hxxps://drive[.]google[.]com/file/d/1MtRD5OWJUfd8Uwfi1SC7JeD2itiUIiCt/view?usp=drive_link

Analysis

max time kernel
1724s
max time network
1728s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10-11-2024 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1MtRD5OWJUfd8Uwfi1SC7JeD2itiUIiCt/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
5264	msedge.exe
5264	msedge.exe
5432	identity_helper.exe
5432	identity_helper.exe
6004	msedge.exe
6004	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5264 wrote to memory of 5360	5264	msedge.exe	77
PID 5264 wrote to memory of 5360	5264	msedge.exe	77
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 3644	5264	msedge.exe	78
PID 5264 wrote to memory of 2836	5264	msedge.exe	79
PID 5264 wrote to memory of 2836	5264	msedge.exe	79
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80
PID 5264 wrote to memory of 5896	5264	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1MtRD5OWJUfd8Uwfi1SC7JeD2itiUIiCt/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc69d23cb8,0x7ffc69d23cc8,0x7ffc69d23cd8
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12346986018938018847,2713039479344604222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b4dc14412b8494673bad48ca8704e1a4

SHA1
e547693ea34de45a7047b639dc94720be27650ea

SHA256
68646f594f71b89fdefb183454b5d841105a8153b5e846a7bbf085a59ae5c2fd

SHA512
db3676bad288fd76b19fcfe4b36f5ea2ae5982a1804656337c4ee65f4824ac32060f6d92445fe0f01ea917d3fb6cc3da1a2a6ec77b7ad8ae68aaae3cbe2b2515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
02fb81a5c7a1c64e070b26d41ff7c5b2

SHA1
21fddafa4066ff3df18ab598fe75f0f9c95f08ac

SHA256
995018ee0521e8ea1e93e82aff0176dc00b3fffa5010db1719f57babf54c89b6

SHA512
62923a15e3756afc2f2d2ba66208486429db90fd54e7d301583abb424db20d0f265587ab7d9a510f374d9b54a2064bd7a46650db6ba254c88a8d24e8f7e60ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a6556aa8ca0d2e5c421bc1b8eaf921c8

SHA1
a65862b57e7457333d7f8f38fb81fb3be45dd676

SHA256
bb1446c3975a8f28eacd49c7763b04dc8f0a0c92f8dfaccc0cf59c0b47817d2e

SHA512
58d3f6a85560c5b4b6e6d5ec0984b1730601e4cd60d2281e8b9d5c10897432c1825fd4761c707f11eedf87761ce2233a9d6bceb49b8ce3a39b76ac4bebfcb05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2afb46165b1059272c16127ec9d0d353

SHA1
ec08cfac247df01202de46b7c9485d4c537edeca

SHA256
bb472e24d30be9af42d423708d6e6b13d1c2c19a59b15b52197c257a7a1f5374

SHA512
ce71304ba710a9ed4099c5b436917756d2e8c6b189a7b3cb42f93938e0342c85a90bd3037971a29c9f2281694ed13b12330086a58126dba55b192c6b6938455f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d0bc47714ea103fc97cd6f3821607e01

SHA1
0d7835c35f8c6f76b5699f05f9abcc82d34fd0ec

SHA256
bc9e9491c0cc6f0eba46c5113034e5d2203c64b85145035b3dacf6d81c853b0f

SHA512
44964866be20f4280083c6c51f5708c27bda41bd8e0b929bb4b91837b5d748c15846dd86a1e6956af3f7651fa4b9df6e2ff33a144e0636a977ee6c61fe9976d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c7166d346b9d59f2b0e583ff4cc67964

SHA1
eec83e60b13c8a67e321bafe93ee6f048ed2916e

SHA256
914ca6277d1a66f08246a503b01c89ced08c01ce4cee7bd081fffc0904e0394b

SHA512
1064f8f5ba80134a8069ce6022638db9c76ea3b59dc1c2eb42e03168be36de75cf410f1ef92418eef549d682801c16418feca3b82010df2d8a1616408d0a2337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8c4433598af7159e846e13720e3df59d

SHA1
59a34d1951f0389fd9e4381c8e1e129dde25830d

SHA256
5dafeeb1cca067ab17c0fac1274fe337edbef269347f13d3119c28f4a22f9a36

SHA512
3b97de6364d005caee0c06ae961c93033a34d53902cf527b732c9317fc9e0cd854a045732acf1ecb9f281e44c50959a346070b92d136c36f83c807333ccf5433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9188f5d116c5bbbc1f95165a1fbc8c4b

SHA1
7cd8cd1c1cb276b00f8f69cb5b11b9723d3a6ed1

SHA256
9857c5eb5756bf5e768082f32eca7ad51fbd15d863c7ecd5b1fbea06912c035c

SHA512
cb9148eecb84535e34bfc91ab1105a50b7664b4437d5e9635f3609f41ceb150a400aec9ddaaece8034e42d2fc619ce64b8e11e3f8ee411eb5d4873d9c6557594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1105d6beed6964fe4b811695ada34c32

