hxxps://drive[.]google[.]com/file/d/16YN68frlJXt020spBhRRJ7xD8lcRKlyY/view?usp=sharing_eil&ts=6787fad8

Analysis

max time kernel
884s
max time network
885s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-01-2025 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/16YN68frlJXt020spBhRRJ7xD8lcRKlyY/view?usp=sharing_eil&ts=6787fad8

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
10	drive.google.com
1	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
4660	msedge.exe
4660	msedge.exe
3344	identity_helper.exe
3344	identity_helper.exe
2968	msedge.exe
2968	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 3520	4660	msedge.exe	77
PID 4660 wrote to memory of 3520	4660	msedge.exe	77
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 4688	4660	msedge.exe	78
PID 4660 wrote to memory of 5080	4660	msedge.exe	79
PID 4660 wrote to memory of 5080	4660	msedge.exe	79
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80
PID 4660 wrote to memory of 3776	4660	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/16YN68frlJXt020spBhRRJ7xD8lcRKlyY/view?usp=sharing_eil&ts=6787fad8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c4e3cb8,0x7ffd0c4e3cc8,0x7ffd0c4e3cd8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,2886634734707682324,16186800181266963503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\03b3a2cd-8de4-4f2c-b1cb-061f25fccfa0.tmp

Filesize
5KB

MD5
a70fca9bada786218d6499d40002672f

SHA1
0dcd79aae8a4c52c315be8e20da55620b348bcab

SHA256
47727e619489d5358f2d46d727addeb83aabe776eb20b4d0a9beaca90ffe1c00

SHA512
fa339e4520a9a179c3d1714ce2b04923243580fffcb42557a90366de4512c399d327ac83b8ad55ee76c143676542c8d60838ca593bc5094a140da7c49f14fc12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8fb39a64-72e0-41dc-a446-836b9e753939.tmp

Filesize
3KB

MD5
1b9cf05f8e3648b4cff34f7d8237da7d

SHA1
cbdd025283c8bfbc64ac7fabbe0d873d86c8bb2f

SHA256
6b39d1941b45e16810e8b9f98ffff5b42d98e7c2f467e2502ecd4d2b864586ef

SHA512
a94003b5a57f05c4ffffa9eb5e95852115d83495b1ba77fda42006c2338617684f0620a3066413b25c2c4e3785393b7c5f494db9a3968e52221fc3290a165f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
9c8df4b4f95bbf4e286b3c50ddf1a645

SHA1
269e914fed3c3ec3750e8ebf8a1fa3269800b200

SHA256
524f257b5d0e861ccb2848f98aa5a7171564c1a48938f3fd634ee233f065b719

SHA512
cbbc16f43bccac2b6d4403835e66e9e7ecd1a2246529419e0b34efcc45d58902c9dc0121d08268466caa23dd5058f45e0d63a6ee0c94d713f27fea0683c95b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
17fd79d7aebba609f5d1cca4efc8216e

SHA1
a1912693deee7afa8b4e54807b2408bf2f085ac1

SHA256
d841d4155b3619c81198d2e1ba31593c68c085082e55ed389c4925735ff2775a

SHA512
aafd431b041ae4f58c425ccacb231807724cbb8648fe7460a0d26aa84db3566eaa6796f95b6370e6a56ce51d00ae309df5295fa1bf8e315e2088ba9f9281559a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d0b76ddeaf50d6d70cbc29201ccc7370

SHA1
7040300a41bf9f760ff6daecb333367927e8d523

SHA256
79679b30d707735e5d0a073be6d4cb640bf695c1136ed35fa433b76c3f7dd66b

SHA512
d48e7279714bb6c8b81ad4523f5e5821a6fef133c01878a066b113402ba52e98c56670f196bc6975e6674774ede58c402048b3ceb06b2e1d47085cb9491c572a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7a7583474db0a5f3ffa746b6d72cbb56

SHA1
bc48393f38d425e3a1375a5bc63be30c96a51086

SHA256
ba265390b33cf7c13becef6d616f25c0cff8a056b929c349b9100924cb0e3169

SHA512
3bd499dd76fafc7c6959ab48f62e08de015f09015f675d91039673af50ea915b4e9483682695e99a3044eb853a66b1fdb77b6adf428d97324b32446d867371be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
777a99adc90173cf019c3e63a10395a1

