hxxps://drive[.]google[.]com/drive/folders/1o_FvCzw_5IKZ8_bm_Om9y_7MArSpq41k?usp=sharing

Analysis

max time kernel
525s
max time network
526s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1o_FvCzw_5IKZ8_bm_Om9y_7MArSpq41k?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
3312	msedge.exe
3312	msedge.exe
5068	identity_helper.exe
5068	identity_helper.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 4816	3312	msedge.exe	83
PID 3312 wrote to memory of 4816	3312	msedge.exe	83
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 1500	3312	msedge.exe	84
PID 3312 wrote to memory of 3552	3312	msedge.exe	85
PID 3312 wrote to memory of 3552	3312	msedge.exe	85
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86
PID 3312 wrote to memory of 4980	3312	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1o_FvCzw_5IKZ8_bm_Om9y_7MArSpq41k?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaba0546f8,0x7ffaba054708,0x7ffaba054718
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,4799198660569727782,17552152478568822530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
e11dc1f596248dc4443fb08ffdd4446a

SHA1
b5272724f55f57a8e510faa6ef82a16dd16694c9

SHA256
2c1ab6ad03f0c6b0d187e7d5281b127cb541d5c97260e31cf130c9f9fe210a90

SHA512
a7dbc7ce079165c9dd0090976ece504a519c9d2fd646f47fd10671c847eb1aa6b2819270d6da8a6253774bddb51b3034d5d9a81de5f0121880b14becdae8c82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
7eed29e62909fcb6533bb98c5684e88c

SHA1
bd496170af151afe231a3f2f18a7c4e35865e02c

SHA256
15b45603f99ad26879a1b920d3555fc7ce2f1094ff45867d29c70f3e78e107e9

SHA512
1e5caeee2e35d58bd12bc4d61239377ab051357cc65e493fcc491c15f50342a98008f72d14c3fb05a4fff7547249f400e2b7142068f128aa86ce9e39845450e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
250af661c68d8197fd5c1b14d2e40091

SHA1
473e8546379f83e524d139865e877a93b5615466

SHA256
c0a008d93d8ef1eb564decca010da0c3efbf62da8a075c1e67d9597d0e586806

SHA512
93f5ce860d49bafcf70435237a0186fa5f1d3f395262a352e6bd3bb19c38ddbac68374f0792216a7ac7a9c85caefe74eecb9c2773986684b3a221bbd205a4e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b9ea08942dbb1d258cdcdeb0b0f882e8

SHA1
abc785d87e2c4e0496c370957b70dbe74d90e561

SHA256
6689d89bc3156864ac408f2e6799fdbaa556b657cd91c6fc87e9ec1db9e30f6d

SHA512
e8f8a8a275e7532ac4266614b736a6dcf992ee284424e1b843a276f79c8d9a533fc3e71b834661e5650513a63726d0f23fbccf10aa1178e9030f4e3100e71006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6943679dbc19883d4995195abac045b4

SHA1
8d24f73289fa65f2eb15a13ed2159d92c453d1e0

SHA256
b17bad47a7d70b5d5685a4ace40c4e35fbab203599411ce9f4a3f64f1129b6bd

SHA512
090e728af31247da5370665dde8220e6fd178851b37dd6ccf576c7c667722a9ef9831c19f43e9399bd458b046d52a449c78cea4d522f9c32be125e91cd2b6fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
366c0b0d9410fe7cc18cc5d92e084ddb

SHA1
fa96e12a370c4ee38440fe72b211406a7d9ed8b7

SHA256
aaac03fff45fe9049bc215ca6989bedfcbe3504200a4029d2d110750b83149d8

SHA512
37628593042e9a40eee964582a941f922ec3c1a4b16ecef7d10716bfc44add2cd5038a093dc9734e8fe2a4d44cb179db53be05da34c6eb0cb9ead9863ab37de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
56a372442d233e488a2b629b4627f157

