hxxps://drive[.]google[.]com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing

Analysis

max time kernel
1725s
max time network
1729s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-11-2024 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
3132	msedge.exe
3132	msedge.exe
4588	msedge.exe
4588	msedge.exe
652	identity_helper.exe
652	identity_helper.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 2548	3132	msedge.exe	79
PID 3132 wrote to memory of 2548	3132	msedge.exe	79
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 3292	3132	msedge.exe	80
PID 3132 wrote to memory of 2840	3132	msedge.exe	81
PID 3132 wrote to memory of 2840	3132	msedge.exe	81
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82
PID 3132 wrote to memory of 3448	3132	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbef0e3cb8,0x7ffbef0e3cc8,0x7ffbef0e3cd8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12099239073894900495,7302816784896092423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ba43a688d782057d34e0ed0fd76a7d41

SHA1
1acd6096a3165321d954bd2df6ac9c175eb4ab89

SHA256
9de82d87c598ea412f014d5ac17029dd5a3eecffef2a566c00614ac82e72ce78

SHA512
9706d877686babdd14e1cdd036e107f02316f34aef65708b451dcd0aebbc3d7ff6428cb63ecc061a1945f6add2236e9b1067eaf4eee213ae884d833d0a78d3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf144a40f2c66d09403b7280a7b8fa82

SHA1
d5fb96b2ea4d5bf71949111196b6eb2a8b00b819

SHA256
21b3f7ae2f88def860b3c75c44533894ee04ac220d6ff6801acc375556b9dba9

SHA512
cd7f4311a4e3cbef5bb8d59a6357ec9381ca9d83bec558f3f18d97f3fbcb5f9565f564e85dc825b13e64cf1596ae3d8ccb025bb02e17b563a3c0045da8a35541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a40e72486708df67200298c98eb4bc86

SHA1
c690d7b80da5f0d80c2493afee1a92b3a6a0f85a

SHA256
d88f607f714142b26fccc5e442d3b9653c9e858328d8f5d55be3adc2581b55bf

SHA512
085d46423765ef4bf682cf5882e8c7dfc18a3f3733a1d440b7c1fee12ef52a1c1cf216696492b278575b415ecedb8450c7bcd1ed7b4aa95d11507ebe69e3b097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
05d313a7ede6d6d032898a1d6a813e6a

SHA1
917b3f286dd30f059365a5bcb8b8db091d23371b

SHA256
a09a2840963c61c47725936fe6cc3e9ae42a44507fd1e8e1ecba4283ffdfcfb2

SHA512
90d9c10b7fe479bd97f681938bcbf4b869215d511d6cf549828520f6e2b0d434b455c319244ca3f8f91eeec1c7b1ab29277d6ff5d381b830ee8bf89313063f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d6559460f63e8fdce113c9a9ae0921ed

SHA1
7b8aaf45073fa1c7f46084d73d22ed29055436ad

SHA256
0db9c1eb54e653125a7c6cf2c1e3055b38e086db1e10ad3709d06e04bb83a620

SHA512
d955b0eed553cf9bd058d13b31447750e1293215f38028680ca276e06c01d4d5972b45a9c5a95ce2e256c5723a542719a738ebd5f590456859c1da74167b978f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eac7c0971fc4dc6f1e61b102a0b44add

SHA1
c608c43bad8cb1f3cffc743f8037e82cf84303e6

SHA256
81199158bb7f2ceec3ac38ff693a73da695e5da4d1a2656bd4d4b5a862eb81a7

SHA512
77b8cccebf77b2b63c9650bd6e2b528e6efbb8ee3233124ecb5b567c074c91f35acdde50f5425225ef51805235f08b733ea6fe504afdd216385ba88d3b9d3743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f5db49c304e51e369a98da3018711a0e

SHA1
523207d52f075dbcc2e1cdeb5bb98eb09b6d5844

SHA256
47745c12646137225d4217b55d7614838bc1cf9191748b6e6ad5584c73b1dd0d

SHA512
6e91b82a7ca11e4c75fe4f6ea22845319179af96093542160542f3a5ca64dac93e53c54cd4be44a17b3d6e646e759c5ba41433703ea8eb419a3730282fa5ee01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e907ed154b05d3208a34934c44f84903

SHA1
1fd967d5e8fe661f2c3e4066e52f8a8c5f7b969a

SHA256
6e18588aec8d4f947409ebd7f1d6860a39ff335c43682ac4cabeb28f87ef5e70

SHA512
6a5049f3e1220c3926222113cf7691154ee96f7b017a87d98a218ef7b1018ba22cb97961dd6f3de5b95559764bd17188fd65f47222274d4fbb0c61c87287dafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ed93c65bc7068e41220bc2095bb9a7d6

SHA1
d99810ccd03ceb82f5a0380c02df1aeba9787c93

SHA256
d1e4bcdff45ae0e12990682a8ad58d159af6b40ae89ea71c26c4f40d857ff4f9

SHA512
ac5902fa11d3e49fc9865895dc71fd7950ffd5f5ff32a895707ccaf9a922485023d603667193e6eedb798025814fb34cc3fda2dc69becd1b8a97aa54376217b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
267a1a79e86e6bc1f812e337361c77b1

SHA1
4e8f19af9c59bd7bb292885df956d88e9d3ed455

SHA256
164780badf29de60d2195727d8a701df21a969f032693d9cb873a3188af11d0f

SHA512
d27b4e5b7768eb961942f071c94ca237ffbdfe8092f0d647ef7886abc1075cfa685748346ab9d7690e89c8440eaecfb6cf5fc03799330f428a2a18b7a31c59e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
60d60a62adcd138ad35a793e7249e728

