hxxps://drive[.]google[.]com/file/d/1hXTJ3DvVeAAyR0qMejNpCnSwG3GA6zFT/view

Analysis

max time kernel
1724s
max time network
1725s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1hXTJ3DvVeAAyR0qMejNpCnSwG3GA6zFT/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
2528	msedge.exe
2528	msedge.exe
3216	identity_helper.exe
3216	identity_helper.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 3588	2528	msedge.exe	82
PID 2528 wrote to memory of 3588	2528	msedge.exe	82
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 2352	2528	msedge.exe	83
PID 2528 wrote to memory of 5048	2528	msedge.exe	84
PID 2528 wrote to memory of 5048	2528	msedge.exe	84
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85
PID 2528 wrote to memory of 3380	2528	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1hXTJ3DvVeAAyR0qMejNpCnSwG3GA6zFT/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef7de46f8,0x7ffef7de4708,0x7ffef7de4718
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9224686817608083618,6523869712133453364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
bba5241ec94ae1362031363a60e9e2ee

SHA1
9dff89c414e03ffd440c36662e9de7a50f9c7c01

SHA256
1482abb780ddfaa66cba25b72ccd9e74c703ce102c4e95bb9c4e9941618e2e23

SHA512
843e819360099dd081c9e444878d4be93e3391f63cfd97902883463cdfadb15c59d1498b497de1f18707c1e78423505806f86ee8345f6f32ca7a5b821adff099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
695c98432850775601199eb85efaf2f8

SHA1
05d4c9ef29398102679c3a2d72bfd7e0c637a56d

SHA256
946cb2d648ced90dca58c21b07e64f01c010b0e86a3920c021cf7873820dda87

SHA512
4116a4b7a5c0b207ab0a9f4a6ba67ef22448a52e6e159a0fdde28a87c6c0d7ae522a8b066778e86cff90872f8c809b0e5a9ffcddba34e06493b7e6abb0d678c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0860cc6a44c7341b7fa5f1ebec54d32a

SHA1
d136bb1c2e65482274cd2e00c20d19c7e98cced9

SHA256
a112d14d53b2340af1e8f41f80f7a34e79f80d5886295bf0faf0a957fe0106b1

SHA512
162771f981f7f0725c26efb0813f5c23c90fcaccbc84c43ba631dec760774852a1fb9a90c376645829ce5ce3880ea9cd177d8d0fba1a60525f3cfe2590e0c648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
43ac58bf36b842ffbb17d122b329f5f9

SHA1
6bfc5c7021826e1f1ebe7272d665b0f91b199c5e

SHA256
a34ff7d98d24454b452bf606c1fda34c35e563f3a71f78ca5d41dc24470547db

SHA512
1c002f4e401953c351956af962b333bc6b3efcb43686c44432f5d938887c9f23219754e3c327369cd99afd7aabb8b80b08caff5afaf4489c9c1f297dfb882f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8816fd173f0973b6f18a21e5792e5d0a

SHA1
9c611662533a85e7514eefd200ba3d0289a4fd83

SHA256
63a35da07ea232fb41ba7616c234ad415141aaadab62f5655563e98abf4c11b9

SHA512
c9bbc50a701a7a58eef47b555efd6371d064bef9f67e3427247e3943ddfdde4f2fe00f4865810ee905436c37da281b8e9b5dc956bb89453dd1b097488df766da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3cd1209b69444dac53023e62e47ebace

SHA1
f42ad090d1f2cb163bea18bf3af5ba23785fc1c2

SHA256
6dec4a96551b272635273fb781d05adcff100e82d2f4bc1134a0442ce8aec804

SHA512
30dac2d0533636711c2a734c07601676b5ab146bdf96e74217648c36912989832d91b64ce3e3c60b56fb5bdc0eec54b45110f583bf5739cd4a545644a4222238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
86f113580da839e436d85220998e5c1e

SHA1
45971eef2071da7c42c43512dd7fa7f692f971ac

SHA256
c6dcf2afbfbd3a5fc6a2f6a32faa3e4ddf3e113e1187255ff914911d55d17865

SHA512
a0a997294aeea18cd80fe466fb0d23b842e9ccb1a587d80605e802d24be762c81c6117da0dadcf0289ed0a7df0aa5b8ebf82c9f0894a594a6230a1923e837592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c9ce8b79c4f6b7a998f1cb8e78b205a4

SHA1
9c3acdd44d7f861df41a60c4f75e6a335ea775a0

SHA256
76d6bf4be8e7b216e149575b466e0f835cbafb1375904ef3e960c0b23c741dba

SHA512
d3e25353621cebd8e997827d4c37fc7c32fd25d1af6c02755199fca2b933cac3ad4ee26063708e4adfcd2f6873ddf02aeb7f40127bb0fcc5c5fb471aad6036b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f58388095eacb8b60dc530b87a22b394

SHA1
b5e697bf5a2f247dce9d127f51642d3ed9a11b32

SHA256
0b2fd68dd9dd6107e0ddf57ea9dc4c2132e3e143417f67a377768a8ec3856960

SHA512
438aa55c5b1c60747463dc3d34b95d64a1840fb77a7d8990dd57509a31f9458cd82ab5c8c5fbb16b672a6b22b1127ce67f6bad7c235416005f31dbfe0423cdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
01819f0154eeb59029752c4acc846d11