SHA1
449ca63f158e87dee8297482786caa19299a747b

SHA256
f442eadce4741ab6a171a1dc5098a74ae6f6e5b923bc8043ee5bded5750ecac4

SHA512
0cf9124e188df6c42e950d05673e4cd15ffa78f1e63be993ffac85b1fdb85d93c1c0bdbca9ad62ab943db0363ffe724d49b3c6e5df2f3b802916488d71c9b665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ed4b48f57606de06bffc1e241206fdbc

SHA1
bdf5a02c704254f1139d461164582def3d426cab

SHA256
7e00eca8c05559e3d6fee457e3d3b565d19fef396a8bbd0e25e35d0d040204df

SHA512
dcc3b7174cfdc990b86b11f68f699742cd3c2823016b610334620c7ab854ef352202b3757ebc78205377ac65507efb511dcda77f304304fbaee287293b59fbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8741be6e00786c3aae2677643799d1ec

SHA1
bec16e68e67b894b39842fffa728b6082653b0de

SHA256
38d14e0d7dac04c4486ec2d26fe9ee15a19ee16864d7d91e6e9acb06cf5e9be3

SHA512
c1d62ca36e3caf566452898fed03cb1dc10f206df8ec145516fabd70acd96ea43946b45d76caa93e279bfab026f4fef07d467a1b759e174cae2faf483578e6ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7bbfbf4370dbe63693e640cc0062f42f

SHA1
91bb4a1842730b9090cbb291f75e21fccc774b8e

SHA256
4fb911d256bc942c7cb4a973c091f61db5a4442b904ea3f4e9dc2cae7b6daf10

SHA512
add5e328a791fb5f75e73fef595e8ccb4e21773a85072eb97abcbca98d7655cea8dc08df9dbdfee68dc8661d9adf3417f8542052d87c3f9ad9a146efc78edb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
520b93b26324b1424cefe345b8950b90

SHA1
91c7a57389a2433ed277a745499c6df2d2a0a02c

SHA256
f19377e71bba6ba3f0526774948455be19053499ec034971d7f511351ff069ba

SHA512
b610a5f33523fec6f07684a7a6543c34c1c501bd9daae71d1db6a5134028ea18cfb4521dcfc3d7419bc6dbbd8093f6fa8af6b0996b638bfd3735738c8eb857c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
474afbfda0592ef698294180b4fc21d2

SHA1
6a2fe22e0a57b26a078d924e54146d85b9d16f7c

SHA256
ee9effd9f7e3fa75172cba58c0196e2560dc93c307affebb5be19876860b9d77

SHA512
59eb7e39b33bd24930193660afc5a094e5d4b22692dcf00b1e7a1fe0094a1737951c207101b703f84ebbc76038cf90b20a6f60bb50e3a33a082e0a72bdcd930d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9f423f026c1d3efd15e70dc2a5fe7d29

SHA1
ad25401c3bb20df067676309af3da146b572bf19

SHA256
782415502475c3c7395d3acf6adf4e9816a030b04f1e00271cf3c4e097510ab6

SHA512
b637a6937371a5423e0349e48c55804d96c35113ef4bbeb18c6103c0bea09796102de7cf3341d246a61cc805846bbce1e0cbd0aa68a5d0296b013c94c4523798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ab8211ae471a19abda9144c837f27499

SHA1
f977c028a1baee9d2c8fa12d24b66f4fff3ce4bc

SHA256
3df89aa27bf4a12f230beab0299acaf1fae91e3022c097b4c09ead0d41084e96

SHA512
78c09ea34c67389bb37edfa2e32d8bd079ef8713ab66de84564a0a03ba2017f99e704e4b95ebc825e19def91b03ca2ac29b758eef0c794812d43e07033b16736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d67024bef3e3add191ed807e9abd621

SHA1
3cc536ca411534d1e83bb4962c712daf50c35052

SHA256
66b3a796d5f6d240aec4a75c89579ae104a13f2f6efaeb120b739fcfebab0aa7

SHA512
27d7cd0a219a6d3dbe0593406b85b8de7455ab4c6fce5638bd9ba1f9c4fa44fcbc69e26d373e67b29d08797e67ef3dc7cd111eaf22fc0fe1af98a5874ed90a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0337ad5492b5036396a76520b3ea8d05

SHA1
d30b611ab27ffa1b647184bee2d2a3e057e87204

SHA256
b4cbd702a17da5cabd690a4c5ec8497b2bab3dea45bcb6eac5dda18653f0be69

SHA512
36ee03524c22f20220acd064a2638facc9e4954e723b637e8f900a99e1815a268eb11ee96412e0da00ffedb4a18ce36b159939415c2ae2e2753a107f8d2b7e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab6fd21adeb4e26b9168204b1d0e93bd

SHA1
c4d96daea862b1a28e183f52d11c0e40bad81fd7

SHA256
912dee1b8b9661697cf9167b4a8376e3b0827b2e8990da97002ba988aaae3ec2

SHA512
16acd93ec0fb391bea6a42fc71ad50344041d70555055789fc2cee41a6b19334aacc0ffccd12c19d73797170adb73c35ccac7345b767dd78b9cd7977eb08c887

Download Submit