hxxps://drive[.]google[.]com/file/d/19QBwwskMHW0huFd_S1xlXQ2ySqK76b6p/view

Analysis

max time kernel
1795s
max time network
1728s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2024 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/19QBwwskMHW0huFd_S1xlXQ2ySqK76b6p/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
224	msedge.exe
224	msedge.exe
740	identity_helper.exe
740	identity_helper.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 1256	224	msedge.exe	82
PID 224 wrote to memory of 1256	224	msedge.exe	82
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 396	224	msedge.exe	83
PID 224 wrote to memory of 4896	224	msedge.exe	84
PID 224 wrote to memory of 4896	224	msedge.exe	84
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85
PID 224 wrote to memory of 3864	224	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/19QBwwskMHW0huFd_S1xlXQ2ySqK76b6p/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb397546f8,0x7ffb39754708,0x7ffb39754718
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1478034144259912627,13504797596010066343,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:32

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
dc5d9002c28a90866539d69cb6882537

SHA1
4f10abfd71f41c2c6a888bd59897e4799ccb90ca

SHA256
83405b78808904509514c19bd95d793cb6ade9759d56b73aa47ea673a2d89e1b

SHA512
173166d3f8a9d4df324c9ca8d7b2fc5e60e4f1dd0271c1d7011f5a6d6f91b8c805b6a45507a9d682ec747688405920a7ad4c09b79e0149ef0ae81d698315f0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
50108963f7a87ddbfbbddab15fc187cf

SHA1
a1dd6e769c4f63d99a611165bf22ddc743a3f8b0

SHA256
66c8c64342657d4bd046c958afeb110054d29d764d3c11999713fd279a0c633b

SHA512
ec5a15745922dd5571a74431c5b4acfecbb11a68a55030fe5c0f6782d4185fb102325313a469b30e77941b949687a9f6a81160b2488429a85e801bdf471adf52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88b787db2cdae7a27c06d8bd0681d22f

SHA1
68a5d777c27057babc3cc64d89e8c869c87e9afe

SHA256
89dead8ae60c0338508cf9913777cafd5e9ec57bc6672ffc2a4087602b152ab5

SHA512
c3fb1f2c03e33fac206114516674745f717cd3705bc1427ed067dbb4a0615334e618f448da504d5500fe85d9b55b097d6a36f21c514a5cc9acd53df0db9df85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9934f1a7b5e632049722ac57526a7291

SHA1
60a7c54c6b60b13b80e73456d707fcc3b68b1d25

SHA256
b638d0c3ab01b709be2d18fc93513b60c330d00d566be8cbb42ee373ee6987fa

SHA512
1011ed1d6658c5449f6cb6860fd40c37a1de8b3e2931a7d78e71dc098c0e60228836e35c06790a50ac7f31ec387df491de1895155bb29b9a12ae600cf1bc7a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
505033fef670215a933cb9edb9280bdd

SHA1
a1707856b2335bc597d5a4bfd2469df64d2dc79e

SHA256
360d5078f1bb70275da974ffa26d49460c24c400d75b3a16b699551df0221909

SHA512
35ee6a0326e8fc710d2bc2057dbd404446cec99f7d9966732256e912f58991b0ea7424e05d73bf849721b7fe8b98a27bdb067df71c880ce58a1995e205861d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bda61e479356d31acf3b06b0f4106217

SHA1
8145b62e0a754bebd62761a6e9e7ba6849e7322b

SHA256
464fa117446f4c7a4800f874c0657141dd120b307c6fddc47bd45fd7a8b7c166

SHA512
c81c627536150a0e3f3090bd9d6c10a769b970027e5265c1357d81625b8e9b8f5b7b239d15afe56a2116ce9795824323b633c1ef05971c85abcbb0c9c8719e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c8d0e158675a9b6b42284a4766bb92cb

SHA1
abe4cbeba5975b29ce2c71842d6258505f69555d

SHA256
0e75cd662e8c0b93ed34321e4f481d6304ad8ed50a579a45b884e64a292164c8

SHA512
fac62764dd0707816dad691e8f4af2edcdbb5f3373911bf3b146121fef342c92a7b8f6db10793bf595585e459924392323684d5e0f76970742c01daa4fb39e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f6547b85cd33613b78c8acfaa9352cd5

SHA1
cf9eedde59213e970cd7b48148291e7390d939bd

SHA256
94afc18ceae71f1c235e3d3a129adcffbb9e9330bbbcc5bb971e0aca4041ab50

SHA512
622265a8c8e6bb787041635a9902a601f8d2cedba064ab7eed83b948ea42c4a2a3f06bccc8d0111b90e9ea37b88bf046a12197c93d80b9b22ce97f2971650db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8cfbfd738d196602ba7ddb39e103efa3

SHA1
3d7afaa8f3e63423d07436ae97425ab878db71c0

SHA256
451b24b0c959073654ae61281026a4a101c1b61662a4fe600fceb4d56dce95ec

SHA512
1bf055c193d6de1b2291875e17846b9df99bc0812497ea9fe18ae772840e971df7d7f49fa23c4cd2946a305f86dc54595d84119e1e593933de6dc7483526d7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
afe6274f0b96ca8348b65b548ada75db

