hxxps://drive[.]google[.]com/file/d/1B3zoSasVv53H5wXwRndgLHx99r0bqZpO/view?usp=sharing

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1B3zoSasVv53H5wXwRndgLHx99r0bqZpO/view?usp=sharing

Score

6^/10

amazon discovery phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
11	drive.google.com
15	drive.google.com
16	drive.google.com

Detected potential entity reuse from brand amazon.
phishing amazon
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
2340	identity_helper.exe
2340	identity_helper.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 3512	1384	msedge.exe	85
PID 1384 wrote to memory of 3512	1384	msedge.exe	85
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 3092	1384	msedge.exe	88
PID 1384 wrote to memory of 4028	1384	msedge.exe	89
PID 1384 wrote to memory of 4028	1384	msedge.exe	89
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90
PID 1384 wrote to memory of 3616	1384	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1B3zoSasVv53H5wXwRndgLHx99r0bqZpO/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb47cb46f8,0x7ffb47cb4708,0x7ffb47cb4718
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3071554267049881290,4388941600911252778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
1ef3d1f1a06de5b93b45c47e8c8ffca0

SHA1
99ba048a2157985ea1ea3093e935e4f6dcf72d7e

SHA256
8f7eb25b31e04c808184f62f745a8e59ef6a4ac570322919d76aa8e286e2aee2

SHA512
29352bc790271e8b220e1260831aa00ae051ee438193b362c11ceebda650d6d9fdb82343558dff46a2e0a0ca66af52a5ede50fac510381f2028128ddb7e2d3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
87923dbed02819e896333444bdf14264

SHA1
b1c5b2ac641ebb02f6341b429323c84246348c4e

SHA256
77ac107cb2ab3a4709d97d0d375a1a4396f6279f577c6172bfe9b0e002b3b6d4

SHA512
93688fa0ef45f9b2c3a380cf7371caaab0d2b996426cefe3f61cdccc640134c5a8d8dd99cdc4ebbea15792802727e94f85870aa463b3390c8abcfda7749411ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
ab10bb0b8109c5043ebe85cc8f02391d

SHA1
844a082531249274157ec7d3b10c75fe1669b8c3

SHA256
3325192a7ee9edbb2c74a90dae22ea141cc7e893bfb5c5e27420a34508bd0d95

SHA512
c5231c68f3d3a11469fbc45ef77202bb18984fe98192c5ae7689fb805af7a39752293a80ef87edff8da77393b7728cabaf2447dfb2408bf95682a802a419fa96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
e59fa0874cebedf0429d44b5433806a4

SHA1
56f80891baac39ec72da140b856ad0f843cca1c2

SHA256
8d046ff04d104ed8c03bdfcc84cfad5be3993a5cb442394b36eca603cc3faff7

SHA512
e1ae057c94bd8306a38f4cd6208b43ffc57a25293aededb760221b570cb77bbdbeb82b7d5725a0116f8b4b05b3f4eecb107fb06c507722562d1710b27fb7578a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd00e795a1138078e647cef16cdda0c1

SHA1
e0ce2fa4b98730d411b314839daffe07410bba0f

SHA256
49c8836a415773a37de2ab126d947c64bccf6141599ebabf0912e005c2e9ba66

SHA512
644d1ac0c4a55c4619058b621c6afcd2c068435f557e51964b774cb221eacdbdd2c22b0fe94bab03c5c351ba69b43723394e4752ff5782e41e1e55a442958c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35cb87f6822a8c260d8105d22b946690

SHA1
ec4b112d3b4ff5604c4bf7ebff87ce65ab82c0af

SHA256
b4b6a892d6afaf6c5c4b079aae7f5b885dfcbb59e1632ee7a5756648b1f6ea26

SHA512
fab1c43a150c4ff814fd761f04073171ee8e1771984570ea58e2d366e89931ae11bb3e31ea9850f4b26cad2f542e821eef6233b99e05a59a914a33c366ba7ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5782125ef40397c8bd96577aca3f20b4

SHA1
bb6ab579a27447549de02b22ba110dd6b4f1d9af

SHA256
c0b9c70e14fe318de154c9c0db4b16678c777037b196751a75a9200c6d99da6e

SHA512
8e7722b088ee96592e08647e1dc0d6a164e628b7e64dd15ed0a17a1d7093c07bf8dc771e3601b91b0a5405c6bd245903173a480a161b858c435abf69a5731dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
213d13146c794a8960b8bc10804b8a9c

SHA1
b44fedaac1339e3e369255ec8b510542c354ddfa

SHA256
517782abaacd664e037a0bd8c7d51a43d791facb1da379695641e10387fabd53

SHA512
260db81215e50e6d8edfd395210412a97164c5eb694e1cb4b07f56079f04d2504b96354556f70344c083672a0992b95bd55b3d376bb10f93e90400b0713bd15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fb483fb56d014c079f29108b014c8230