SHA1
17a223e2e83b1ac9ae24c8f859d35a0c4c24dc5c

SHA256
d4e9cf8e25a18c03590f37d70bd1e98243c15d11e9ef06329a6bd2f4b64798c3

SHA512
a1b0e147570f3283a91761f6b835dcb3e8a669f327651a102cd94c0d535c4f4105f1eb70295845f6af569fc621405424cc143b80cef2a9e122c7bfb7c19c2e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5bef5881aece126c66bcd86648dd36d8

SHA1
5caa4b215f891ec2c8d3e83c2620992675c849ba

SHA256
8fabe8ed4490e39bff59ad300b2a869d73e7c76108b511495dbc8f3b417a38ac

SHA512
b3e588feadc136640472f4416aee11baeeee683fda4d979b09b6dbf507762bc38202ec8cd468212de57d182f99dd1ae1ad16a85e56383db6b4e5bf844e47a516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a9e2b49eacf936dca2692c16bb4cb323

SHA1
9df97a4406823729c7c4ada27274351c508f2030

SHA256
7c2fe9d9730de46098efb5261d29942bac34bf5469157e5bac1adf6ca65470ea

SHA512
ad6e9f49e6d3a673fb6be3a66b713b391d77134e2289f861e6922f537494eeac638f446d719e66a6b76ed9ae975ecb7f9f301e57bee84aeba45c9dcbea8db893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8276afd47d52e0cd1dc7ebfed80bb279

SHA1
27dbb59356e0e673038e5bab04c61654200b4fb8

SHA256
37e03cfa3d64f49898dab5eafedd7e05a2dac4aa07bcc8f9591800218cc8867c

SHA512
d545b9785e5daf0b78e7e1f64770f70d56267fdb11e4d677d6076f6aab632945c46e89f05ffa055d0ce2678bb1bd092f7705254595c272b9ba17d1adbf1c12f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c884c3e530384224d86ddf54a53ec936

SHA1
31e74b0f050a22315bb22c01e949d8f2d8976d75

SHA256
4c28e9adbbe578883f59c91d6d58f538cf467931e1ffc1e0331fa68933d035c5

SHA512
4cc726d3cf8e36200adce665965f50e51d997385d28d682c7e565f237a784baaacbd47ea4ae6c94631edb9673e3651347eac9b4ce6711f675f4a40789a3a9a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0300296dfee1b2ee2048750a22ec8070

SHA1
123f366a5aeff3a2f39b705c52d76c7a5a9bd839

SHA256
d84c480d3ab2e2c4ef0e62857b78630a3949eecf501e25870ba3de35daa312ac

SHA512
1e3b210759b72315b87861f7c8397886813824361dba637d56eba43279fdf6cff34050779ee055089b9f2c85e0b5e9e9d60586fa80d1fd88917184f931408d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
74a79df8fd141656977437d1a03754d8

SHA1
98143b1df401bce743cb3c7d01ed330659ecd843

SHA256
274220106346fae7927b28ee3d0d4b4b18fbf847b23f33da553c9c34806510f9

SHA512
ca0db5872116c20df125686e45fc94866d08980aada543378999c5ea7c189b00d33a34f8755215402f522d90a9af8a151e02165aabc52fca8339f98a0c3e46cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5dddb8522a2922da1e0e48960b4eb47a

SHA1
f992e05de1e3c6ef75d340480343286eb8ff64be

SHA256
72697825ec3914cceaba74ce1b93fbc6fb43fd1e29a1435c04bb54c5b8054314

SHA512
a145221de659381ba6152ed550622fa9c803f9149fd2db7714980e24b3d7073fd37a65a08ef7e5622d3edc537583622bd8832feb0bd3a56d8c29eb1c93cf39bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
729e3e637d233c98f95980292c9b6967

SHA1
fa81de5442c5d5fe22e0396b257f7b76eb32a897

SHA256
b2333e190a45228b6ad508a061fc0f5b1ebff41252ccea5f89a9715be63bd609

SHA512
29c1a17c55d9ab8c603ef1c2bbe1aa477d4198aba5562a8c0daacf4bf6273783c1171be122def98a34c11bce3d13d597f08351a719339a132e589bfc4ac2f020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2b1b56dceac1b95b5d48500604d9c4da

SHA1
19d09a6fbe9de3ebf8fc706e515d16abdc8fb9e3

SHA256
77c83a99985ffd6a5cf825bd939e4f6713f80509c427f8b9efa4da12c2fd8db9

SHA512
9e7258fea3f140626975cd60499a5ec32e0e88d53e18d09bf89404a542377f3a34a16630512738fabfab29bc1b6db005654c41fd91b271af6670c80853e48c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
624c6c4a8207cb79d0245e31d50e456d

SHA1
fd27681db3bab753eb1b7abf4a6cef5c622b7d02

SHA256
545149668bfa6cb4341d61c984a886c95524b98715a00656d2f4379c882329c9

SHA512
8ad5eba6f12439fb17635af08cd4663e5f28f869648f2c0df4ea50d377449c0e55c9173a36b602377cf4c0e0f26be9bc480962a0971091caf45e2761855b8a75

Download Submit