hxxps://drive[.]google[.]com/file/d/1bOqn1QpZdekbmLDjQBDOL80TQ5bTFjOg/view

Analysis

max time kernel
1726s
max time network
1728s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-11-2024 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1bOqn1QpZdekbmLDjQBDOL80TQ5bTFjOg/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
12	drive.google.com
13	drive.google.com
1	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3500	msedge.exe
3500	msedge.exe
4484	msedge.exe
4484	msedge.exe
5388	identity_helper.exe
5388	identity_helper.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 1148	3500	msedge.exe	79
PID 3500 wrote to memory of 1148	3500	msedge.exe	79
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 4332	3500	msedge.exe	80
PID 3500 wrote to memory of 3004	3500	msedge.exe	81
PID 3500 wrote to memory of 3004	3500	msedge.exe	81
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82
PID 3500 wrote to memory of 4080	3500	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1bOqn1QpZdekbmLDjQBDOL80TQ5bTFjOg/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca2cf3cb8,0x7ffca2cf3cc8,0x7ffca2cf3cd8
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,7764895338557076806,11578602116832011363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
ca4f724d47bc64fff3880fdc0e786ddd

SHA1
3df3e713b6ba81782c5bd395d007399dc3915533

SHA256
5ce003488387054b2afc5c4ae3c1df664140850c3e141eee34853c4e24a75c55

SHA512
75699df92ab7a4b5e80fb0d7ace5769552c527edccbb066c30a4a7c18aba81e23a6bcd0149ab67ea2150ed46207838f35598f9b790f53d758c267db1c4abca0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9708dd3adda4678432c028d54d75136e

SHA1
0996b76fe99f0e55db8b9036c631fcc686c0272a

SHA256
108dde3d2c27bd0f1ea2a1b5ee1e08d952e7d5a930d191c803b85ef6596a4eae

SHA512
3161bd386abfbd11bc5b3b9bdf92d20fb3a82d9472e06b18c38e43d899c40de6d1b32f44792c8f43ac9f7b183942ddddb7dd3f67b26278bb07e3c7b20c8cc9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2b5d371b7137ab5b842e79ae0e85380d

SHA1
7e03e8bebc1a48e42b4e5ee6f07d2fd3bcb8df41

SHA256
5ca4d34b55ebf860c109fe9710e3d4fcb971b6aae6167d9b8bfadf799b063966

SHA512
ff4fc18283466b73fe229e82b7dbfe24c11a29edcb9c1714ebac2d863f5966bfa22e6c275d19a9394d11577f561dc88a9a5ebb2f16a9ab2212cb4b7a2cbb289b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d4b1bca2606b82c01b8def7d67d94b26

SHA1
63024dbed3952a00fae32b54634d50781ff3bc7e

SHA256
5d48ddb61c96f74f6b8e90d0adec2f1dc8fbfe94a22c815cd2a8033345443bab

SHA512
709011e0ba9ee79b21d92343d22efd9fb89fb2b3566486f15abfdb4ece8db4370775d7cbea48f17af2b96922375006d88a32e3565c5c39580b42f2d2c1d17fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dff113f8312dbc139ea377b11dc454fa

SHA1
ba7a33d5204eacbd46f40b62750e9e19be44d3c2

SHA256
de132bee346c70a53eaebe442cb555fe332c26732903207803826f9189eb59d0

SHA512
e8f524e757e4d74c95ccc37342d27ad281592c80c873e23f5634093dcdc3c6e71b4b3fc26311fe905de26f80333e9a14098db84acf69c7965da6777eedd47c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a517cc0e17cd08f867701278c234719d

SHA1
d060b26c592160dd81e022b0ed53e1a714598c98

SHA256
489657d78363a55318740be9b110f701c38ffbd72cafd1f125a43bebfd705a60

SHA512
8323bc9634d24bf2f4e50d234aa210b6e27b429c96ffbb5b89c0e5794bec27a564227f23fa0e65b50c5d5ffde6f148679b2ce214691de0d5ef5a6423e11d2a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b63f01cd843508c5b9e712f02a77f71f

SHA1
eec23a59cdc2f0c8cc24c20d33d7de45a56c466f

SHA256
2552370862c8e36d245afa600416b22ebdbbdf75c231a1968cbd8f732e1c0155

SHA512
4516c72ea0592207fddb261d7d939005f7d1a54002ec5bd27e8f1d487d696ccdbfebca08624df48522c32c5f7424a24aeef2474ac25b03155676b07c8e55a8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
48cc119ab5247372c554968159560bca

SHA1
4fe2e6105a9b98d45650afd7a6f5f8f5f5f1a978

SHA256
414d6e033b1ecb8fa5a3f9b78bbf456dbe603878f7d307442e2ecf1fe91ede95

SHA512
eb0bb4d2d7f64fc00b14b42d3ca614de656ab7819aeb52a5e560a912eaa29a9daa5ed3fc7a7947d6da601240c8a74c43450f57930e5b11e2594f786faeb40749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b20656e3dc4c772632a6ab6b133c859c

SHA1
c84f45e674301ddf390c9941ff3c832d4ee2a942

SHA256
7ad40ec2fdfeca4bcf96ed071b44589d66199e3bd1de1795dd2cec8e478b12b2

SHA512
79321365187db2637af1cbef40a6e1ed84cb1962f7a6a7c6e6eea5a7977078f3ede453ab119ddb4dc6339fac471f5001b8c93bc2fcdf419614c0b75c4c35faad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
398d494b6cf0b42e69cbcd3df5b33884