SHA1
20c7efe8a3e17d465d107a1433ac9a7789b64698

SHA256
36434bbd0eb1a5d6ea3c8c1ed75d26309d3475840a1243394676c2791139cc35

SHA512
e0e90a6ac097f0dc2f769d6054f95084929d6c6af6715eaed14bfc722207d65e94c2ce085cbfbf2f9b0677cccac56c771e5d23a7a4626b1b0df3ed3b9a5d6926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ca11.TMP

Filesize
48B

MD5
90e378ff498f3b48b2ba97b156c33b57

SHA1
56c0b59b37894ae10630d8541649781a97c97ed6

SHA256
229f65c5af16478fdbeb636090b07ae931264fc03e4e1c0876c6b6ab7cfa42c5

SHA512
f3ac84206d91e2d20a30cd004b38d6dea989fad49acf8dc69c6aacb355c3885c61052a5921907c1ca328d464586dca6f15f200c5ce3afe76d99a7d011b4e47cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1c5590df1d67b028c68a470dc6e86803

SHA1
15b9f6df0b182bbd84ce1df2189ebac21f1029d0

SHA256
82a48abd399640c8464e7d33d2671b8112484939ee8b3e1c6580f8c1e95b5ad8

SHA512
30fae557bff72865c53e3fb6cc0bb3e5233d38453366c873297303033fe14245a50993acbe80a0b1fb17061684bd18decd3c37b131771d850b7b6558332e7a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a47cd5aada1231877b008b55dda836f0

SHA1
45854f6625d0bd1d1d2c8940f80fe174e6636925

SHA256
1753d92f88ce026e7c07d36eee2ca244da3accc54e38ca0ef2d527127d5a8d9d

SHA512
d307f8a6fd61acf1c0ca576970ace0414fb907b20bbfeeb2ec79004c1c70bd0d7c09435ad8da92789112049b60cf31fb12e86bdf9890994c9b50dd1d6e306302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8f1adfcc1ae1edc8b3b73f9b977ed096

SHA1
bd4b2620031c921d74319dd9ef74ae7fe0fcf69d

SHA256
f88d61f53e003c109ca20163f970f00bce8f3929eee1387a8e6c32b1a52cd52f

SHA512
6bba2e6451870df1f40cc3864ba3f24969ba319ca3ab99f44fc0a2c3ffc0f5923b7f30ec83d0d97f58ad7e90290d09e97fd21b9e433fb57b23fbf59dbdb6dc3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a5f26979186bf7ac6ddf43473c5504f7

SHA1
b0c62e239df6edcd34e45a3e1e11b98b08453c85

SHA256
fe9c6672cc9b4cdc58161bd756c437786ccd9b94716673fa5a03c5684dffeac9

SHA512
b25a82ec12997e7d091aae5c312b5d037dc8fa3c0799588f01b0546f85d68c34a6cb89d8fca86e01d2d2dc2278391fb7176f781bb2d44878f7ec770e3dfc3bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
91fad8c4045c49cb24688c394c53a1dc

SHA1
33777c54961649c4e01643f2d9abaf1bee4104dd

SHA256
f6e846186e558a6758335e1e4f4a00b240b088f485aea79b77e4b53b870b6a85

SHA512
a3031f297077b01380973ce0e0219e196c4b248dbab2c4ada8b62b539227091a65a3502d18babd2a577cdec4a8e20add3c47eb088d90804ef7eba7ad608f2a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ebbbfb50943d5b26cfb43c2685d226ed

SHA1
4c551fed714e6ed0fd4f297d9652b7e7d66760fc

SHA256
e58d5672ff473ae393a59c05843c40bb7be62aa93a69b6984e867934c1da7e18

SHA512
6b7fc3f6e85f700659d2582255c7535da58c2330cdf393f621d4eb0b933e92c73aed792dbc0ec84eb4b7627900b77dbfc073f3b7fce0933b727dbb05b2ef2b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584978.TMP

Filesize
1KB

MD5
5db2dd26559ba36419cdd2c4a6f65036

SHA1
63260cfefd9a8ef1cb9234fe8ba09839e6da323a

SHA256
f975d55d9005d76f68aa90dff9237b90572f2d52368bb1bd8a783114785fb999

SHA512
c000c9af7750c16809ac6e023cc30c3aa6d6f3a8f98cb982d6f21c27c3d6af00a52e61a9d56ec5ea29241b56f7c9df6bcc81c351a112cf4357300685994f63e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1920df31cbdb0e16dff9835c59027a19

SHA1
3787dd7867ac0a847730593fbb1456a033486d18

SHA256
aed7811e181980173f42b38f437d4ecece5a76c1ff571038bb7169be00aa961e

SHA512
b610ed5dfd3f9fe0bec443287e6733ebac399622fd787d37d34a117190ff38a056f6fbc0dda61f73f643f88bfada9696bec5304b6b8132cf522b0c0427e8f019

Download Submit