SHA1
01e33a76f81097f2f58c30256e9277a245f051e0

SHA256
ef73f336ec894d51bc1a3377fb6d0834bf50abf609a69ddc44d835f35d90f9f0

SHA512
9cfb2a8988a4ba4c10a562cbb6a231c19a361cb0aa9984bca7b41f4a06051acc94ae5137f77e491e56928824b2c4ea848080a8cac3efc809e3f4d88ab51f8176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
005772835e0a467818904e6a60e5b2e3

SHA1
bfcebde80a3887bfe3bebd9ac8b40c2a5831c852

SHA256
85d370fb79f483f9a17a166ff4ac486cd2de6c1340f5ab7e0f74f50200d4c3b9

SHA512
82deb32cabf65621e62ff7651a4753f033b5ebe19f169e98ab527a52295d731c3ee0302f585d35995853f54104717a8661085025e4ebd4a177ad49251cc750cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6a5a83bd4261ae86e1d58f7d82acfb62

SHA1
691a137c671a50783171fe4ffe0922f9eb9d7015

SHA256
ff6b28758615031b73f9daf1a37fc1a7fec5e40363a414e73d193da28b0e166e

SHA512
b1b51a5ecad45edd5684c6d62faf0b14ca2fea3c87323e73774343593d6744978d9da3bc00ac5eb8f2a36f8c0af9c3e9cccf38412a81604545a9e5bd1ebe67ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cded3ac02e263ca890384786e1c1e73a

SHA1
72a25b0c00588af1d79935f677e5f2b12cf36e28

SHA256
d7e30e3b70532f549f7f64b92a958d3c669cb5ce41667fdaa53cedcda1d2c53d

SHA512
44decfbacf4a8374aa771990d16ebfa6178f601692688a5c8e4ef4e49facf4dac8bb2ba2cf1cb606ded1cd5c6035776a0fa1bde07e723c3353b6227649aa76ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8722fad29999fd42397bb38b924eb00b

SHA1
5bb8a457edd49a23db91aa91682858b080ac16f9

SHA256
afea623cd6186e531d749d40f39d4b62bdc55927f436e2e687da6788e3655492

SHA512
da8af5ddcf6c0c7fae12a4a970fb5f156565bdb367d261833d6515d686bc442a6a2c56ab84e6b3683cec86e89ab04600273f66da0aca490cfbca490044a734aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5346ffecdde8c9e6c114784ec924da7

SHA1
877eda67ade78af1c65e275d01779e40ddce204e

SHA256
86ee12c09227376e171092a24824b238f52f2fe34c153462fbab05513fd75cbb

SHA512
39f0fae3bc4161c0efdc315d160fbcf3dc277c161f1f68450c77416a49679b42f4ea323fdfeda2e945d0e13912f898009e4038b8f5f7814778f741acd7f0e01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587923.TMP

Filesize
1KB

MD5
cc61c28569e37e2bf9f65c10395037c6

SHA1
1a16fe2adde592aea656e99bc0b9025701382716

SHA256
fe1e9c850ee94d8478593a7fbd972315fd3431b31c3e1d415ff0351d57a26c23

SHA512
ec53378da09bcd5fa004d7732294e5ba170ef12c949c3627cd9f00daaeaa0c6b16a5e37ce0a6c9880256c4a114f2f3fc2be5c640514968cf1ec6de3a8058c626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ee60d816b3bbeecbcb4edbe5eaa01d7

SHA1
6c1de9be35cf631331f25ff79d14f9787ddbe955

SHA256
27a831c634051357a953d7487ee302e0b4646907d5c95b62ee243d7fc91725f8

SHA512
8a3ebf4cc75d9304537e04b59d7974f7d89266675cf7a77cf93ce4c55b87917bcb63c538572ff4bbe05166c62d6f730183e0dd19e03f2a9883f03a9dff7743b8

Download Submit