hxxps://drive[.]google[.]com/drive/mobile/folders/1dXhP3-0LifXCi6cgwInhRJTZ_Sa2MmBj

Analysis

max time kernel
433s
max time network
434s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2024 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/mobile/folders/1dXhP3-0LifXCi6cgwInhRJTZ_Sa2MmBj

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
18	drive.google.com
19	drive.google.com
20	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3000	msedge.exe
3000	msedge.exe
832	identity_helper.exe
832	identity_helper.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3552	3000	msedge.exe	84
PID 3000 wrote to memory of 3552	3000	msedge.exe	84
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 2348	3000	msedge.exe	85
PID 3000 wrote to memory of 3932	3000	msedge.exe	86
PID 3000 wrote to memory of 3932	3000	msedge.exe	86
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87
PID 3000 wrote to memory of 2364	3000	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/mobile/folders/1dXhP3-0LifXCi6cgwInhRJTZ_Sa2MmBj
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb76d546f8,0x7ffb76d54708,0x7ffb76d54718
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6215457159734738432,7207771037693654815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
2e6a00581edb35bec6313f1db7299928

SHA1
bc2812001b76e378d3b12f83aac300ac7e9c11ac

SHA256
7d2471b0e9579947dfdf1cc1ce5941d76406cd1e828da5d1c5a971d5cc1b3bbd

SHA512
5a934937efa39c84444cddd6eb4d9bf45150fa1dd85c031860ae1be2c44588abbfaee1e1b289c2b6caab4999d3b8f819a8140ae4dbef24828d7627296ea17343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b484aae164c90166c3da450522632f8c

SHA1
6e89d161d05c1663a8fb8ce4eb7b0504578da932

SHA256
a32625622f1afa7c69ff94a564d94a6c92c123b5b3eb2dc890f17358dae07010

SHA512
be99ef17a5b89b1ed525eb36f7ff5692564f767df3d2c334af4d58165a6ea0b364b6f8c4f0af6f484ef2eb9db8ce6c49521cb3505fc04645c183d90975ef197d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9f13a20c996666e8ee804ee29b1db74e

SHA1
117d69322fa74e7bfa67b1224fb93b52443726fa

SHA256
dd99cf6ad8163ee6a3ae18f327ce18d06fead278457e46b24ff8c734f691a6c5

SHA512
c0021c9f20ef11be75093b6d03d21a5875b8ec55142379cfdbb3eb623967345041060099de6cd5ffd88cd5e30ab8812957d258b7e8297e88638cba4c60bcfc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cca289a76f6e343d282cbb37e837d3b3

SHA1
3d28075330f6100d417f4b61eab9b027cc10c319

SHA256
20f3bf61fceda96f17b0ac84e847d0dcd815c9cfdfb0396a71de125259153700

SHA512
b30a03e9f22c78c9ccee740f2e2ca1cf47dbad25eea5126370f1c189106c5b17e144ecfa80247dcf4b802a530b9c33788f318b45c53dcc3a5f4876266cf9bc40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8d89b2471a4577bccf92c0a482bf7baf

SHA1
36e4468249f798f6a8ecb16d1905cbe8524b5524

SHA256
e7466632ece4bcd0762063f709c83d8457e151fc0a83ec5d201e273e4e38b8e3

SHA512
9714e1b933255c7f216eaa03e20ce5c40fcf219cf9e21b5fd8472bd868f5a14c0848de41890201785b679e6bec98d0001b0224e30fa095b24547e60764d4887b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6bb7853742bf6437d4d79999a7b923b4

SHA1
b1c0b52ea6277a22fee716da75f48fa8d67497ed

SHA256
7130046dd780891200097845edf12f729fdc09b57353efeec2cc57a6a68d65ad

SHA512
c7b9407e774ef6dc41f29aee36b6ebb68400f6bcc6e4ff150ccf8557a545e6aa0741dc852a60247eabff20ea331d2c8c439318315cf7a0d1fc18f6f16f2f7af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eb33fdc260ff3738ebef0b564987b9cb

