hxxps://drive[.]google[.]com/file/d/1kmsO060isPSN-h49hxDuiopqKkABL9ls/view?05631

Analysis

max time kernel
147s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1kmsO060isPSN-h49hxDuiopqKkABL9ls/view?05631

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
9	drive.google.com
10	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
2084	msedge.exe
2084	msedge.exe
868	identity_helper.exe
868	identity_helper.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 4544	2084	msedge.exe	83
PID 2084 wrote to memory of 4544	2084	msedge.exe	83
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 2620	2084	msedge.exe	84
PID 2084 wrote to memory of 1168	2084	msedge.exe	85
PID 2084 wrote to memory of 1168	2084	msedge.exe	85
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86
PID 2084 wrote to memory of 432	2084	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1kmsO060isPSN-h49hxDuiopqKkABL9ls/view?05631
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffd4d6546f8,0x7ffd4d654708,0x7ffd4d654718
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5297639313196647551,3916015156264599381,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
18fceb24adc103177d70fb5f42a53ebc

SHA1
715757a30e169f33e1df51b01b31da002cacf4c4

SHA256
964316ee529a193638290c744e4a771c2789c2cc7741f7cd9a8ca3538125e41f

SHA512
62f4d42d257209b2e8e5a2ca1cb7679f91d76ce0325e7832f0d446c68a0ecbd6cdaf6bfccb3da1b2740209b970f5ae10cce9ead82bcd47eb4dc6e1c7a5163fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1773fe4957a1e9c2f453d49f87f5492f

SHA1
2a7a5da6049d116a517f8c6d69cb8ac9850474b8

SHA256
e0e0ce9851eb8dd04ec3ff654376beed233af832fe519e91fc205e5048bb05df

SHA512
5228af30ed154c1a084ab58e4f08a419b836d76c918008bc1f07d58e31cd59a6bbc9818451a943396ff0f6246b3a81656c40e04102477e86b3067365aee463a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8bda4d5e12636679ca43b601fa79476f

SHA1
ded4ce6cf36868ec5bc9a759dd30fbcac444fe10

SHA256
3ba43f8c21a06851298b6061349363ec345d1354cb561b280fa00e7fc2b74259

SHA512
f303d26aa9f6ed4b95689541021f7e0cfaabadc5165bd1c675c29689a3adb44b68d6ec099092c5c7a4e9988aa2b89c578750e7d9e6ab05b8214eb19fe0556113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
10be67f94db915f8db7c12a8ab087c5d

SHA1
980ceab4884fe127c703463a782e8161f91b384e

SHA256
98da33ccd2023e77ca68a275db258334c833f6c11065b6a77762574705cff2c4

SHA512
499d6dd346fd12a3f08ef1ac79e3eca459d938f2198ba92ab2fc5417c7b716db3cfead85a91c84eeb424511cd586c048f779dbb04ba9da47315af98fdec004d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7957ed0ff5dd1a12bbabf1ee8e4fcc7a

SHA1
8bf46d7f8d75b02771b30d099eb7e5a23f46a921

SHA256
9a96e4513ecab1960e9c1369b6929a67244a58db4348638deb0d27009b8699ed

SHA512
d6ac1aec7bdde3ca2161a961e92b76f1643f359a8c5ad0e35c14ae6d66a3a04eb7fa4d0f1e3fc445dd3798e19d5fdde352f4e567b68fcc91b7892eaaf4bbc332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff3515e0df5062bd600028944fa8c79b

SHA1
b95a3e953c93828a84731e2a982b88f8ed8f4bfb

SHA256
3739092a4d7b668a10f7d07b454cab28c4fe42fc1bdff0e8d7503b71971ea863

SHA512
08322509575a293662275e586c326061449f57eb3f656f32f5b06d0ba8b049458984750c1c6851cd11a3ebe38f30f12e52f47d8c05ea65fa9bc4d9a83b3bc656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1803b420d0594118e410dabc2e12d5dc

SHA1
920e82e0b39b0d93db8b825eb89a6af16282d514

SHA256
e89750c7487b29ff217f81daed037f88ed15e221f0a6a5cfe2c94587f883e24e

SHA512
ac9e06c38a2828a3ff2505d166da695afefcd9519c2c9542f2fa4547763495b30ecc8edf07bcc83d1ece4c4a385b8eec0a9ca95bfc1401548c6657fae3480bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4d70238d22e38e12b2204882fceafda

SHA1
cf5a215ed8e9620c5ebaa86c50e6cc71c76039f6

SHA256
cedb6d662a9cedc977680ee0d6700d8b7e4401a7c56982e4474e43cccd7cdcb0

SHA512
1251fb7760be08ff77eefd8196a47fa4c4a174c5090e0cf4afa77e8a7806a7f4f76040af38de3f33d92c7de4e004ac4dfc212b59df9792e3961e4eb7be82a483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5dbd599142dcd0db01737c7204514de8

SHA1
d79e528c8185f6bfdf3a6a716538a3439958b2ee

SHA256
d45c0f3f5a32b6c9fae2d0a2b352ba0c5989c45e5e643f59bfbd73794fd48fc6

SHA512
e748a8efe04077870061861e42ebeefb867ad6b04049875a1d59a500686ebc5af127701f194e764c9b8c30903109b8e5126c941bf3ae760cce4a27fe161d7e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12cfcb54765e3c0fe3851fdb3dbfd996

