hxxps://drive[.]google[.]com/file/d/14NDLGLszAozzmDnNZ7aWgXami2VN4hlO/view

Analysis

max time kernel
586s
max time network
526s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-12-2024 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/14NDLGLszAozzmDnNZ7aWgXami2VN4hlO/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
11	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e3792622-fc6d-47cf-9575-4b895f29cabe.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241208203321.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
2084	msedge.exe
2084	msedge.exe
4776	identity_helper.exe
4776	identity_helper.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 3020	2084	msedge.exe	80
PID 2084 wrote to memory of 3020	2084	msedge.exe	80
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 4896	2084	msedge.exe	81
PID 2084 wrote to memory of 912	2084	msedge.exe	82
PID 2084 wrote to memory of 912	2084	msedge.exe	82
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83
PID 2084 wrote to memory of 3180	2084	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/14NDLGLszAozzmDnNZ7aWgXami2VN4hlO/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffeab5f46f8,0x7ffeab5f4708,0x7ffeab5f4718
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6c0805460,0x7ff6c0805470,0x7ff6c0805480
    3⤵
    PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9164417314375137831,12949669099473616684,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63716c70d402b580d244ae24bf099add

SHA1
98a3babcd3a2ba832fe3acb311cd30a029606835

SHA256
464f0f2ca24510abc5b8d6ca8240336c2ed1ddf5018fbadb092e18b5bf209233

SHA512
dfe1a5831df6fa962b2be0a099afba87b1d7f78ce007d5a5f5d1c132104fdb0d4820220eb93267e0511bc61b77502f185f924022a5066f92137a7bb895249db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0f09e1f1a17ea290d00ebb4d78791730

SHA1
5a2e0a3a1d0611cba8c10c1c35ada221c65df720

SHA256
9f4c5a43f0998edeee742671e199555ae77c5bf7e0d4e0eb5f37a93a3122e167

SHA512
3a2a6c612efc21792e519374c989abec467c02e3f4deb2996c840fe14e5b50d997b446ff8311bf1819fbd0be20a3f9843ce7c9a0151a6712003201853638f09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
881e31e192c8ccc6ab9ef375ef84ef4d

SHA1
065712502fa343633ff1f37ee527641039142aed

SHA256
5c75839b9aa6628f55fcaec5ded8022d25e189f995a6686a1a8710650a611db9

SHA512
6333ea4b024526977859e8b2a3c779b1eb42196b26e719a0c36e5a43f30e4681eae3e61577e00c9431c613133da2bc496fa5077cf7b4d66c93fee2b62f0cc500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
dfa6f8a411482e954d77521ebbf82a82

SHA1
4ffdbefbc6c79e67b82609e278cfd30ea41c1dc3

SHA256
e839b7829899c23d6aa8e9c73cc8f62fa3fe5e4b98376a33c2b822ae9bbde00d

SHA512
a623a6498da7b291f9a043ec6c2aade8ce4626e1ad57d42458e8bcda34e558a6ff0bcc164a8195855ec16e91f5e6b3a96b3ac18daecc9e667874e327d2cdc02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e76eaacfa0477d8e86ae7afe98306519

SHA1
e6d160b7cd16d3c37b711aafcaf626ba803ebb18

SHA256
3ac91207fba7bd980fcc265f766595cf06dd0b83737e832fc00e3d7059b83c7e

SHA512
a3c2ab7d9d9ecb3450d1103cb24f4438e516395a2772343fae42824266d096f4dbfedce4c77e7be0292fb878a61736d75f82aeb88f6f1821f46ad871f5342cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
538ba074c9eb5ccdf3758140e129444d

SHA1
b792b92ba681a77168b66a4781051e7c67480882

SHA256
2e5b61bc09a2c03f7365e165d6294d4ce059e904f757e54c923d8536da5214df

SHA512
4fe2ffcb4976b63e0d4ccdb69366fc865560103ad90c82f95c51c83414a7a7c6f1e67b3829fc09d777f48aba7c0d3260b81bf9408b9cbb5ccf19c09f6575f6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5c576ba0d35ab1c72fb871cdef19c10e

SHA1
2882de31349c1b2eb353b235f9655c9c5d22bf60

SHA256
49827333bd477d2881ba45eaba7d7bb737e79dc03186c889858a314fdf616fcb

SHA512
1132000eac17c5b0aebcb3ff7c546c34af62c4be824c316d51aec6234d3e467a2c2b2f783a9cfe27708708ed6855b34acec49b15b17d750041134916fad5e37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cfb0c04d554456e48751ab193601bf8c

SHA1
b23057543f81e3e2fac4e0f49e582b086e75b514

SHA256
59978edc96ac97230a6643bd6fa3360dcbe24c09910230d1d646cf652199c0c1

SHA512
4ef899c214b5764b842a1c017aecdfdf694db50e4428163989e73ac77dddb31b3c53263b4bb741ce1ba84e07a72d5735b6b36a17bc9539e3b1749ce9f5298e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
03835b73007590466483fed9e3b4877d

