hxxp://drive[.]google[.]com

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
11	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
884	msedge.exe
884	msedge.exe
1564	identity_helper.exe
1564	identity_helper.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1672	884	msedge.exe	87
PID 884 wrote to memory of 1672	884	msedge.exe	87
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4016	884	msedge.exe	88
PID 884 wrote to memory of 4196	884	msedge.exe	89
PID 884 wrote to memory of 4196	884	msedge.exe	89
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90
PID 884 wrote to memory of 2564	884	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://drive.google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe5ba46f8,0x7ffbe5ba4708,0x7ffbe5ba4718
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4137569917190174401,14367612797039626325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
709c6f4a32b317f6487b598788b6353d

SHA1
50f44d43be9630018f0bd2acb1528df07cd05b7f

SHA256
353aff71e8cf078c88c836e66d86be266ddbe36496a597b9b5a5a87d21eae83b

SHA512
4f33792eb73a792c88e8e2dc8bef7b00a2af7b1b91f4bab0cd5076dd2cb9abbb752eb7e60a4c6204d15f9bca1562915f2468b94e5f01f79279e1e7469055f0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebc024cdb324eb41f33c6ec63d1458d

SHA1
f623e96981ee63c1b6879f682c4364fd5c2265e5

SHA256
23b9bd7316816043f42a80784e7f247f3afebd3dbe370fbc702189a6a0dddb1f

SHA512
6971b6430bc01a36c48bc1e41cf8c4bed65a2890837f7778a896072159940ae739d11834176cc7be6cf6fa0f2ea9e6764c30cd23beadcc88c390e5573bbad097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
076b7184b83ce5a04c5b9986ed609e57

SHA1
b110fe8171ff10a639431be3d83304fb85f7971d

SHA256
73eb9d56f2fa7ab2b76743d2f8beb4c9ed5a250db3a335107aa2408dda120d26

SHA512
8b9fff73f8729185c1aa8db5eb0a783bc9a8e7c017559762e802ce721d1c3c8a07000bbf6b2d71c07551b11711ee602b9ee89ab99f170db92ad7385ec93f8c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e8b349ce3cb5bc459c45c4d1b10e854d

SHA1
7506f140b0b511058788f307d169a552348f8836

SHA256
2ccbe48bcf1575db8659f1c9df7ff7c4530d850e51e9a10d91bb74a52d19b41c

SHA512
103c84b4dbed43d02375525b6bf252470f9dc9c88105f8e48fb65952bc7d0d418592a5b8da621d6eb283905e34223032e80a1c433346b7d7b260b9ac05ec6d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ba5b523be5d03eff039fed4d0ad38912

SHA1
bf36f691b24f514985917259e031e1ec4be756a6

SHA256
6a25051dcc5fb841ecead842936d6425d2c396890709838dc004840d5059c93d

SHA512
8f95f3fe24f324f20374c9b58f17a9aa6709a6914d3b6e6033e5519f0685b59f7ae2c08f004fab7d8b4781a688422158f84bee98b2446f892b8f9637d085686e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
11bb6b1af38d789fa4d63b9922ac8f7a

SHA1
b3d47f0e67aa27ff2722afd536feba3afbd539dc

SHA256
fcbbf1152f25addaaf41b14ad4e18ddf5e6ab1b72142e1861d51bf6d04432668

SHA512
4dabd04b233550f8cb3214bfc030dc8a81a3e59f10de1ffbc9385b06f7be2b08febea75187d6862682ac5b2b1da2f9393b1f197abd0c5797f5d1cc83da05573d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
13f74499f34cbbdc297e9001b0862004

SHA1
1d28afc5cd077ed99aac16d49831c9117d2b9bcc

SHA256
a0bf6329e8edba79fade7ada35e5a40c644fd0f5656a354dbdf60631724113f3

SHA512
db3a1c6a7ea277ff82749f07a00e4cb9a050d9ad31bce8ab96e4977987f2ddad0bff2763692b16df53dd5604103958f485694e909d590eaacf25baf744e576b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e3169683d37ae1a01c39ed327c122288

SHA1
e5eb7951309ffbf9b6e02eda6409549bbb2d4043

SHA256
3be4884ebbf44f31310482b64f3a398b7d82e5d1206036dca7c9d3a2f2f2e477

SHA512
257ffe0ceda135ff227a54f6df2ca19796c27c5279ab467d6f00e7f8daa32dc099927d44cc33b1bd62294e753d88e3d5d5efec5fb302979aa2f6831a7f11cc92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
33390540667f70c212abfa89734d75aa

