hxxps://drive[.]google[.]com/drive/folders/1u-4Ap0GaEQ2dVh1qxqAFWXPCA3Vigooa?usp=drive_link

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1u-4Ap0GaEQ2dVh1qxqAFWXPCA3Vigooa?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
27	drive.google.com
28	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
1908	msedge.exe
1908	msedge.exe
2540	identity_helper.exe
2540	identity_helper.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 4704	1908	msedge.exe	84
PID 1908 wrote to memory of 4704	1908	msedge.exe	84
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 3752	1908	msedge.exe	85
PID 1908 wrote to memory of 2408	1908	msedge.exe	86
PID 1908 wrote to memory of 2408	1908	msedge.exe	86
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87
PID 1908 wrote to memory of 2980	1908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1u-4Ap0GaEQ2dVh1qxqAFWXPCA3Vigooa?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa527746f8,0x7ffa52774708,0x7ffa52774718
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1189716194768803122,11713699503771989737,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96142ba45f7203a8c4d877b2d70588b6

SHA1
e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7

SHA256
dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b

SHA512
fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b367ffa3cd6896506992c5bb8b91addf

SHA1
93c9bded12fd3a814e4a87d1ab6b102818a9996e

SHA256
a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96

SHA512
44e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
356d7b3c6888a54326526debb994d8d2

SHA1
9e9a75db14cd8c589ba2519dbd520895d2a44471

SHA256
b8b62d596cf53d492a55810427014a6c1e5a17522e24d0d49b8c072a97795961

SHA512
062480fbc0c6f286fbcbf5f1a86ab138eac5d9db6a2718e0ac4affb72d809c7e5535223c280717af3131926ff8849e0cde19b9e5c643c159da8722380371bfc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ff5a8f000ada4504e78a6b1913d3642b

SHA1
c7b27fe13cc200de0837d94b2a6ddf8bc99d3dcb

SHA256
e721a0b0dc715db9554c72b8a7cab0b5110fea4782104d08b2fa1c573d9439d8

SHA512
edfd2944a0476b54841942968565855e2cd121188c5fb808b42ea7db1cee6f73340e9d9be79089eaa59aad8bd46d21d8679c8455e0ff55f2f28547be661bd0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
68fb37aba6beda04b45b49fe96290892

SHA1
43b09bf3dab709cefd3ed423d24b9758f1a9459f

SHA256
1791d4ae1d479e93ef879a3a914b06df1a77203001ea9c60c6bb3ba3dfd9e1a9

SHA512
35bf6c6ead27b70a06d89bb84425ac74b22718563d878d712b4b8dddceaf2230add6263e20114f6d89d8d3bbf099363a8ba6cafb44b2a226eebc99590af83b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
50e4604d718a2a114d940d610f218b1a

SHA1
29d4d1285a7fdb4603921497cc41a591017b7f5c

SHA256
ef567a914b92c07042e1d548cbd63f4fe08edb6b6c48323de2c30ca2f64654e0

SHA512
f771ab74eae17590d19e72d6e8d3b740e65ae95054152961b72c6ee33988e45f9aaf19f67b1a59725032259bf9bf6df1f6c85dc48c74bc8048fa6d6afe0ba936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f28a5b09be57bf5e255fbe05173178dd

SHA1
780906b0abd286b5793ccfdbddae551dabae24a1

SHA256
7b5b6a3afbd369d7abce3f68d9f7db154ea73f3fafb72d4c7ffef4b7ade3baa7

SHA512
0a62fc75c5a0e0fca8b83bccb56ecbf2d9f8976f80e9c00e821279e8875e2d146332581621caf8734afe991071ea1c1d619bc535699df0f402887d3c91af32c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
43d86d3a7cb3e15a3caa9483c61a098d

SHA1
655256b3305f8b613be79cf5d4dd12c2f147863f

SHA256
b892c36e2f9cfb5e4aa88643c3805e6955f9af6aa284f620f8174c8d4fca9486

SHA512
717031c607a76f124fe68f00f10635748210ce8e8035914c3fb9abf07d45bb93992f54260c717426f263485bebb63834f062d2dfbabf3c73aa17f4e675be650f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c0aab6145588dcb59b7404d995d89cc

