hxxps://drive[.]google[.]com/file/d/1o8mqujhuvuLVBwoqzeDDfyf63PJ72fyb/view?usp=drivesdk

Analysis

max time kernel
157s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1o8mqujhuvuLVBwoqzeDDfyf63PJ72fyb/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
12	drive.google.com
13	drive.google.com
14	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1528	msedge.exe
1528	msedge.exe
2352	identity_helper.exe
2352	identity_helper.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 4400	1528	msedge.exe	84
PID 1528 wrote to memory of 4400	1528	msedge.exe	84
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 2628	1528	msedge.exe	85
PID 1528 wrote to memory of 1992	1528	msedge.exe	86
PID 1528 wrote to memory of 1992	1528	msedge.exe	86
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87
PID 1528 wrote to memory of 2620	1528	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1o8mqujhuvuLVBwoqzeDDfyf63PJ72fyb/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe1346f8,0x7ffcfe134708,0x7ffcfe134718
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18240497827566881162,2388449443715550791,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
163af0fa9856105812b968dc4a1a82c4

SHA1
42e6414febf7c4cf0ef04e3985827758648cfe62

SHA256
107f88d484604a404ad1b0e096214e67532f839420566a8c3f6262d40a10dcfb

SHA512
fddd0e65c82579b80b6d89b9b8aa37391f4588cebe395d6e4945f102089af4f841e84533f0ca224838a3e6327973ca21247187b894eede10bc7b8dfaa034703a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
cd1b64383109d2f4b502672f0435bbd4

SHA1
633ee42de3d75b90df3b101e70a9f03106593666

SHA256
e186103c5a6130be451ac72c3d465bf590f00a592b98e1fb37034581d4391e69

SHA512
500494fd73fcc2a6a59ee26d028054ee1451927860157338cfcea979553766e0f5a524bdf7fee0829dcdcf1ee633d577c88117b71aaa0e910bf7e10ab3014b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
0e128e435a98d6070dcf403c14de07c5

SHA1
3eec787c632aa68d2d28bddd22308c1621cf5135

SHA256
2864c7f377cad60dbea389f8213ed745002d6a1006f87ddcdd439c8d626f6824

SHA512
02e73bd63fb250b1c9fbe860f3fc0bc11c4620de834ab91e5f9d72478261f0a80551ca6499b4c134a4a98499c502c984b9963e2364086fb25f7ec1671dbc6366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ffa6185e2098b6e09343bea7deb8695c

SHA1
fd9021ef4321e13e596105e0b04ae982a0e58e95

SHA256
4f8d38258628452bb33602fe9f0364fb328dea9cbaff5c40ebd8d95f90827296

SHA512
91344e52b04c4d1b833218d4de863064ed10ac9665b007e8fd352ced24cad0e1ae734a249fe157968fbf38e0cf8883759936e12f5c948f5efa45aeb819f8f1d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
912f6d6a8c49c16495ca5fbcae76334a

SHA1
6e5bf2daf583f511215e3f4266e670aabc34861e

SHA256
61a7906e4e1261da3d36db478b200ad2b5d86f81f1c51e2210d042907d68ec46

SHA512
e4ad165f49808a40aceaf9f2fe4d63605001eeec3fe938b08f92729a1ea2dd7ca1e9a1687b98b75b1c638184557b35eb8b350e5e1ee8f044f1614826637856da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14e030abc29ecd5d6cb9b4e0a6a283ee

SHA1
f516b58f428b0b940d42e2f6ede5f751f4c00575

SHA256
837cfe7e3ad3e0851dd76587aa219d3f521fa2f694c1b1c1c8e474363cfd4172

SHA512
f4cd9e03b03604431cca67996cc0d1cc701e1047978c8b9a4f31770d3f051b7778bbb0985bc04705eb9c6332e2f5895f66d5648708e98ebe69c1788c077333ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
967a218eba117e1fc6836dc85f3b55c7

SHA1
ca7d5a5541d31c0d8590d5dcef6f28b1f92be4cb

SHA256
9524a180f4277495424be917e04dd1fa83b0235abd6028028949271c91447277

SHA512
cfb6db0132fae3b9db2ea9629b6ca4b24fa935e9ac38ce983ea5c665935f94ed041b11db06544f9d4660a453ea59d0a848acd1bb3dfa72859c5839f496df7bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6497b50d448664a51d12a38975aef2b0

SHA1
ca7028fccf9d7870af0edb31b986b43e3844ef60

SHA256
5fea55784b2a010df6aea7d74ed301acca959768825f5c297618e0794673fb81

SHA512
164557390d737c7646ce3186c2ec348c815aa36a27cc07fe8f1f861db84d8abdd6e9612d0f7c9499f4b2faafab3efc9d3f051033404e2d2f84bc9b72292fac3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
187eeb3f9970eb46abddbffc51d757f3