SHA1
40dffd9034890a2cbb793bcf7e972ed2570c8b65

SHA256
1fba1576faa8c7bac29a6ffc9d0129e39394642af011b002d564566fdc381746

SHA512
83c8a1d0feecf997402c55e730849334d20bea8d3f72dd6bb35f60c043775a4c914d80223f74fe82616b96862a102f2693d79624139d44072d07f7853ce00dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
50939a2bf05b21326da2ac348b0a4322

SHA1
7bb6bf04dd2f8418ea725bcbf8cf13fe4eb99299

SHA256
1fbb7c3167e6ed7fbc67db8d422282b64a68c895b5208ecc694790944940d64c

SHA512
8f957ef9430f4274536e587bc7bd73e63df36bc1897d2ff3419e08acba14e4581cf09cb02637c64db0b1eed60c3b0415c8852d657c93570dec91cfce7283c051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e038f96c03a183b1a55a5b6c6ce411eb

SHA1
c5e75c58bb7588d8a83beb3a50a9d8cf3a52861e

SHA256
28125cd9066c2f1ec4ea2fee9fb59d88a7cecb4d0cfa67a660b3423fa52f21bc

SHA512
903c3c66e336f563588ef60be1a6d299a80d89ce963b74fe4e18a0270d6876c35929dfb186bd13eaedafd291f32b34ba0c0acfe28c3d786015f5ee3958600121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5404c2ca8ccc278a9c687f5222e512a7

SHA1
5ec69515e679cac6acf7cc772150756101371054

SHA256
b9bc6b9b1f8bb732e2fa0cb5cbb31311f2100a2050659bb89341c6535d4a1c1a

SHA512
7029b191e7e68d1dd22613899efae9f437cf916738746b25b70309a8960ffdbeadc375d108a4f3ccc4cc7dc9af76a6b9c7daff2f9ee03713800dadb866290ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5e8fed0100a5c5875c7b7eb0724632c3

SHA1
1bf594927975d87b9b2f31a615b7529b860d7a67

SHA256
1fe76ef3f7a7be79151ad7f5415faff57ece068a5d60f5990e4f56c5204313b8

SHA512
5a844f93ac34bb3aa012cdde9a1378d707078ca702832c6790f6e46f11634db90a2ae2598d12b4d30d27a59771f30334698eb5e91ed1cf08b2abf893f27ef199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd2bdc70124bfd73e3509789e75d97b7

SHA1
e4b76452a5f41015fd969c72fc3d2e78ff2ff0ca

SHA256
0978ec937da70955e2392761364caf3b4c4d18e5771eb38d7a4bf8ab48b7805d

SHA512
1951fcca7b5d0beffd7f4b6a366ff8e1c932ec3996f03eae0a179e725dce250a15ac227c8e1bb17f4ac0bac23c88c58941f7d516c2ba5a2ba8d9ea8879d81f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
494a861dfe3fb61b7f6e9a8e1f92d179

SHA1
903db9c91a888cdd2a359e921ea2c1a958228aa9

SHA256
46ffd9cec0b1524402f64218ea9584cb751cd61e56eae54ac0ad61c55273c690

SHA512
f97bfb87546ee38f100ef52f6ee6d102d05feb378a940954a1953f5dc301e6ae7a91de2b2176dcac165a61abf867e06e3e31572a378b1abd9ea2768de76e7175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e3b00b5d8f6ea7684a461dc87e7c2dc4

SHA1
c851f9706b7dd7acd890af2e2a8e98b4b2e47ef0

SHA256
9fb13cd7200773bbffbbe89d9408679c25ec94ee116923cb7c08bee086e8d4fe

SHA512
02e11a019f5e60d29bb5c2ecf450ae4d2fe696706c6d29013aa50af7133cb5de66ba290ab788ed95ef790ac9726a5ebeaf5fc8fed98af9d6ed807edfdfe7a0fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
28f3851041631f6f3222dc4468d4ca05

SHA1
e64d8d4f19da3505bd72dffb5efac3f2dd1eb238

SHA256
1646fb422ff8d78f11aee98dccfd80f37eb09ac1b1d8023e83e6a2dee7d9784d

SHA512
cff708a9048b3c462658f0c25fd86c63a7a0d573730bd285c93234f3cba5ec074b7e473afdf918d0542b0ddb8f46752a447852018e59f788ae281dc0186bd1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
737f4859c7e20391ca2df1f19c8fd0cc

