hxxps://drive[.]google[.]com/file/d/1GtqIB3VJV1jrTjLYhxJ8UGvZUzLmsLME/view?pli=1

Analysis

max time kernel
743s
max time network
727s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17-11-2024 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1GtqIB3VJV1jrTjLYhxJ8UGvZUzLmsLME/view?pli=1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
6	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4054f191-34df-459f-bef6-321179df9cea.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241117134417.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
2836	msedge.exe
2836	msedge.exe
2116	identity_helper.exe
2116	identity_helper.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2620	2836	msedge.exe	81
PID 2836 wrote to memory of 2620	2836	msedge.exe	81
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 376	2836	msedge.exe	82
PID 2836 wrote to memory of 4712	2836	msedge.exe	83
PID 2836 wrote to memory of 4712	2836	msedge.exe	83
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84
PID 2836 wrote to memory of 4924	2836	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1GtqIB3VJV1jrTjLYhxJ8UGvZUzLmsLME/view?pli=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffcfd446f8,0x7fffcfd44708,0x7fffcfd44718
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2636
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x150,0x154,0x134,0x14c,0x7ff670365460,0x7ff670365470,0x7ff670365480
    3⤵
    PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9281065845842466024,13150224950611086681,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d9c9a841c4d3c390d06a3cc8d508ae6

SHA1
052145bf6c75ab8d907fc83b33ef0af2173a313f

SHA256
915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d

SHA512
8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e87625b4a77de67df5a963bf1f1b9f24

SHA1
727c79941debbd77b12d0a016164bae1dd3f127c

SHA256
07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e

SHA512
000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
8ad2b0aebd0618086bbc77afd681545e

SHA1
7572d73a3e3934f3e922f0d59fac75a9fcf2f81e

SHA256
8e2aee7092ad12d6ab5d02957623150e496d9d7f468e78cbc29c8feaf596fdb9

SHA512
967b19532d6cdfbf8dc6832f0a0e8156e5f8b7a22300d0dd2261ddf63cd0d66c9819f428b26a3f63755663a26a8b435404401ac518f75998e15ef8a8a93c31d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b2f35f38ed8ac929343aca7b52b044b4

SHA1
1522754f2e0acd78bc82b17299eafec0c6f254e4

SHA256
4b0be2aa65b8a62a6e560ccbdfeffa96594b970684099fed17a13c12a2e53b0a

SHA512
c8b877c63534c56a0f8eb4dce4976da1566731639e0d703efe7714e05412435ac1a00badb6e342ea6c5fe38691808061d8bcb635584181cf42c0d1fb5b9b2d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3f4c12f6107ce30fa1d3586e7ed7e1f1

SHA1
026c6fd1ce22ad26046d043b92b69684108d3c63

SHA256
7e85cb51d420327d85d93bbb9db5bfdd1bf988ef741f3c5835dcca1d05987d8a

SHA512
f7c3cb22517f03186a105137a06c5724eb92db523c4a55ac17172cc6a1c61e36693841e708a17705dc164bcc5ff5e3580f850fb4a88af03e241ef4d908811a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e18128f0eeaa312a5336558ca78722d5

SHA1
d656857bf355c1968cfac3ba5a49a7f75ae9ac5f

SHA256
f0aa892f96e7c191d578cb0fb5ecb2612296995de1bcbeb4899a9d916222f8c2

SHA512
169b16ba3f67d30f34aaee3b4ea639187b42147458f8ac6b0cdde556d8ad007e4864fb4914aa052e6b15c33db0ecd9fa2ab30152654a0522f46c3134e834220d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a84afce51e76d1e5b41dd62e7299f332

SHA1
214977e110db26273d636529e2b95f2b7733d39a

SHA256
c7b3d573d96027aed0aa6590d22c3dc0b21c1ce3c72c4747271d7f2ba254bec8

SHA512
048c6261fb96834749b24119cc7348df2f4f2316639344483a590bc52bc6951d8626eb06c2314c386c6db702f43692f7adc53ab7088339bf13554427582a9af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
998dc6fd48ebef6947e8123cede87a82

SHA1
c48b1b3f6eefd9a44c726b59575ecb2a52b03d13

SHA256
beb90d6e21d197a86b9935c00565677157c8dca360e326c17053d69a360adb7d

SHA512
e0b98379992722caa7c68ca8a07bc7f4eaaf4c0c90985945c847c8f316cc91bdd87faa372d0ef8df61c3dd016186c1a8ef7d65d0bf59cb3f7b0bf5eeb3fb3fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
538682e336b2d34cf3c5e31e01e8efd6

SHA1
9154e5b6739664b5d869b3bf80ab88c4e0f96924

SHA256
321a190aaf83e9220ab0fca9c26ea0960906dbc84e8ffd4ebfaf930c2987dda3

SHA512
f48d0c66928f5761cb6b4d999db66dcb397c71aeb4a7e55bbd6fac2b131283c62f452f2b65ee6cfe3aaacfab39f7f8a34b448699bff63b6cb93ac04449b0a0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0dc66a0fa661f78b0b1be2053340bef8

