hxxps://drive[.]google[.]com/file/d/1SSUxqoe6qMTdqfyVN6w8imGK_3gXVF5k/view

Analysis

max time kernel
1724s
max time network
1725s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-12-2024 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1SSUxqoe6qMTdqfyVN6w8imGK_3gXVF5k/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1292	msedge.exe
1292	msedge.exe
5468	msedge.exe
5468	msedge.exe
792	msedge.exe
792	msedge.exe
5616	identity_helper.exe
5616	identity_helper.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe
5468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5468 wrote to memory of 2848	5468	msedge.exe	78
PID 5468 wrote to memory of 2848	5468	msedge.exe	78
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 5736	5468	msedge.exe	79
PID 5468 wrote to memory of 1292	5468	msedge.exe	80
PID 5468 wrote to memory of 1292	5468	msedge.exe	80
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81
PID 5468 wrote to memory of 1056	5468	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1SSUxqoe6qMTdqfyVN6w8imGK_3gXVF5k/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff63993cb8,0x7fff63993cc8,0x7fff63993cd8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,1489864240166285805,2614157406082432753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
522bf1197ce3d13feab86a9c3d5e9024

SHA1
c1bdb06810996dc7c5ae0ae17c240d93f3cd86e8

SHA256
8c65fe936b5c86c4432a9890dd62acf4c2695bd1bbe1e41f2cc2dc6e8eb6fdb7

SHA512
4307cf6db2be9cd686f6ce992cbc153875afb2c2cc4942c3f5708e4b32cd46ae018b48f5539a224c0f9aaed667b611577054a9f3aebecc4416d8d784a283d7aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
45042f6efbbd8bc3a6ac7889c8789e63

SHA1
dd6f04abd6ae1167f375b0b3d37366bc1fc8d97d

SHA256
233fa41f529bfdf937fa9b34a80f6fd030e102e0b860431c2a1e5561ce077dcc

SHA512
72011d6b0899fb2d7db802e4fc32b955fbafb2e5d87edb2ca7e07c051e10a3c013b743832f188d0f694d49f1974dae7dc35cc8b0c60e51ad20f6ce0285d5514f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d46d696fd33594e432b06fafc48b5e7

SHA1
c1ebf0aed2187534710fcdd19d30a33c69fe516b

SHA256
ac1afc6c39fd21aab66d11bf73e250cf4d5ca9675ec298ea525fc83be3f76edd

SHA512
d40c1c1779bf1943a40b6b8d9dec52597017cd2fb944e5be3dfda22dd20645260fbe415c681074b63f10ed9487d8a5cceec2bd9c473febc9c395bff45b34c53a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
af47c25ca9d8fbd29b0b051232505be9

SHA1
e3e7501946a22d3f5126c044d205c92622ecd762

SHA256
d43723835fd3ddb3245d1b993e48984ee1fc058599e89562bcb5dc6a2c011976

SHA512
3fde205be6134470d60f8c127cd249a57cc7a22d51f48f77c73bd8abaaa114e0c8af609fc2ac017b9bbf1ec0328eff483b8f86408866aac32d170ab5d93a9c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9dd164e0b670d574dbe7eda34648d4f7

SHA1
a18d766a2d4e33f34a2f25d00632693a6e2a74e6

SHA256
83b9ceaeb74040bce4099b2661543580d67935368108b354b68cd051735291af

SHA512
5e16c56d3daa64f201f32c63d0235c701bb8e63ab5d02f3e874818f6f1fbcda38da4f3f46a443c6e8cafdd3c55953088357f0831b93f4a2e144bfd2658067e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7320a9188fa6be0b34876c5865013c2c

SHA1
424a3d90447f992292869e0f8912b3ae7a7c8d30

SHA256
16d2ac750acc022202632190d4bb009dd20ea4d82bac2c0c585875092affeefa

SHA512
fade5a9a8f38a2ee0ce609c66fdaca2901cbc5c3b0faf10e088eaeed1e28a2bc2bb2eb3b52406a9dcf742ea30db65b2995bf7ee132e26bcb6e098e49440ba93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
421b72586f2f142ac76656b918e4bf6e

SHA1
6d67958c107d81be4fd9df333d1d470832b46a11

SHA256
216e8779f5e438876d15b748499dc14c9cb89e8aa32f2ab3dd78dad2a202eca0

SHA512
c5bf3077bb1ba87973f9048ad930d37daed24cc1c10979656ebd5c20d4b805bd420217982f5aa0b687ecfa128a0b80916c71e4337d44bc30cd126bea3f5027a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ebb69ae2a3d8d22eedc4f5221a198a58

SHA1
9fb0590a380142cbb4bfcc27b7e4277cd51e7948

SHA256
fabe4afefaca515e9b7a9363ac0df96a9b9c8bef2af3cca983253971bb4be82d

SHA512
fa7f8d326e099e904768c23df8f92a4e16325b6aecb56926c00ddba138944967e5d0a0c30275a2757cbe096b9853e766a9e9273c18b08c43aae8d3167f4b702a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf140f1055f152e1f2d3780314107461