SHA1
f50d6a19625475da67e873a60bc3951a5e030a09

SHA256
105582d434b48fd40f7b88b5cf18948723f9cc27f2de6d9705f2c1a5a5526880

SHA512
a891c2ffd1c2096d9acb073323e9081a11b462261aaf0b0bd31b262ce89391affaef839ce5b2f173174d2778d26936268a2f14baf8233a7348d3f954fffe7fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d86d010265c81c51fbb87e920cccb061

SHA1
54a0cc593d9e655bcf0448d9cec35b7abdae2edf

SHA256
27edebc47043804ef1ef7f4b19aefd7f793738d23f4c135011ecdae208868322

SHA512
4e05c3baabaa453a1ecadb07468985b985b439b3eb1ed670c150e84e54f37bea24bd090ac5ea1763f93ec50d90f80a5a469aafa428aad8139218e445a2f3e427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
20a83b3cfb06c96e3058a5c4084154e6

SHA1
9ee42e3c80391206a214976cb3318fe0c6f1b7b6

SHA256
454f0631b8155354109c8f0f3ea8c568547c8242fa27b2d216671d6fa6aedbe3

SHA512
51a74674fb5b42eeab18e09f1978faa04db39ad715ce38e9f8d79d0cd5f11c6adfa0542096f44960ce0e7868328c163e3d26b9a72cb6ee9d16de72002a07dcd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aad89702025b583da773eade7470e0aa

SHA1
93008996497911ed99352bedf3853070a67278d3

SHA256
7a145cfc095035186f5a126d3d3cb11c1a9b9e72a6c8e8511af67369c8587d7a

SHA512
59a9be356d95cf71b1ac96e8a5f1f6c3bd12145fa900eba50ee0927c7b38ced6ea285601bcd0f63b06e7492d3396b9d824e36dce7fee11de2b0d29e88eb626a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
42ef1dee051aece50da3f3b4559c1a43

SHA1
92de633375c63d502f20afbf6a263a6049b47601

SHA256
3e9d182a030762ec31efc0bceb46a6749838e3a3e99c22b64fc2be7517a1a5c0

SHA512
a761427b25608e97d1d9655d03dda5bf131e590b9a7aab1615707bc2e369635149fd3779f78f6dbd56cf236ea6a9ebb52e5b4280c5bae4cda0280df637c3923d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6277cac4b3d32efef4c3dbbd02ac442d

SHA1
3b5f3bfc0fd290c7cd682b1b6934f080a85f5993

SHA256
494c5612c527601bbabd86d4a714b612235d66fc6cc291ba412496e21d42ebd1

SHA512
1d78e5a800bf0d669f5ee87a4f886a3875e8014b8ca00c145314c92e554916b85a479d49fb92d11f22a6c198c0b7496038faa863426e12ddcd1f21c9d6204cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ad15b16b07d47f3b1cef3a53b0dbee3b

SHA1
05ef04bc35d2ed3a113b632f957df3397ea2e401

SHA256
ab5b52920c5106a9bc4ad32597c7d468f07d3b11cb76ae5d77f2e6e7a87aa867

SHA512
57a06c9b109d1ac19d24a2b457b4c9245ef3df3ba1b0e0da9bd7eae7cfae7805f3190f10ba018156a32506d4d08638698d1043e013ba5d23399cdc147313e2f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
74e69195786f874bed35d0898b9ef3d5

SHA1
ba68e41aa7a72b3da5d1034ac3dc883bdbfcb400

SHA256
a958bf5ae8bea0de3c7215e12a5fa4ae5d8faeb4d0e564e7af5e59b7224d81fa

SHA512
2906dad121e772f173e5151a8af3cf66a1358eaf527b5b182c8f365a2c22aaf1f7c4770dab89ccf1e46d9c0606b190bf7ab6ad053c3b60e90ee10deaee84539a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
df2e086664535f85baf6a88771883b9d

SHA1
94cc69a2ee661d7cf5fd36fe1641af11768c7d21

SHA256
91d2eec038787c66668d69fbe444b1de7a3750ec43cdc4e6c3cf4b85a86d12eb

SHA512
4578949458bc13b328f016a872d37dbe57172b7860bee1a86d0073fd013c907fda0bc6b1b1c96235596de2795aa254a73375d4d67819035795fba5b4d76ed893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77f616c9b84f0de91fb9641974807b7d

SHA1
8171324e3bc281a64e03fc882353e8f09825cfa3

SHA256
8bf48e15c1094ec960372fe3024419ce09506153cdf9edb2eff4ad3e2c32a8eb

SHA512
2dc5e59889f86e5fdb216a4c503daa0486c04006a90712589ef3286563bed7068ddea4fb4d799c49264c4fd7b0f62f96227997a1286f0ae64347c367ff97dba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c87d1b31e6de59474f46ccce815310ef

SHA1
7949456d0a7490f1ff2ea18273f9b835384321ed

SHA256
8ad640931f1b75d0fb635087df5d0da3401ea1466ecab33ae076f535223e9565

SHA512
56c9f98076d9333a4e4b9a0cb7b23a9867921c7d82aa573d02a5efdeec09584cc6386defc2fe3b5eb21320e6a074dbf5c0b9b5a8bafeaa9aa5242e8d9cd6c3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ea314e7a60d48dc7622f6403b4b2e8a2

SHA1
4770116795af867a9c174ab73e79308435580a12

SHA256
3a1a507eceec34608cfd1858edc7880270d671f98f55b6e8fce6dedcdcd88de4

SHA512
3aa8cfdd2ad90096b1c911d3ad83d46be34764cfa8230f92ebc7ffaa82f326679898bfedd1bff940c4632589d60f0bf7542e1d6754e3826d0248b6f3b822f942

Download Submit