hxxps://drive[.]google[.]com/file/d/1FVZP-1_rDq-BUHqkIve20KtqNg_7g25k/view

Analysis

max time kernel
134s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1FVZP-1_rDq-BUHqkIve20KtqNg_7g25k/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
3760	msedge.exe
3760	msedge.exe
3216	identity_helper.exe
3216	identity_helper.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 1420	3760	msedge.exe	83
PID 3760 wrote to memory of 1420	3760	msedge.exe	83
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 2504	3760	msedge.exe	85
PID 3760 wrote to memory of 1756	3760	msedge.exe	86
PID 3760 wrote to memory of 1756	3760	msedge.exe	86
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87
PID 3760 wrote to memory of 4208	3760	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1FVZP-1_rDq-BUHqkIve20KtqNg_7g25k/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650446f8,0x7ff865044708,0x7ff865044718
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16512554460749010286,6276829827775499544,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4224 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
db8aded3e42c95977b37ef8c56677fa1

SHA1
390178748bbc8f5766b45cda6e9dcfa95971dcf3

SHA256
837ebe06fcba101b4bc366862186fd281b86429ac63f8f542cb40a689aeb73ff

SHA512
262ed2a8049b7388ecfd804d294fe7a3736856b3ce430e096430a59620553705765f28a43a34dea934600b3a21d4888ec036a14beeaadd3c78f565bb6058ecec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
093b39db4cfdd00f2ad5c9e9f471f933

SHA1
c76b8ca12b425e313c02a644d04f85a9ca8cfea6

SHA256
f442f8bacbf413c36a40f13dacf8548a9666c7b1f1e3e6e161d4e679a3b830f4

SHA512
1a020453728dc614f1fd653d3c0095b6bd6fc602bdbc1a87d1adce8f1dce822fa88fcf84d235d6128e10183fc42ed6f46585fd3a6cbad216b06cce74bc725870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
deb7168f373ab7dba3d7a8363ea51508

SHA1
435373d377d01aaa95a82543d2b9ef178a4fecba

SHA256
04ab666f84bfc67fcb0070f56edf5ccd946cd3194b0ea06b3fce9122c8e918eb

SHA512
5a199061f7183487a122a60c14032af969c5b25ee50243eb7107de16e78af274d84c4949043d1ad9c9b128f05fe7cb5f27ab8f4d681561acf1da40f0612b9791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
649da3ffc724c5bf62cc531839d78404

SHA1
40767d225a7a3f7ca818de3512f8278f08087c47

SHA256
822e1beceb0cb35c816214175e8dfdeafcc6c3fc2b5b7b7df0df0a0917fbf350

SHA512
30af887ee602292809130e266a4828509e761b4c1957047dda27ffad23f658520cbd3d4b5c9f0545ebc9ce7ff208a4ade79dfce39a3dbbbb303a1d6b13d719b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c344f5e875c9119b8375404b3e7d0c73

SHA1
2a9eb0d149533eda791d74179d310081c24106c2

SHA256
e1edc82fd6c8e68194aa15bc7b3abfc6fdaae23aec4e20725ee79510623a265d

SHA512
8372f4f35d75f80d34d53df474f9bf1711886ebb3c5ffdc8d0e378d3b49daa1bad7f3885d31b20bda1175bccab1a283d4db6ead2d3ccab32955927680f3593ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3989c8ebf98d8516c75e6b3af1623527

SHA1
36c955d8d214e0b9a0579a32ada538b0d31740df

SHA256
d8c5dd75c76df3b455beb51a8aff1c575a276b20076fa8e4453de42237ba1f5c

SHA512
3f43a490257102eb7c62fe9d65ff5ec201ddee44b40c9a3e2fe176dd36b9cba16fd8f5fcde3f39726b135134427bcf9cdfb3100dbc92cdc82ba79faa363a4b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55536fefed49760fa1a8ff8341af2467