SHA1
7acaf11b43c256c5ac2f979945031bc13fed5381

SHA256
af8d4198610cfae62d0d010266388bac218e477cae66667fcafbeccde9330b9f

SHA512
fc22d8d488b76c24080d1a0832840bb39a5725dd41d339b65825fe4fb506c346756a7b5d089424b84de86e9152a7734c9347819ce2e9778b69c7dcb5acd39f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
16761ab837b8c121f287c7c5eb59cc03

SHA1
b2a3f7362ba939d879407f5b211f6b2c887017a3

SHA256
3c390daddb267769649134965cbd6b507f1afe25c103f225911f9a19e2eed460

SHA512
ef65915f4786975ae106c404122683b613d0a6eb919dcbd37d514b3122672c4b2389d585470818e67a15b044cfcf36190557843b588ecd101edae0a1863adf1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aad73c3b42a6bb9f9b7bb635820e433a

SHA1
d661fe4355d618c88eebd5029ae323ff66322272

SHA256
267151ae42038a24569074a989c2bf5998c1041dc68aea9868b92c7e90b10cad

SHA512
f61d9c1b5e860a45dcf0a95c2ceb817518fd4953dfcf2b21fec1e6371766c50050e25c76d940b4a22e31903116040bb1bcee146a405479c8db28fa374323c00e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5fad1c84692dc3813aae9fb7860beb44

SHA1
e0f64f4dd69da353af08ec99877e2523f08316fb

SHA256
528c103fc87c45c5dfa32fb67fbe6bdff36b41af1e17f3b4c6c26b592415bab3

SHA512
56b05df0d16c24ba29ad66915f49cba159eda89d7c5c0b76a15e0359afb017cd9b60a18e9d82f130410d3d8963c28737616d7cdffecb7cdf0e1efe530607f58c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
32217b3ec9a8c10aa95f3877d9419bf7

SHA1
ffd78efb408971b36028116158c7befd654f3299

SHA256
c1565bf398eb865470914254785cc97c851791119f9a5067203692ca60eb51e4

SHA512
abf3a4b2ee4d5e22584927c187af84264ad1e4b6d079748f72b245a419bc5a8bb93aa406e631beb03d146aa804e535048a3297f618adb72cbf50ea801700c245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
26712265c743ff99f52e2eab4458d317

SHA1
90b1d1d35514397bbb214f5e339c21087be473c8

SHA256
d9c628fad456d8020b2a75600cfe6d4f0b83ecf713fe0c81895c24c85905c412

SHA512
77e6234ee563c06b856774a9ad5a6ecd9a7b2a364f4890cab2405e7647eeb6e1d378414fc9b1dab205858c6d5dab7f2b6ce32663d994dd79f4251cac94f7a78d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e107a93e60c84b1d744c9ae0c4182a7

SHA1
e87fd57f10343a6d50b9ef36984879d6f21b2d39

SHA256
1f3d9b0cd6b0211a2ffe043c8cbf2ff4cdb220860e556c84b2f2d40b103cec27

SHA512
9497a80a07b7e3a735266e01568cffa390971c5de603aa88a91ed2de404aa8fbf939a7b5b50eb1883618cc1212bc7fe879581d6de54a696c2207decc400550c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
137094a3453899bc0bc86df52edd9186

SHA1
66bc2c2b45b63826bb233156bab8ce31c593ba99

SHA256
72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44

SHA512
f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
364592d2cc18adf665987584bf528cba

SHA1
d1225b2b8ee4038b0c42229833acc543deeab0f6

SHA256
bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c

SHA512
0e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a2e376ff0f0daacc397b2ce49ecbaee6

SHA1
7b476560116761eb24b27a8674a32a10a23bc694

SHA256
7d4e4b67b6971d39ebb0a79fc4d33b100c45c9719d1a911fad0c0e14351ffb45

SHA512
085db5598ea0b396285a834f2751ffe288bb62353229486c671cac93ab1e09ab811870b177353b1058e76a145c6258015446d4f3dd6b2d3326051cce7178b801

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4d7df2737e6715b9288589c6dc61ed0d

SHA1
4c3096b9e3a00d0d159f9867fb1f8db195179c93

SHA256
b555d41625009cc3fdf4b0fe55a3a039cef3d19f2f45397802b5a4e0cbadc21d

SHA512
667a46ad07de2e83709b7e9a94d329cec2edeab08532dcbd37d2e26ce1165a6acf11bf098e99e8e0082c2961fe867d71f16d10c1f269ce1ea7b1acba61c5dced

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
7d962372de81da8de2067f902368935f

SHA1
3e6c4426a3c0d0431abf2adabd3519d6afa4e8eb

SHA256
23e2ab9778bfee15c118def0d7dd3d1ce5454fa11abac76d8d1d6c8c92879a38

SHA512
5ac887a46805530a92565d7ff0d498d785bff431cbbb776feaa53660b2299d471908528eb3ea272b046cd98a4b747591795de707dcc835b14d26efc00d9fa00a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
250d680f3c9d040b73ac26a2a9dd022c

SHA1
11c9b0562cec3431feed5a4b69d4d1af519c87f1

SHA256
2289d253e780ff148b335e7b44923f34efc198ccf4417fac7efe99ed8545359a

SHA512
aab0610328ffccd86da2aa4c731a6cb33039948b67119ff7f898af7c19280aeb9afa198e535b14fe9cc9f4ad9fab1caed4965973fddd8b101a8675c535b6c401

Download Submit