SHA1
deed6a33ffedf4a01681e04c69c88256323dad87

SHA256
8e7bef65f243f3004b07a0e54ce402565620e1a10b86cc552d55df89ae88d7bb

SHA512
7db981c0c0de5df10caf14a158304b541e64117de6a7943253db78920ac4d8e3cddba34ca1d96fa57b56a8692b18d6e716b1b30774580295c7b13dd6e065bb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
353e49b1e48ea257e016af02d41a21b0

SHA1
ec9d6d185e60dcda2f8c3cb874bfffa19ab41c76

SHA256
2719f92868716430c7068d76a006d5a95dfeaf2cab7b0f02361a5cc7d532c5b1

SHA512
403931a16708d0dd2c1c166c7cec5f350f450665c5b2b8dc0f76d09c9f75472109f30938462f50bca783559bbd91949e31fce95abaf7ae7779e90ecacb35ae13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
478aa19a80ed5e6af8c684c07297c2d8

SHA1
bd11d11b17ad603179424e74e9d1841694b50206

SHA256
e0a3aae81abc4d2d6666a4bbb4a3a04b024cc90113c56d6065a5e8c64589b6c2

SHA512
c15055e9a444796af883f780e6ec023c1957ee2e49d853efdacfa83877c0458ccca5fd5667f9ea42c87a9d8bdef55b1cff5fbe8f773d16e96d1ee5ad28925b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f8a1fa1d5630dfc66992b68d7c1fecc1

SHA1
fb9f71bd4246c399d89b21eed9fd09f3f197c282

SHA256
c75f4abbbe9535e096a01b82ab1c131904d154e47736610468019edeacb82494

SHA512
02ce564cd0e2c9a23ad827a23a3d4a8c8a0373452142514dea5743480f800a85a4c15052274e06e78bc12bc1cb750bb8db2e3f2d3ef5a7ca5ad06b275cfdf0ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
56905e2501b56fe99a5fe42aec900a07

SHA1
5891285ff1d41ab41d299ecbb810be6511bd2864

SHA256
585899e39f75ca4ac7b007c5a0ff567e20b1872b9e73c267016c242209e05dd4

SHA512
9e48f409311963c694bdd9a33c5c3f6fa2f50a4ef84be1afdc5d5863be292c0c36e0389459491e7e55273bc96ce687ee826f090868daa7eba45ff58d22da0f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a7f9b246d45e8feb3b2e8eb1765bd1f

SHA1
88411d30562f692e57f6384f0f15c8609e71f3eb

SHA256
6737d50c8c6fd762ea611aee62346f76f65f67e3ad54f7e6ce708477f77a0e69

SHA512
410c9ff10b7d6f81ecab261750db924d23b1c8a18fa5cb2cbf567b867c55bf7af2d05520ca717ad717725f29fcc6180187d164eac6fa2d84c696ea2f279e5a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a6f52c63bd3f91dbe7af8934094832e

SHA1
64608dec4d62fde6f5e3bb735b427ae986834ca7

SHA256
c8f3bfcdbb03c37ece5cb5c0bf0ea1b1928dec52dd7ce901deb821c54f2da730

SHA512
91c4b9bd2bf74b07b0c72181d06e67efea8bfa12c0e599f8b432db673b0c45cb67fe8ac877f3220f369b488a59768caaf53385392118d19aca3c7e11fd47f7aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d53633d54b4e0b88c59c21c35da1c946

SHA1
9489f79ba2a8d3d516c446879ad57c5ba2b22096

SHA256
fb970584677fa43b0ecc738195185227f493208a081b1bfcaa3b7fd45fb0ce41

SHA512
844eb2e35b11fd82d18d35ed9e92b1847b4c98252bfab94b5b993751aa49627bd167848bb3f64b72f02975b5dfcacbdd5e8e707a51767a243d64589caa24d4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08475a6afe4ef50157470d32faea95fc

SHA1
67c4fb8096451805b73dbcd68b0166aa7d726107

SHA256
02551fe6a0caeabd6563615eea16410be1c1351f7a0da39a5b43732269d6f5a6

SHA512
95045e2d06c5f64e4cf776d93573a17326b82b5fb3acaf532dd77d9e549a0a0d90614b1422aa3a27a5d70adf8bcfc2afd87945c8c50b9df5268021dee25e6de6

Download Submit