SHA1
1e81b7b46fb70feb3eae7caa9c949c1db66655a2

SHA256
c3fe12abe4a2d4f217a68718252d64777a0e308d024972623ca2e8a3a29a0fc3

SHA512
f596bfe08c42fa32140f42b69e49ea8ff96531d962f2552b2a0873548dbb24f0a3a6cff6c0ac559874fd73bfe554af69e997591cef0c1e08def1c2c39859cd36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
75cf1868de866d4f4b19b02d22178e5b

SHA1
06eb2d6682078869f44c026a470bd7fd951500c3

SHA256
9c57764d45b2d191f6a73cb819ab5bb996c55d3f9a84ae5a63f9f58de66e1a0a

SHA512
450ed1d7012c87ed8ee06c317f35c823f6872e0af1cef238763384259d64f30d8ad532ca70394707678b1f5f5eabff0b5b1a9511e79c54d7ee9450d61e936305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92c09e6032779165c8c632af8e11f833

SHA1
48c7b982b35460133dd98004e0f457a4129cbf89

SHA256
4824ebaf992d0f6a1d4ae9d1fb666594c550de5d98dbe8cb5efe3c7ba9ff4e76

SHA512
2d80c0a021b93a9d0b2ef11a5c8d676445e0672beee1d7d106ec349efdc1ee63c271e4e3cd29c93c7d1128027812313b9f8f04d85dac82cf696f451ab9415278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95412934ff7f2240728b252c1349ff30

SHA1
4755556c4064211b82ff27e1a4b975efc6b84d0b

SHA256
7e012493f6189e12d54ba03bc5843dc1575fd5fd2fe7232d81f8dc586c4e1ba7

SHA512
df35d169b4d09aa4a68baa0dcae01ca25efeddcdac5be6d4ace1f7cdab92f63e280989fbc7b6b85cf532829e82819a15ac1aae61bc0fbaa0888a54ea73115787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c722db1867c3098a8b88435cd6987d37

SHA1
37a1cc965841eb2f8654f8d077485d897f6473c5

SHA256
7dbe0412be3b943a4f38586f97a1d6dc1c07f2ea023f76a45f63e9dc301dbdf0

SHA512
7242357af0f994677431cf6e3e260acd15522324afc84f7299924510f642f75285eb885619bf3684f6afa97396337f79eb15c87884ac866eaa3a4d1c1e24dd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c14d21ab497a1bd30c62805cbeab9ddf

SHA1
00222f31f9da74dafb05ac29ef87f9503301cd55

SHA256
fe42f54d6a3f2b461b51bd39a16c3dfe85503a09cfc8c87a98b9fa2af2790e23

SHA512
866c117622fb31e50bf0e1c85daaad8bb3705b112d26d0f4e136549b1ad24d0a06eca961964f9c9a56db8c4b51a0df8797ff630a9936f513c1c91a7831bfbde5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de1b.TMP

Filesize
874B

MD5
e7e0e06178432d19740f05de695f32b8

SHA1
cdfce5520234f1782b99f23809ee44c21276ab3b

SHA256
dbcddecb66d05d3f05dbeafc53e17bf07c602984aeb52b52e14a54ef50b2a897

SHA512
d2781beb2f6cce59843309a92a8e8ba3377900feb49f38056ae324627a96a444c253473c682b789886f5c9a8b319220d15de1526ef4bf6260ba97047ba2fd7d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e079680a-fb38-4810-a7c4-6e73514669de.tmp

Filesize
1KB

MD5
dc038867f6b235c5042ffbd9a66a31ba

SHA1
36954dd1558618b9e47f9cb9d2996ffccf7320b4

SHA256
102e291d83d6feff25ffcc18d5f1ff2be6ca6b0047d6a08d0a36b62ee4ec1cfd

SHA512
99b48aca7ab5f1d72c552f6f68619da9e822a13c7193684366c628583ca828fc53dad8c2bdcbb2f3ba70a99698cdf51bbe480cb45a9a00d73a706150ab49c8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c4fc1791a1a5990f9866c885d39bd31

SHA1
cc9c047c214949647a08716f76385aa3a7612d9e

SHA256
841d77cd15fa81a6a9b0c0edc3cd6a535dde07e593a6598ce45938685309eb69

SHA512
c046e3b28c237f6f12bcd3003e696226e5c329081d26008a3410760210607951fa4baf3d1918cf5d1ef20f3747fbc1c1ba9d64c42ac634f113521f156bd2babd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af3eee75a33f507fbec72536bf49bb99

SHA1
ffe937513c15309de22e9db63535ab7cef2ca1ed

SHA256
d3d19b9e1d376a4430199c0151432e483eeebd7a09dba47f5fe7a60cdea88d03

SHA512
064f204b91a897007297c9578a8426754394898879a6195620f42a61c665e60d7cccaecaa7f6bac87309364c3d58b75beaa17f4ea3aee60bd6fe6cf6dd1f2443

Download Submit