SHA1
e7fec1d341ed837fa7107905a47f48e746b70a3c

SHA256
e3b8ec3ea6239f2de0ef6374db174a4c4406ad006ff99617f3ce2669fab012b3

SHA512
6da125110c6af34d2657be46c953910cdc9bcc23e885e031ad23818a0a09f6858d00e1739544112b3d17afe7868fd5083aaf298c9267932542ecdbd90cc85c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
79144a136f7323eaba3a9ca9bbbf42ec

SHA1
b7e8127ad048dfbabf3d1dca533d7b243da3a196

SHA256
20e63dd8b0fb3bd3146d2da7cc773bf18047089cb5d008c4b142ce33662789bc

SHA512
72401bc79c367f72ae0e6309bf2bdefe1c61e0b185429d784c76aebbb5ca25261d701b2911ce9a69164b738bba51be7c8473ae597809ee00b43ac373ed4ac228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0c101edb056a6c79ef6acf703fea4369

SHA1
4d37d6589849d7f094faee945f2a5b9e3c2dbe24

SHA256
b8549e474bffda83a2e912be6e1b7844b9c4509422e12dbeea0746ec8c4e2878

SHA512
bc7c30d7635cfdceca5259d760abf624cb9fc1ce6875e9f2cbf94e78f26df3e4c28c4e5ce30ffe13ffb3937e6086de72974716c7796e9ddc8c04d0fe686fdc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0c0afbf65605109df4380a5663b820f7

SHA1
985b0dfcbdf5494a81dab4b322e05ae900d8fb7d

SHA256
b5db2b164d1469f2dd4bb933e79d2481a11d9d9680cc05ef7cc42485700bb312

SHA512
9bcb4f2da2e677e2cfd23455248b2c55bf9219e12ca27c8b679d36b03e52dc049493bc5dab6c00dc0750d055e61cabf21a4ad8e535ff6a5d16b57418cf80782d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2b56d5b447dbebc591ab57912ffa7549

SHA1
d56cd485ad2e7f825d19cc1627276683cc23614a

SHA256
368b420fc641002ca51f67f1b4e2fbfd068c58c1316cfd517fbeb9a3726ced16

SHA512
61ca8c8a2d2c2e6d5dfe53985fad9b19bc3049c6ee0a0f80befd52c084892d9096ef67469896e542f63827334a7fcf7f13d589b5e6d97c5b825b978507f294ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
157f238f459e06f104521e7c8a246ba1

SHA1
73334aa8afa530ed1e96a59fe237b3cbc20b644b

SHA256
9fbf7161316060fc1191660402a93898018bfe95796f75fe8cbebda41ef034b9

SHA512
f82e4795b5f450cd541ff2822157946135422277eae23384537de199772f0ccc5c1e5617e60f5f6b1361a6d3ea0fff16e9be173ba7680deca72438493481b51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4189b954e7b47cbbaefa481c8635512a

SHA1
397f3b7d3084d8e97298db8ee8128690252b702e

SHA256
98c902122cc7bbd370d97af4d22a7f06bb417f16a39f6033a43c04ca23532b48

SHA512
43a131ce004d49f91e1be8a1c9c84ce3a6b0609258b67fbfa90c2d294b5599523b4c12453510c49cfcb696fbe81eaffe6108cc34ad537398c3cddf031e121ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a439718b2277ee86b2e4bfc5c9fcd890

SHA1
c40a984a2819de50d2458940c2d48279708889b1

SHA256
cb3ba52b16d4939a5b945beb259330489e93bf55a612acad8f6f0902d2dfd2c9

SHA512
4fb0ae061eb1fb5db68209e01448b9ea5e59760af265d51eb49b6ccb1df67a455321f9d11beffc00bd81c9a1566d351fe1da90e4e342d7b9945b695c4a23cc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9235095a79ba495a403f9ff6e9c01bed

SHA1
9c5dc3cb99dbe0144f4bb17e25297a498e57f3ac

SHA256
fa4de031d6df0cf8821fd0aad376455661466639cb95f4cda27217811e646940

SHA512
ffa07504213b662eb801c4f74107a729af6116516258b2a6ba7ca9389f42643bafbf019561884d5123ba6bc4ace572a41789686b41f00a32fb05bb3c97ffbaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07a11d419a9014e1b0b2626edd2a883d

SHA1
05228a9cb1abd652e2aef5b5db7fb5a316892ce9

SHA256
bc123257657dcce2f3882e5d5cb97aefa49a77eb82a490a1dedb5fe9a1844728

SHA512
49543764f27ac80e639430c63d63caab01ffd6fa92bc5b96e054610b154e03ba89a4945c6e56a8e60bddf789227067119880b07d063a3c9bfe56c8b50a524897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
566e09b9722cb402f323629ce3b32b16

SHA1
57b91f15688f98faf035252c3b068183d85503b2

SHA256
6602fc0c7ecb5d0023e96aed42ed5833af0028512bc0cf52cfb7be0d24e437cc

SHA512
ef98d4446e17019f5c5c7cb328078ed97db1c8e1ea874cda14b0801c79bcc9e01827b36a4c7bc3f660e02c0f1d5908a246b02c67d63baca71d006ad209bd9d80

Download Submit