SHA1
62ae4be4a855600016576c24abd3baa3c9ac03a4

SHA256
eab5c849ad6f18c67360e0f0a4b24bdbdd0fbc719b13288ddf4d333826c02332

SHA512
fdd6868646f8189bc2b9b878cf056de6cbda1c863a1859c5f150c393216873d501097c89bdd781b44f327f239ef33af5d80a01328b61d3f102aa34d58c50a27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5c8eb0dfe82b0cdc0823128fba1028c5

SHA1
92c34c10f021f5c0db5ff248045131b9bca676f5

SHA256
2abe1da9814145fb1be28898f19cb91b49002facf72faaf3e642901bbaaa6c45

SHA512
4a1ff10f61ec21b4f351b3b0392b540e2d430ed793225bf9946d1ac3882a3f4ecd68bda180247b5955b6c5a14000799d1799fb37e91c6b99c18ded473b34f119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dfd859a538f7d988293fac65ab8625e1

SHA1
46dadb53aea5ab6b0d657e19607cc4fc18290aa0

SHA256
e3ccee6e7d6387e0aa1bc8ffc3a2fe4aac9ee55216aa1097111faaa2caacd0c7

SHA512
ddb6230893aac5b8aedd1411c679f7e3511bd39deeb7f44328f9064cd9917b3fda4510042ad03ee6f792d43132f820a719b1b97a2f15dc7e79f5fd235e03dd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
a0edffaa808aa2e015d7d6efb37d8f83

SHA1
c88062ea5a11b6483fcc4d1dd7e6846e0df98f7a

SHA256
1ce5b14d2a7ad589938e1afe21cf6a021026be9b2b0e9aaecf1d03631e0d109d

SHA512
7a576b3ee6083baf905abee3db8c562640033dda6afb84088459689667f2937fec5252e5b8bb08273ffb473f85040d3529a47cf6c1b6c8e2075e05ee83ed0973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
98c553834a5cd612f42defc7f1264668

SHA1
bbb0b893144870d772fc105aed73530c4ac4b040

SHA256
6524414522348ecbbff162f0b286ca475ba22138c22e0f35230b1f26d0878fc6

SHA512
f9ae69526a3b0b7ccd5a4f78b6aa360c16307c3533d7c946e8c70734890a2af7060fb4d452dd009e12adcbc2925101324cba330c70c732759bd5574a56e316a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
c840ccb073245fa3383e9497c3d2f1c3

SHA1
ff271ff9c70b79449af93c5e953c3353a057a2bb

SHA256
7884270f2144d6f2e9eadd43ac129362d3ab25da908150a15071daad4c180358

SHA512
375d5161c9d47e91cac2c15c15233296df1e8ded7d82f44ce9d51b7d75dca49e3f6aee62fe1dbae590305420ebeb25e84afa17346f95b127c2c2cf37433b9d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ed39.TMP

Filesize
874B

MD5
bd59c48687bb3dcac2f18d71a48684ea

SHA1
1de2fcc402807b75c81f6ba6423d9015cb16a6c2

SHA256
554535ec49a6390a160d7cefffdc23562514d4a2ffb64e1cf6faa3bf8e147c9e

SHA512
3c710600ed88d6d61a6a921b33e01d57d5488e8dcd4745d79f848479598bbec5bb89644d7eb0f5712e233748f4d8f9a8bb8e3b11dbe16ae38c45342a8354625f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6d83e4138e03c1ea00ca618159c2415

SHA1
928324e1abac054db6906b3b4a31a0834b802d67

SHA256
caebff3c40b3c19d6f7ed685657188eb74638caeb34ecfaa36e922d8753312e9

SHA512
f454501c0c490c8f853eaa88b9d072e0ae694b279a294e0e3daa49423f980a40c4e5b64c7cf6adc9d9d4a19e1056e8899884ea4681b0db6b6bbbdc23a9c6225f

Download Submit