hxxps://drive[.]google[.]com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view

Analysis

max time kernel
1725s
max time network
1727s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
24-11-2024 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4032	msedge.exe
4032	msedge.exe
1588	msedge.exe
1588	msedge.exe
1824	identity_helper.exe
1824	identity_helper.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 3740	4032	msedge.exe	79
PID 4032 wrote to memory of 3740	4032	msedge.exe	79
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 584	4032	msedge.exe	80
PID 4032 wrote to memory of 4840	4032	msedge.exe	81
PID 4032 wrote to memory of 4840	4032	msedge.exe	81
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82
PID 4032 wrote to memory of 3264	4032	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc19bb3cb8,0x7ffc19bb3cc8,0x7ffc19bb3cd8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,131229916940294524,16102412791371428533,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5772288c-4f87-4799-bb4e-25c12260eda6.tmp

Filesize
10KB

MD5
98e12347de61924eedaa6c349564d2f5

SHA1
7f43d11f74274c84911a7eeeff22ca895df7980a

SHA256
71de92f7966a03fac88848a6eab54cf26fb2d51586396389db665736762bc123

SHA512
f65385e2f2f30fe478c18adfdffda6702e67e9236a25b5a0e36d0e4581821b781a4d1dadd2164002ea08d020167ced21e90528a5e6ec3cfcc04d24b1ba982095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2b227b51-4b1c-4f0d-80c5-dfd8399d6582.tmp

Filesize
3KB

MD5
d71acce6eac6bae105f7823f1d072739

SHA1
4f6b4a602c6448f1f9d2d8d71be847a30f4c42d3

SHA256
03b7aea208c902282060de46637205a4cd09e2ebb4b8b380dd79536ffcdbcb27

SHA512
da8bd951c0ed9e70074b93fb4adf4c72e8e34315374ee5109db72df402ae0dec9ad5d18a6317cfccc04f96e6faced9a463dd73abd3175739211d6e575e105c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
fea4b97066771e00fe55ae12cc794dd5

SHA1
eb74189593b465b544c2118893ba4435f7effc46

SHA256
4680c05d7ad0817327c4b944273e8ec7aa2916321dc6427dd20f98425134c1c7

SHA512
f1c900daed9bbb7629885832b52b1503a1c2d9bac6ebfbcab7382969ff5f1a8b35730171398139cb3747c646ade4c411d1a4871f26c68ae3a988e798a5628302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0aeb09774c180467c65f8ba4a273944e

SHA1
703676a456a0e9eff73302ef54b163295173f8bb

SHA256
72f85c8c4ac88e034f6aeddebf355bd1c0900267930d9797f196c743ca4fa5b0

SHA512
a59326d40478e797b8cb342631f40a0a2cdbf00a8abf90ecaa87a79adfec7797bc50141317947c0a169367d0e9ea81bef7b48851e18d47ade310b2576cd5d59e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f822c5326fc1e07f1827c452facdc495

SHA1
f12b9c4b12f6324a0801911a3b8503c9a49d2e4b

SHA256
ecf7fddbc577687812e0711fe0312be3439bd3b0546385a1c3d22f2984f90b00

SHA512
69ec71f975d305c890f6fdb78f6ac3de9070f63ff9bc4b1f172a633c356bc7ebab374fb6f6f561033661b4d7f03d96c8f66739e0d548e60ef3b1504530576037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d23aae6d80242ae509c81cd3a6229f1f

SHA1
687b90b727e6e7645a0a2d8a2effea35fc0e3282

SHA256
437c7e76dc1c84bf11b412ca2b3b7177b17e1ed18bcd6da72f65d4a7155b2bff

SHA512
4c95a8999fad34d97f995d2165eea59970ae9b9d2084d177ee45da1432621446c4f10b7c465c492229262b6d73f67adc9b5113c560112450150dc912784fa3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f08d153e1fd86a57c47e1c1f41d6305d

SHA1
f3079b2e1d58296b021bc39272066ccb125e671b

SHA256
eba35fb40713dec8537bef09969910251861832bd0c24c941a082db5cf1eb1a0

SHA512
00e1283a4acfdc48c6b1b3e29d2f9f1cea230c6307babead0ba3f4acf8cbfea77002b1d13c6dc84e0a9424d1905b00a5ee6b238e6a739e1f47990be7bf948852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d356d36409deee844b277703ac44bd85

SHA1
ff6577c4ea38a2bb21ba1732692f008fc331070c

SHA256
a1093994c79cd3da1244d95bfc23fcced6b699ea95e16e1260a57894373bc513

SHA512
2d5f39dfcfa2692ad9e8243547dcbdbb492fb5a65eadef3f410b29ef01e407dace40ef756401b45acacf91b9ac047b2e5336f85a5edeed23a4b2315e37ea227b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5c8423b135d4b27a865097705a6da833

SHA1
e5864facc5947469eeb63baca9739a719bbafb90

SHA256
3f930330d1847b502f53bff96087e7e72bb63f188486016e4fcff50a1f6922ee

SHA512
50088d355166bc7a3514de58ab27a5ae2bcde2437bbceb15de0b01db855f6030e070fb8cacfd30224b469b2f4ddf37b5840bc62d03ab91bb1505a416b9dcc06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a3a8a6540537c31ab9f3cadb9ba0ad05

SHA1
9d9d14d8db164c88a2b9629a6fdcfec4b37c7ab8

SHA256
df1ce7480c27a8a8f42b93b142650debc790c22a3a38b7fb1e45be70e857c1df

SHA512
743971c025625701e1d4e9618c99b6b69bee1c44e6c86c1fb84664ce5eb37c756cab460965c6165004e4d8d8d0aea1e54d866fa397e0e76f3f4b99c9e8903616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
03a4213fae723fa8a1ef2c08b591a782