SHA1
d22f4a4c84c7b4e824b39baeaceb4a230697bf4c

SHA256
32394d5c394b6066b0c74620ce8b5422ef0d69d2f33ddd77cd8f07d2a90a40c6

SHA512
d4a9bcea11337681221f3d7aa6bea8349613f3cd4aa12865bdc511bd09973907abf7d75d154cc13bc7649bb1a57544e3b1b9dd1b6aa04f553948772eb4552e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
154300c235c9a65ada838979d26c80df

SHA1
cd64f23f9b0c74c1cb32246db9d22586244b18b2

SHA256
72367fd252753a8760b7eb3a6fa30ee0b9cf660a127eb226babdd450ec8168a9

SHA512
88a72505215392989fe416941f232be0f2aa42da87a681ce074b1ec63f37543c8e97f8693baac98603b64ac363c87ec318f90f1db8d51166e6af265adf1eee99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
852d886f30a60b001ee9e16d15da655c

SHA1
713ae02473e2af931fb4455db3be07a00c734e97

SHA256
0c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68

SHA512
09625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d77188c8019d53b4c0250cbab0357947

SHA1
cefd4f93767b2ccd6f594b8d9e3407919df59e04

SHA256
0efcd3c65541bbfe4ff271ee690eb48034091638c86fc6bbe5efbb6f92521d2c

SHA512
2394bee47dea4e3a24954881a512825327df00023dc71a60dab6ec0175320ce4c7d39c60ef412770a3b813ba4d758c065c4e8b24b69777c40983556c75249435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc0b2cee138a9ba45f95802390c8dd5c

SHA1
3080a6d0668794cf8baa37ce8d0b277a534fc6d4

SHA256
8e8d1cb7d8b19276d5ffa80927c25c4e7f8f5e24914ef03600063c1f443f276e

SHA512
61e416828e2fbfae6c4cfebccc1f0bbf9711eb24e9073ad5782749e5f6f0fd8095dc0b84040c574de8974af5cc5f010bae74b50e36bfe805fc51247c92cc8a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85f40973afaddb4990275a1e08c2a261

SHA1
a0d2fc23c9a41238aa729bcb7a98481cb2f21b1e

SHA256
01433c2b154095295dc753d929104129c5a667e674eede838590767337fd63af

SHA512
8f59df93ca239eb048104e864171788106d3c8da63d0262b6d8105cb333076cea945d04acff21eb2f645276ced854c1a345dd68f17270efe5e141be4f0474d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d38892d44f3e86205d5b531a393b7cc1

SHA1
5ee973af90760e0c5ec156d5f90551fd296192af

SHA256
32109ed3376c3c55b80b067fea591bfe6488188830a6f1ff8f1a5374ac610127

SHA512
f9cf3b38bff4d4da8da7e21f2c6e320a9fd262768138063a128088df58d6a990a61bf702e024b517f2a2c017703f3455b0677b5031cbebc61f9531d6c59cce98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0771018b2f97c3a64a45e51fcc31d90b

SHA1
1da7820081f868be18da153a0d4afdea4b1c60dc

SHA256
2f254eb4843863af31ea3ddd45d463ffa9b78a4b2f0a8d5ecc043021d9c5aa62

SHA512
d7e6d58fbe70c1969b129703fc3a77e0051da25018dc85d9f2146b397bc74afbbb6c01c84feea0b4bcfa784a511120da50e9ecaf181185b8b27ddf53d3dfe84e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5828b1.TMP

Filesize
705B

MD5
9565b1cfa6c06d4735d422f7f5bda395

SHA1
d8522aa92f6156ea2fb51acf45e0cdf7faf28d90

SHA256
ad243b34a5f83b0a6092096f47a8ae4caef10547b72969b877b3383402199d91

SHA512
23fe084cf81aa6c92dc4a4c0fa9318dedd90868b2f8d670b310fc088755808a1ec948a841e3e92f13067cbe7d23735ec922a19d972bc6e72a1cd755bbe71d0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c8bd563f8951554f83de9780c97f0db

SHA1
a6a045bd22b9c9b9b0dcb7d6a6cb994d728fa0a6

SHA256
5d6c751aa40d79dfca5e2522da19e91f12845d3a10f81d35ec7ea73c72c01d66

SHA512
50431988e0e4ee2f855e240a42f2c891cd0033405ef36da6c3fa2fb80e78e2a106e2b7fa5f19bdf022519c23fbed615f14e057e2c690b2ab469218a528a75539

Download Submit