SHA1
973b06e2fa2ded362284af0ab806732a4f7bb378

SHA256
a318dd08da563902519e0915a864c7350fd6b0949524626088106ac8bde9bcb2

SHA512
bed0c80411c64d5d509bd37d0eb69777848cb7a1605111e78c2367e7a7e2b1f559c6bb24af75803c8ebcaa46c96aaa0fb4fe173a8f9c70325bddd377bd7fd69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
8d374ceb9b254a6abf98feed54c71b04

SHA1
d0893614e96950f516ea9ae10349ce9e497e2675

SHA256
2d09ac19395a824f0148a5c1bc4ab4a0ea66bbb2084a1b9a4ad84feedf00dc3d

SHA512
487556118e22688e377f960e365b6bcc50211ed0a31f766dc46fb8a80dec93a9477f2e0a554185235ae0c3aae12058a837321b88b65987bd9a023d15d7c9a1ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ac903cbf0162ce58722d9f0ff92744f1

SHA1
f9818fc6c3bfe8af84b9707f7582dec5cef455bd

SHA256
ec9055bab0d31a3e929f96dcb3cc94442533466b37056928e0d24fd5427278cd

SHA512
a4b266c8e4cd97b48cc445da4e78a38c3c439b0f4d779afc8dde810a9100581283d3543fe6c178bd82f8cdb8a18755d6645dba4e00bd9b04d63b7a244fd09362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ca83d4a6d57b3ab1800205664b470f6f

SHA1
0fd2bfa3ca51ebd655fd56a7dc63288ff56e985f

SHA256
82328220d6f3437cd1178ad596aa84e5e801bd7eb7632103211fb027e1a43dc4

SHA512
2b14f9d32e860ed3df1fdb2433a99d1ea77545bde5d5d495c16c65b97b9b70ccde61f41df327d723a3501f9ee39b4fe7c41add0c6ca1623934433112418c4f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e41b12257a78b52a90eb13ab375a57e7

SHA1
620c8e7771355684e32981861dd1769f755ad94e

SHA256
821183868b9d5228c386ddfe0964fc51a215de85077dacfa26825969d4458c5f

SHA512
8689830cfccd915264dc73df92a28d8060f22b9765e200aeef9069126208f254fa22b44274e4da8a7d9a7b7bc5a6ca925b5354ddc23798a8a5ed768f8bfc38d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
37e6868e3bd3800e763793f18194ca54

SHA1
1827abfde6cde879830a1e76da219f56871f1719

SHA256
87e8e150078d251f4438241e8c9d5639a2016bfa92b4de08feea54a620b524c9

SHA512
246591f3fabbecc24d385f75cf2d2ee44b29d51c97f40b824f29b15bb13cea60f439db4b7a6ee6d0419a8c52d15b809b9a82412480f244af4ec1769a58a796a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
db5fbe0d0c91d4848916cdbe7c3dbf79

SHA1
3b53b084c999aac8710f7837475c4b5dec7308bb

SHA256
549a53d4e5ae5fae394602764f897e740cbf45d49ef3de9404afdeadf0879545

SHA512
68310d38e2b015a9bbaacb0edecfef248025c980b3057b1c40c9524927e07e6e52f0dca9c6b627c7abe220a8adfc3435ccaa1208a90619529868a08ea7b0a624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ed88.TMP

Filesize
371B

MD5
70861c12366ca7e58d7e0833ef6d096b

SHA1
7fd7d1f805b13e55a30a1ccf81212231df69586a

SHA256
d9767254a749e1ed05aff43a5f00faf7b6dc41ee14fe5d68f968989c22f05adf

SHA512
7e93dc3bd0e2bc4cefc44684d981311e74bd13dd8077f1cf0257c92e388966d55e8e1b98f3796a59ba7d972c61068d140a78f46c06ae1a7ff375af5e9173a9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a535ad4bb7a8ebf3cd9ebc3a44601f27

SHA1
9cb4f9281b6b5fb9aba8913a56d0579969e6eb6b

SHA256
23ee50ad3fefecca85d513ecf952655b29718905be41458e5a57123ed1d05e1a

SHA512
de4b35e26e407a027792aa9a4fd0ea4b66b93973b7aa716ae87f126892d71bf83a44f5786b3312e80fa7fe37c845a34a230dd9f1ee61d4a85c9899a998b32981

Download Submit