hxxps://drive[.]google[.]com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing

Analysis

max time kernel
1725s
max time network
1730s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-11-2024 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
464	msedge.exe
464	msedge.exe
1840	identity_helper.exe
1840	identity_helper.exe
4488	msedge.exe
4488	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 4968	464	msedge.exe	79
PID 464 wrote to memory of 4968	464	msedge.exe	79
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 1732	464	msedge.exe	81
PID 464 wrote to memory of 2128	464	msedge.exe	82
PID 464 wrote to memory of 2128	464	msedge.exe	82
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83
PID 464 wrote to memory of 2908	464	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc86703cb8,0x7ffc86703cc8,0x7ffc86703cd8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10848718380489156741,11624792380162506018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
4b184949570a69a30bd952d6ed10e2c2

SHA1
67048b22949091e2ee678ac39a18f2337be1ad19

SHA256
5a6477dd00cbba214fd3c9d55005463334694c1c2101973d1cded445be4a59d9

SHA512
d3828d914d449caecae0a46b5df23ebad787756ea51a67b984adf949c5ef5e27a6d5796c53415bfee7d9ab4ac0190acf8268d802659c340698296d327c3de7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a86e07611e6305ba8a2d553f8d9fd711

SHA1
3e668333b06fe60f15307c075bb43cfdd19b930d

SHA256
5a9dbf3a448b94e8b96a34140d883067c4522c5562153bcb33a07d4055d5006c

SHA512
e040ba4c2bbf95e9c7181a3795bf1d36e895efdfba19ef16d11d77612b7413f2134f3b61ce0c0d054594e999552b4b0ba2b9b2c5643bea6740bdbea2b7d9654b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1ce28cbf14f064437694815923e2687e

SHA1
ce67cd94aeab1d82d587b1bc0f16fcfbfe790330

SHA256
5eb8ae6da1ba9dec028a0aaa16bbcb354f0d482dba9f86bf0718cc32090cfdeb

SHA512
652ee2167569f3fd2e941dcad22c4b8773ae8fd9e8437765098d70da6a9d4958a09988ac3fa65e6996ac8ef6e73081f637fb3a9cb0b73f77d04084a24872b651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6cdc88d3d9ed9c93ec95de74a6bcbaec

SHA1
69953d47d454de265eba2dbd033d66f8ac907e93

SHA256
77b923ecac6abe8bbdcd5a0dce7a54e6d89ee6f4f62aef4a23561710d86baaeb

SHA512
10ccef249a0b9f5ae12cf8479e7137ef8a6c836104704c630ea3e660031d5672361d3d8679977fca9afdba176595ac3e599324190d201e3bac1d4ef56447b8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
00e09e6061e94f554f1ace442e5704d1

SHA1
83911eb929e336fd35b72f7b553a13443de03192

SHA256
e06e9f0745c0ef33a9bf2b171121112549dd997224cdf9d4ffdaaf79ff5e8bf0

SHA512
b2df5d26b9c2eb9816648236709ff4f8a1dab51119d077e73e9c95e162cf5cfb5a55d8cfd44d15b0c87768c0b503a5ddc30e3f2c055a8f7f96336b721e193276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
72361840cf29f9b3123297e3f53c1c58

SHA1
b63a63d452baf28a898ee4b8309be87b35dbb50a

SHA256
c192e6dc00f779713ad9554af8b1b8c7776f330b59db1e5514a68f1ccfe61281

SHA512
bd38850e2ca82e7bb82729bb9598afa6a3dda6480921ef81d42c37164f4a5457efba4d6ba12abbb8e02968a59a54390b840be9bd82b13da29fe8c74655cd09ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8065f7f01dfb3f760ff56f1687139dcf

SHA1
9410a81cc2a14d0395bb29627f0b3b9e9b759318

SHA256
09a65eb3d102f275224322edf1e55b7560cd4b045a99d0a0885c278c4e245fc1

SHA512
0af9f493a568c5c5ee7600f0370bec7f8631bbf50ce98f51a2becc86fee706112e9aa2fa086727d6ce04d90fc3d87fd5c8130232413da1b499c5e2591a38bff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7a04f1a88a5d8ee014b0bd28d2e0edbd

SHA1
4c7e8aa5a91cabbcf4a795d4d1edd543a47f761a

SHA256
71e7ede09f9c13ad66e3b0ed39ed13f761f86acb1685aa7848591ae3fe45d7d5

SHA512
4b09abb45ab070556902d8224520c61f8a42acb20ba18387d016a90f1432f0c09c8c63f88f2ff09add67518193b1148cd191a1caaa9317b57fe5fc4147468dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
51fc190757df48f46e2f573d8b630da1

SHA1
31005d2e7384a4e4a6f7e74d0867d8e4c1fbea26

SHA256
e66434ab48c83f6f96aea30fe502e3d48d9cea73e752a3e4fd26d8c95a595f33

SHA512
4a4f6c4a6b2305464d7320fb004152430a1cf89ec1728c5d97c0d6ea6c6b0f5a89497af9f978b5456ec19b41240cfebf3606f49fe39aa9f5cf6c1985fe0b823e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
86e1d644e6b8802501e480f743b2fa90

SHA1
2b79582d31da1e10edbd07354dcdf8bade72bc9a

SHA256
cd60dca87044cbf09df375e015278a92f65fd181fa1b3c8634cbe2552249629a

SHA512
0f76b5f1f76eda478d9b69c940535d30edc5ae4351a4fe4e73fdc15973a6a3bbadbb77f9666b74956abdf92b70331c7eb50218d04879fdebed37467666a5fbc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
756c9bd1170ced9a04732a75bc11524b

