407ed229cc252c9c05adf882f793da65e8a1ee4e36c8a9865

SHA512
25f1a8728b4373f50bad6b0b683d5e7ffd02d9de36b391c2f4f37afdd1756dde18b832df5b83a7543f6f95c10cab5f471fa6a74497946aa346a905d9276c34cd

Download Submit