SHA1
ff3d8fa6c7ea64efb8ef8270f9fe5f0de36ae533

SHA256
f6997f9da0cbbcfd789e4095f4dbbf0a25a7bced064868a4578a73d7d3ec3d14

SHA512
a5493ee9ff719764a4ab508214ff387adcd1dd2910ed59b218f636b5233e7b6076314a83eb49952ed4fae767e51b746f94476837bb5d4bff6dd7e5fd4a33b4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b82d744fe57af58d0c57de8a037fe784

SHA1
0f5fef9e35ed14c13c7fa13cb4b570f8612fba72

SHA256
e421b03b775cd224e1dc42d0497049389116b65f9fee9483dd94d250ad7e910d

SHA512
7e359a75a77d4f2b841efd54de269852096f5cd302b0511d39bbbe2af4b775c63b63f53984810e6022c841344f063fe6ea94178047fe26be1b618ba69b74d336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b6a80de86a6e6d34bdb533dad274a88a

SHA1
18fc1f87d46612363d4ff351de2e1209d1e11096

SHA256
baf922301b712f982e85612dc728f967746a84aef18229b1b3343155d0b465aa

SHA512
0c2bce778bee103be0d9435a2e7598d4785a6560c5419929662b43505f98232edacc129306d135574b243610d7c5aa96313bf0f32707f10f86c2d00b63304829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c0bd034d2d3448d8d5d442a26c46ecef

SHA1
3cae790308d37b1150899122e3e5ad0b5029cd6b

SHA256
72e92756d859dc30f766d71059103c5603d4175e2a895fd993265aeff51e4fbd

SHA512
b59a304c5a1b9ba14e8a39233843c10841287e760f152bdabbbad9025dab84c6c306bbd5906fbf46412e360000aa822fe4a0dee74c261c6e1fab99a31e8c4edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7df9d0dd159ceb91121b7c29ffa2262e

SHA1
65efcd95699bc8b89991749891f54ef2ea1c9631

SHA256
0b46000ea48bda7c98723f22690765232e686ab3f2e49657fef5b636b293307c

SHA512
93bd48b260f4a586b20134bb0dfb77859bc1a5fd936dfd0b03f58de4e68134b6a0ba68f22e60bc6d38c11c0603e4075ad63d1a0008b6f617afd0ca838bc18db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
16059f32530e6eed9be8383e523aaa2d

SHA1
bdb3f12fbe990b7e8c991f4deacf6b915d0ba9f3

SHA256
154173ff38018c49fb2f839584ea95e14dd1e88725bd82dbfb3b351ea48f90fe

SHA512
17d1631b007aac10715c80d1d77e14b9e9b46c4e62f15302975e19dc18c5693f3758a1a7c5e44dbb73daca6323f7d250a181d3426a810763391a756f6a9473d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
68ea0ea9876e243e0e8ec81f8669182b

SHA1
fee8d5b90c67a5ccac611cce33769e0eab26f76e

SHA256
6798231e8853938bb3b70b4dcd7ba30ff6c20dec8274c6c9eefcade30be13d62

SHA512
c0a1ab9a614f69600c5b71f36a02a174774201d7b37af32ec5c693dd131a68f89d9a3392238539034289612a2c40e5c35c454c93f53c5ba80841acc9b6bc9455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8698e020da818bf38939f14542cb2b0

SHA1
b77c6441e99c94b56c43f21e92ff7b06a8230812

SHA256
3bb5f9842d517e7450607bb850340654c976d3e008f5e2a31e6d6508a37029ac

SHA512
bb5f90c9d310ace3ab841b415584c2d51c0458787c9c7162c957939caad9e4d8667b7c2010b20fb4eba0b26053124ab4a63a2764a23b4217a373e19b8b895027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
174ee9e721b31333238338371ecd1914

SHA1
7dbeaf2b302b6ec5e7ccf5629a8cb85ef5f8f931

SHA256
cd0151c6753de46dca5a754fa5aa5605142feb8949ef884c81adf3ee33ad9332

SHA512
478df23ed679ca0d4e91a9221a9e2ac7dfba30abcda438d372f942ab386eccccf0112d77eec4dc582311d6a1105a32083272a364d927bde55aef45a17dff2e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
98cd41260cecf800a900be1cc329aac7

SHA1
96879cddd05d08d46f15819a83d7838fd7940268

SHA256
05e77f9ca15b9c54471c2290ed2141d977d2c1d78224bc0295df8774b2b3b3c4

SHA512
6d9952720d682d32130988a4804e5e553626fddd8f509ed5939c6fa50d3f2b36785cd32ab1e5ae86749102dbe5cd12def0d328600175015a3dbd5f76d71ab4d6

Download Submit