SHA1
e06535eefaad36b94aab86d3e6e1ce655b989add

SHA256
c7b18ce959ee8e1865bd5e80cdc94fc3c6dc031198252c4071eb6c6d574cfcc1

SHA512
1e0124d02ed6f27e3abee9701745ca457f99ccdd0fd10e857d355c76ed155718e1300613526807981d43404edf173f9196e3f78d7fce300fb503d2b9380a5e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3e27c1ce05ecd2facc59ad402023bd87

SHA1
42a4103e1e072c770f99b8870cea24b85038bf86

SHA256
28867f99698bc52cff2122bf89dfbc5d2e6af6b25fd42ba5a3d1b365a7302e53

SHA512
3665f438e45754303152766e31d6072355867892579d13bb868d129f4743f85be670ff5675a5abc6690b5b0b2138e311b3a8390561331515ef9e96d4cba67cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
625b23d4cd32ab29e392bd2807d32405

SHA1
5ce471072573cd9fc007f67c6faa084a585268a6

SHA256
662e5953e76524fbc9a01464db28448d5352836e2e7e938766a400c7160b1b79

SHA512
0d352080182e2cdddc5cbb247af302eff71039cc634f63e1a2092d3e364b37889d1a4572e2f505d895d307f79ac60d9b01642e289645bfa3a9277e3396a6cc11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a013.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da1a7947efeaf1e9cc2f2ac8187b5905

SHA1
fbb4be55792ad95ecf1fc1f1d8fd9339cdbfa3ac

SHA256
aa049b8499c29f20144b4b9b591f34253839d4928d6f72e0c44ff3e63e96d1df

SHA512
e290523689d4ba7c84d7106273423c4dce0e4d574d9bcedc1e77c2aaadceb4b9cad3d8d0909c8fe5ffcc2bb1edcea67d616fdb731ac00c1b6a210e5a327a7f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a51845b0ca3ce375e53e9dc74af4e7c0

SHA1
0d6bcfcd62662c9bf672dd411f492d0a36574d20

SHA256
15ffb269d15754df2e706a91a1b04bcac52e504ebb62bc6a09c96c53c271d97d

SHA512
5bba49e3b6823f182ef1a536fe23de3a3e57839c5262ed51f2e99e3632b0120663a10744cd11d7b60458bf1d8f1d97d50d23f107df1f793356bdb247279bb6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f72509c536401269f792be3cfb40cfba

SHA1
8764fb7e908990fffa386da4f234b6b4ce65e4a9

SHA256
e156a2f78198fcbcda0d5101fe995e59f648631e36182798b0ecd87dfb5ec00d

SHA512
1f04756c5ae24c4539b989d2b060fb68cc1aff05fd695c583424acd431c3561481b2dc51cb630cc6fea3a6dac14903145d3a282d2ca28752b65c40a1e6f44f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aa10f656cc16d036a580048ba0bdac0b

SHA1
52c15a55cc3b56bd1bf5dd0efcd2b66413b7044c

SHA256
166d97573db5472f64c5d066f2b07e6fbff2f1f9d5858fd7757548e334e9220d

SHA512
748fc7d5155285784ecea52d01af8168213210231a698073945b30b4989ae28463a7fee01e24792fd33b17744cd54587f801c5e836c926d700724171bb0000e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ee8e616a03201ab31e032c60a6d81b15

SHA1
4fa72ee1a3ed74f7798b3b58cabe174c675adc12

SHA256
2d77f4c62538359ca9c795a3be97c3817adb7954e004fe4b85cfffbf216f64c7

SHA512
97640f1aec0c917ca0bdda6f0228eff1d4274d2d681c73206be660697d3a7fefbdeeda23d6e3fa853228be633b4988e543a41f84bd027493c7d633089c863151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ee4ad1385d799f2b3a4b21b969ee47b0

SHA1
ecb2306e79fd15bf8762998ef48e5bd4ae8e88ff

SHA256
4fef93bfe5454ff112ce18d56cd10edddbadc9370195601975b1fccbc9981bdd

SHA512
0101966aa7c505566a7d6c697c5592a9a2627fd14d6cd3c51bac79802a52b749b4eae797d7e87928aba2f3b53387ce9e3bacb9f4407a7536002cdcd890381363

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
05e95f34009cbf2f0f00e8a08893955a

SHA1
a9be402d5a2ddc27b04ff0cba4a4f4dbdebd3d88

SHA256
1864e866925ce336b1870d3fad7ecbf5b6e2fa0b26589f68b15f62f400158c85

SHA512
bc379f2e1e94701ee5f3094881ab62cbdf0d3a18784015cc6a542e0441f09b056cec8f04732acdbc18b975a4d01b28ba242ccc2b52a99dee91cd499150f7bc34

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a518d9034c635ebacaf719b4b02a7f25

SHA1
9261692f1ea83ecc2031b426a0328decfc0a368a

SHA256
efdcf4a4fecad91fc142cd8ce82044a7206054c7dfe28a925fdee181d7eabb09

SHA512
b9c48154a94487036ec44bf84d6e8ec0aeaed80ddc7357142bcce71873752c60ae694f6c7a06c07f644c4e061db24661137e126e981f05457ef1cf74c7e9e54e

Download Submit