SHA1
a560f66b7cff483824af187bc9bd6cea3f2d7b3d

SHA256
24b92cf40c718a4b1f3c3b5f2376b5414fdd695eb9cecc697342781b61eb80b2

SHA512
2e79f5ee0ae3ade7243b5037cc74bf886f244acec92ba990e7c72df32d86ef89b3b25eaa98a9b9f68bf07f2dfbe4e13f32d01b40a98bd21a3911a2612672281a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
998b4e49a2b56f7533230bc5ff1527a6

SHA1
b0fc50e9dfbd53266ef4c867b17c1a6361d73b07

SHA256
76b5ba09908bedcb8c81fab994230b2b14133d46dac0a213f3879b55dd9310da

SHA512
044b209979d2995330daf615cfee0d6b98598089e981a9719731e17e40c2a5344cf0b3f36933bfeaf61c45f0aae8db9d462a3abbd7b87a43101d6a9792055764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d830e3c709943ea4a59b4dacdbee7ce

SHA1
62fff92cf5adb2ce82ef4b678e53f64e3fb88f42

SHA256
86217dc543a5ab18648f1de68fee002fc14c2c38fc7a86c927709a06503fd630

SHA512
10dedd11df4026481e791dd1707b5375031f5df40b9477dc508cfc50b6920f8a568198c416a10d9f7f1bed3f5446429698114b87c6389928cda2a82cdbda3fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b565e7a5b7035d5c7d6220a7784073f9

SHA1
972b70bc65f74527692bf88fd202a0fcb3641ccf

SHA256
1c5c0ee9e5359139c536b5335b2db3b6d1d7a11cc479cbcfed522e151fc5263a

SHA512
ddc5a8791dbeea0e2f66d1fd3b798b715b3e44068717f103e341167622062ed81dff32cedfa46433a8958e11f20699278d103bc515cc57024910ad4eeb4a6f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a1d101ee125044aebf134176ffb9d826

SHA1
9ce421e3efb08818a1a1135d37527f83116e9f23

SHA256
c25a3dcd05ea865a9d12560b35d65c3b288bafa73d23f88afd08c070c11c9bd0

SHA512
0c0937bab3eeab869d1fba06a6f978a87df52af287df34cdb057606876911054b3eac84d89ca44e08e64cbe7f4dffdf0181ffdcac4ede7aefe9f4b2c5c453218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
90ee75745a75611aae5917da6d071a38

SHA1
34f50bc8210f7e372884b86826996fd6d257c879

SHA256
30fa0dc0fa4bab444882f6bbbb44d98ded700516eb3dbd45fe414106d4296fe1

SHA512
e6b21ed58c40b3d4baa991b36f9b63883ab2fca3482b9eb1c097d9a7b4e1c9f04b459fbde67de8afddb85302f9bfccd9f76874b25793fb59deb0b91239b0410a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
818cfec5fd449db95e55da5316cbe8d3

SHA1
319768edec1ddaa9c90648b591e1a3c4b92e4529

SHA256
c15d9de8c671a9a2c67aa1053f4ba4f2f7c09425a670329f2e6eabb9265b7c11

SHA512
4fef3e3520f3a17f4c58fc7e68274821b0c86a72c8a9b1d25e90fc58394c1a8ec41d1ebdb8ae4a0d6e656b6041fab091bd88342612d7354ddbb82417ce3edaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9fb161908d9a65f2a3a3d48584395d01

SHA1
3dcc46299534a8fe939a3337d910db8020887288

SHA256
d5e8722a60bf5dfc81bd19ecbec8301699f898069958d7eec694f78348c554a5

SHA512
83f84faa6c1070742bfe625c96923d7c902255d7e0227a9c77ad056c3a700ddefa8bd2b70e623bb9b480621e2b31966a366b5f967b5fa6fb164a3868f5d685cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ef996bcd108325c77f31ec6b4bdfcd8

SHA1
3779d481f9e2aff9d0795f1798f02a44c6c780d4

SHA256
d5587b354769e878dbc3c126f0d90f5d2d689cfa56ae25e082a582fbeb1bb99f

SHA512
344eb46430417803747ef37d238a8fdd4e268be73c9e3769942744af0ca3a54f01621d6cf59dbae8d4209dfba42f9e366c3526d2cdd64c1cae24692b488b5d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a4625d2ad18b48ec7a44be6c6b89718

SHA1
55475caee65244ed16a2b997d1be47e42e9ad547

SHA256
5ecb52fc012f9562d89ff475091170f446ddc8718157a94c2d42ef37a155288d

SHA512
6d145f52971cb2c33fc18f3ae0d9241d47b484552c0b324006298f4983cecaeddfba053ee9955611e812117a4ece8ce1edfb363045717d85dd14ad8f546be4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7020a41ea5e4763ce981d50bba3f1a46

SHA1
41a690c419eff0ddbb0128db55b980f0b9b23a54

SHA256
3a2626e95504974eb8400de3040d85f0bc294f8c8b062ebd22b1f107c47d1a92

SHA512
bc7a868490ee863ecf4189fa7d40b86c82144b8aa36b0b0561ddbd1ee3226add3499d124e265f25e9cca7d9318c060b87c8c34d6896e1d0a4afb91c948665ea5

Download Submit