SHA1
3a86fb9c7887afff3dcddeef496b7356ec622b11

SHA256
79726e9b2db1e1901a41cc0034a878bb41429d0837626d8a5e2450de1fdb49b6

SHA512
afa72cd647c67b9fdd7ddc81b58626852e93eaf6843eb6c51103c0a7f35a0016c101f5deae069c63f9a95dafa0b03d4ec1507b0218f24cef9533d5db87b42676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
be307f629ea30c7b95d9d8b77b8437c6

SHA1
72a8cc72ecdde6940204567df329224b0906cc32

SHA256
279b603894d7d32a4296f7b69c2720a80fc627afe47bfdd7dfc7daaa8c24c5de

SHA512
df413526c9dfa52c65dc2727f8d8fdce9b599db54f7954fa03e997403b385663f6ce2a5b7b4d666da066b46476f136139404cb57159187ed0a99421e115ac13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
686a20f77923de18355b0bee0203b925

SHA1
b414140de0d05ff067f6349acec8577d87a6a24a

SHA256
2aac77cd5a4ba2ef602097785d7c734314ecc78d94886be1d4e7d725fd02c655

SHA512
64a10394227fac6f9d16ddfef7fc63294e11eb8cf19ab98b0e2c10fd6c5c5fca364f1aefbedf9e950bdba17ec2dc122099928157218051b50477806726fbdd6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5651f846674dce9b898c7fba270fd56e

SHA1
6f688865b8ce9b85bb83f2c5ba4db0fbf70e7920

SHA256
3fd74b898c76e6a574c629f31dd24208b652883c4ab105f3b94acd0f7e28f387

SHA512
66bade282b24e856cd1c6347b14e71e398d9ee0fe3d133a050935b1fadf3d272f4d65f4846ba4c35e101862de44d3ddf409203b758292a2a518fd341856c1e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bcdaa9c193aa535e7e4ce7acb47e2b1d

SHA1
cf34a18e08570788baa6c2b58bdb189ce36ebd0a

SHA256
dc4165a03c0838022ad92a43adeb7be2a7e7061848e8b34d5218ffd9871d659c

SHA512
5ce6592e86827e7ead7c19bf44f9dad9b78492f338746fe8d3472d7bae54b029c7a227f3c4bca00d4113a0f41ef112b8a7e19d073b985e2bec16efe4bedfee10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
791b21559c7fb3ddd866e4dc4bdcee8e

SHA1
75bb898b78d3385c379f12b471fefbbcec69f754

SHA256
28d8ea80fad23dcabf8b30b3a1e8ab6af0371ba9e27c1e02d05a70fa2bd9d2e7

SHA512
af07feba198b466add205d93a316f9eb9e2007ec4fa22a94093590b2010bcdbba16385fb9af90cb2fdce696c93d2cb9696475694f8016c1e9bd0972483c69bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa3d1ed82b216bdb4dc4417801f103d8

SHA1
a6adf5e574049d8126a2e62ee5181e00efaaffb7

SHA256
c97912bca91e0c6f860bdf5026d14ebefca1a2182e61f80cad1da84ebbf23151

SHA512
a2852f81e0479e72c67ed9bc59c27303e10f0b3c2ebfb154f08529ba352365354e355559236f137bfd87eb3ec1241e5e06d2760976a3d1d48efc6d23bd36ec6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580114.TMP

Filesize
1KB

MD5
1a20afa9293106ff5c86cfae3677cf2a

SHA1
b9b45cfe2dd8025bdfa4fe372565562985f847ec

SHA256
66edd49bf5e8fe42ee846ee2332a4c5f22920902653dfb82765e6b3b0e00cb53

SHA512
6cf30067bcaf4932efff87d13eeab2b90228ae0e503496c760c6e37846cd3da331e83397682b127fc7567c1627b6283e017a0a446f50a105d041ddf75554d2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d42dcf65ac284ebe3c75337b95433505

SHA1
2a687c8411ebe09566ad37fa3aad4b5b00426c1d

SHA256
57927a522cfbdbea8f5651cf9ca1f346af86f645e8f28c45222ddbe1029b64bf

SHA512
b74a515bf072fba427ce9fb5b4709de1956c37b637190d9771ed5afff246c517b2a157906d60e319b05dc57bd18b6fee0767ae99c1dd7fa7104893ffa8b29ffa

Download Submit