SHA1
deca75341a5ee1ab48f2334dc2b6922f2a69691c

SHA256
64ed4e76b93b9b82c4ce33de882b2d7a07c927ac870338d42204d3a7a58989fc

SHA512
8e5f28c356d936056b6dab64ce3abf7539d2df6bda28958b56312056a46a07d19e68fa16717bb92da6aee14f42e2d64be396ce5c08006b449c4a8dcf31112759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f77bd61b436ecd4ad7902e0b9278b6d6

SHA1
758e37db457fe22a66fad6e858937ae8c7864acd

SHA256
c8030d9c33d0c8bd42093962ca669c8dd631a9d484bd1a235fc4012c702fc602

SHA512
62226825008d4735e947644933b15479a4ba0903793b141d0739d667999bb093de0b325872cd566b47811caea67a166b718ab9573461dcd352532b03d06e2dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ec04b3ab878ebe028670f77c93d1bd68

SHA1
7d53712d8b607f1617e2add32323141b6254be2e

SHA256
00b426eef97a30907b7269aaba4c6a6a97d36983ccc2a34db687b90832d1d4d2

SHA512
ab6a11117f52ba722cc1d1a08078ba0c2e4c43ce0190659dbab9ebd5f80023684e8ad58c5bea95cb1d764a3b6660a0f361f805c362b76ad389cec602c7e00752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
27e2b5b018738e2198bb36def3a2fe83

SHA1
6f974c0271c5204b329bdd723a8c1391615854dc

SHA256
560a3933a30e908f54b4642d5a9bdf7fbfed55b24cc2f89ac9bd943aac569030

SHA512
940a14b8332d2ac79eff98c4c9eac62f60f132ccf758bad2840ccb0cb52f69ba6dd5c849c216fe7634a0210f4108c046d993fbca404a547c945d8d4798ec301c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
21d40faa799509b3718abeb78b67f97e

SHA1
df946284441f4a2843c87080985fe34cdaad6e70

SHA256
2dfafe840538636f373c701588667ac76da048e6a59f5f589f5a13b158bee696

SHA512
a900bca0b08934cc1984e635a0f6bc4aa1e32a527bf41d0d2b60df128c37cbf90f1efc5e3de004ff9d2ba622f3a4ed71ded60a4d1a414242121738d1731344c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a678773e9f1d74234aab0d583ad7e318

SHA1
88aa1a668bf22df480b30b2e417f545cc8f08257

SHA256
91192f6ca6f569515bbb78a8415c2963d6bf8eee0f5fd4719d9bfa5dd06afc85

SHA512
d3ff011130278a5d3ea1f95c26f2bdef8ebd5dc2c937942ec94ff818b7505943eb59050eea84111b5f29012d739d13a8c6df921fa1774d9e2c78feb2240c3667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8b24bdbe35719a1a91629aed56fd6c12

SHA1
a9578b1ae2bc39c08a49a5da5e3296822375251b

SHA256
ca1874f1fccb64c0766f19ca6da03ed221f46f7ee6b083b48f9136c524e2ce98

SHA512
aaaa38be4401d3402fe0c588bbcc6de4869c5416afec7c7e543c62dd5516d32435375593682e4bfe0d21ca55cca4de4fbd5ca4d3f141116734ceee1990d59b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7b97e418c4a12d20207c46453d1603a0

SHA1
5cea17033a64d98e4477db4fedd66a2c460fd4b3

SHA256
68674d00f6b36a8a83af732783d93a5be7d3b91cc25c8425b05f24f63983c61d

SHA512
ba98d5fa92fbc0e0026cd020d54c5540b03c39b2593eb31af711127f97111b0aece305a52235b43eebe0d4ba8a5d580bb198040571d776b0a6135c4e7c5c554e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ab2dc71d5214447fcd374eaa52bd39cc

SHA1
f003047f73e34c3ae416a2f5857aeae64d8f4a57

SHA256
0743ccd910e9520a38fe967cc8dc73fbe300a6bfec124535afaebcc27fb64ebc

SHA512
3db9fa6bec9cd9e1858535cac8e2b4aa6f99a819c762badf2f5c65fb33cb6901862a2029abbb4f6d37de98138291d2cfb313802b189488d05cdc250b2a5af8ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
730ea8fbc748c24c11862b90b4038540

SHA1
98bc64d0b35db720ea24295bc3b528ddb7fbf3d1

SHA256
66a0cb4ee1f799703228a87f84c84d75d2eef07e1bb5f8372c6663d18837cce4

SHA512
05f1b5fdf3b180dcda6fdb0f5a4153c6b665ace9a0304ff44229b60866910eccde9b83fdd528da217b1b52cb6ff68a415324c2bdf7cf9c124666d64e442cb072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a24462fbb8565bf3b67f2789581904f0

SHA1
b3957c0acc4f2580b07f5cc1737f4ccb8b7952cf

SHA256
57d01280c7dcf8903dc2ab74d66edaffe93ff7b640ddb2555931c6e71a36aad8

SHA512
158a245943112dd042523b7dc886d584facc11722c08f3fab1ebf3cfa5c6f70b29cc78fb3f43d625f8b0aab3885eeec06eb988da8b5af7f371327b0a1107462f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b45eb794a905d2e54ee6adebce74f36e

SHA1
2bf1f0d168a5b3bfa80131af0341189ee731d977

SHA256
02501f839b0f426254d32a2365de4edfc7637714861b1f5ef7fa33623f0fe708

SHA512
8f37d2623edcbb0082bd655d7fd49a153f4a94cd6a330381c2a9514e4f9c57de62ed9e85c252ea531f4e9e434a55ab9472ff52f4d76c7ff67e6b322a1e0f1967

Download Submit