SHA1
e644f6bf90321fdd15c156a16b94596c05153619

SHA256
424dae47d6c31fc8f3b91cf0383e56daa6218ff31e18d4a4c1ebdcd446c82fa3

SHA512
3544ef3a384008c5eea219b0a690e96ecf09e99c72d18029b61da4dd5f6fcac0244bbaa68d98d887a57e7d9b3ccedbf38d41d03ecb80864eec94b5a622b51dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ba59e4f35645b6cd698dc44dde1a6a7f

SHA1
cfadccff83d39b3ac04621c43709c7d0dd1eee3f

SHA256
97022277b78a59b8bf885a0315323fa75aa101efed98d72cfa2e675eae1b4282

SHA512
ff2cb2aff47536441d5f9fa9793464fb1f7374480015e18908a37bdbb06b3f623135a24c3a0842b5fabd77e2639ebfa0f7a69a5c3129e0751368e5575f4552a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5b05b56b2561c133a37ee3fbd00bbf3b

SHA1
635b2f2591a5ea7275755fea83361f9f4fb712b8

SHA256
3e2a78057a2496a80e240eb47d8524cf9a305b804821fb17eef0287bb0dfca38

SHA512
29b320d9a2183aef96c11a7251ba92fa866274b69417c8f865406c306c1bc4aff28c7d6e6cbfe1283f5b6cd80668d72ea7b0caad3bab3ccf79d54bead5dec72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e4d6f77846c5f78c1d989e2d39e524cd

SHA1
e8ba299d3c9a4f7dcaa52f81dd0c3179505b34d6

SHA256
a435b34b8163cf1628c49b0296e278d826d935d4323e3c48ab7c3353ec83b48e

SHA512
d4415bd7d4d004f2a361aef6444b2bbddad2cc8aef866e63436583676451699ea99fc316addf8da75d2c872d8e47d0db4d471a1f59d3b5921afec6d3fc0721fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3dbe374810071cc84d5d9e5f682f25ed

SHA1
50fe4f5804dfd46e067fbb5d8ad560690b7c4f0d

SHA256
d10bf157fdb05e4b0272c5aa55087065511c8c16dfddae92c95d3664ccded36e

SHA512
9a6c0ade216cad35e12daff131a504f66ac5319cd1ed9a36ad7f7c371e66cf969c86977669914cb35bfaac87892869552afb3f5722b6797b8753fab0f06fb1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fd4259ad34f743156520fd3e25f11705

SHA1
e5eb4aa40316529cb02cbfa365f4c687ca8579d8

SHA256
e128ca0c99f2a9b074e7123f8b88e4a108b43e58adb2e2c62710fbfe942bb2e3

SHA512
0bf3e51cafdffb07d054506fd852d6a31415907ae38143559a31865426a8aca8f7ec01fcf58753b9bb496c85fabb309ca6fb1ecf3e5d5884b99a35d5a683471a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
522df0cce524704643c3735eb03014ef

SHA1
65bf5a41002621d429754e5e611d36620a3d6ff4

SHA256
e002edbb5d935f305ca2cd400f8b63e82600e9fccf4b2ab0ff247888173df21c

SHA512
2370600a73bf2224c4e86f2da00f36640d028d692e3b409e34418258de3b7eae2e2f1872ce270ee4e3e27da2e800cb63bd63e2eb26f608e76696c400168703c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3b5f9082e63054013ed69d4aac24f8ae

SHA1
0de4e8d816d04cca4c4982e968b6cd677465570f

SHA256
44502070e9b9ed294982e16133a6babc7ddbb4815983a1231bd9255227c36af4

SHA512
8b1da874801d769b8a83d04186b9123e1dd7f044c61de16adf5b288d12917fe0d660460308cac13133568017c79f3f0b6b51f5836a7c4dd38786ced1bc0e3358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e57959bb0c31e1b3ada883990682bbe

SHA1
7b0d67187b477fb14f9c1b529defc312b41a1627

SHA256
41a0faa8b5871a3014a7076830d85e163bef0f4bd2bb258d6021f7a94f02be66

SHA512
947b9a44e4ee48c7a9458812c164eeea538f1b1019e0132eae23313a2aad18376034e34a0b229663d5fea66927f54936fa7ddaeda6cbc2111304113ebd4583e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53ac637758cdd999de1ded13defe570c

SHA1
a4e2c70116d3f360121b54c61e525150441a9e49

SHA256
78380013187f71d211e6aaba389d56c82ed53dd2f4f84db7cc980f95acb5a2f2

SHA512
36c701a804d69d66fcdc397f5793a32e5d752772a953c1cd0857953dacf7a2c14bd58648ba57da154d6334e8cd450232cdf056b5e8cf21a6760fc8289a79db06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09327d43177f7ec9b8b068ef5c46f782

SHA1
b94ca7c8550bf7ef476e3fdca4d773402f3882c9

SHA256
32515d42a77d1ab57fb2d9bc4e0581fc9bcd0d4e149b9de431241eb216bd9209

SHA512
2f4de601519aed4b4b59d669c2db869f305b8f252cfe40215e4bdf49efba7613a8c35b9ca258057d6b04e96bfea02307aebc040039b366e003025c0bbf1e8bc0

Download Submit