SHA1
bb53171ea5125e6fc2700c9065e368077fcbb3b7

SHA256
c59c1400133b9a5b32aa85b456701585281c2cebaa9acf542fc9913e4613bebd

SHA512
6d4eeb12aa2db0d7919d77bb468fda8e0bb70f66cdc3c260bf428bc796f3932fa9ab5c66b64ed6c4a7225e6dcd6e2339551999de6a9b225d91663b83eb11f95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
093c2ea76adfffd575092b4a33526c13

SHA1
85e3c653f43def33aff3672538483c596834ef85

SHA256
e89fbc40e904b9a86077d27f6abab7ae432dca7f4db14b81f91a641040c40f6a

SHA512
71764c0c127a3ddce4ddfd02e62c1dc6fed7eb139d6fc013cc5192364fcddaf2b4741cf984de9cf1fc5ef1f9912193f34859bdc741c61b81da4814808b470880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
de789c14dd305d9a1f892b6312125be8

SHA1
db83f217a46eef227413cd904f60909f741225b3

SHA256
f1dbd6f9937d3fd853224ba3a5a981e3f647c9ae9a8a0f16587c6410071aee06

SHA512
2d757013f46a1aba535d2f2be57a10a2651769112b6ae5dd8742ae782e86c1aa9b3118bddfc3c6872bfdcb8d520fd9ce2ab2daf84a18cf7ca49fc2e782205223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
51ed8523561c2e02bd0b6a9d92311210

SHA1
66577ccf060a8153293dd8df7793c3d094655cdc

SHA256
324fc0daf11f6c70024f54004365c57d3fed6982c640044ae6bca7533a1073ae

SHA512
fbd4bdb26451fe0ae7552307dfa14a9d1baa6e336f3a36b38db70b49d6195be8b815de523c8d78c7547095e53f1657a7aa41555f4a34d82d3b9cd994a6c0915f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
5dd8298f6925e8b4f915d213015e778e

SHA1
0c4accccdf30966c499d51125fb3663b56f66463

SHA256
da046027f63bbeae272b929229f152859d148f138f2d451500d4b204674e81b0

SHA512
1c06c4a00701e27f4066fa599440c285e014b87d91f03b3a2dfa6f100f924f7987035db801493f3e18270353903a17cc9d1af918d886799a20ff0d07e020861d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
2612fd75197b74bc785575ecacd91427

SHA1
4d81ad6f7e35878a591bfff6baae51eb568539c1

SHA256
986aebeb4f4d7f93ca3d6acc97761f3ca69c3b0d45bb4d63421fd71411272e65

SHA512
2d3d04703412fe5fcd67288d19b8be7cd5c457530743dcebb81e62deb03b5cefcda6d90f9cd785ca1591a3dd40d1d3853ef0614e36562d74d7b0f49ec992ed0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
df9a594799e3dce1c1bb7eefedadb936

SHA1
31928a1f3804a661d7699dcb774c61fc378dcdda

SHA256
b0c6f3d1b9e1b1c74a579cc12955ff7063846a9348e6b1646c19d110d5fe1b93

SHA512
4cea52dc9b673595c7197ec09b4cfd89e291ef6f792c3270e9f1b26abd440e6816361fa0dff36eeb1e7f6172b8f437b555adb348d22f87491dba809e3b664b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
5e5e11622c8e15cd635c3f65e4c4145e

SHA1
e857febbf2647b55db9cff3ca354ab460227bd7a

SHA256
fb307f78af96821b8bc8438f52caca526c40692ffc9a2a686495d1f3b6750e09

SHA512
2d097b8995d6a0d74f8eb8dc74fed1f75fdbb0e19efafc279a04d2a1cd987df32299f4446fc79a3197da5ceec8ab1e61f8255094cfc8182f07b9441a0c53f9f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
8c01f7fa139eda8f28fd8750316a9685

SHA1
29649ddc02fb4e3c886e5b7fc5ccb1fead5fcf37

SHA256
f9943863a13d18628c4b6bdc35c4f9332f51468f365c736063960cd12f547d31

SHA512
4c645ebd9c9348e2e7d132694596925213d4230fb1a8d2860aadbf6517e3f81c367b3f492a393edea4c9dc209c54b108a4fc606e799afee201eb65b95ec5a715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5821bc.TMP

Filesize
203B

MD5
bda3c830e18ed9e0f76c56ab9eaf5981

SHA1
29895ee1e30a19b4a4465cc581fc0324a033b430

SHA256
b82fac738347a75d036dceee6bb7b6ef269ae4ce3205bd533a2ce4d965944550

SHA512
67dc8e6db14947d1c39effbdede51e1a7e188cd8a47f4a9f2731b8bbf53264d3b303b939f88b8f1f5cb6212ea57b02df94d56b0c461c2e7d6a9f435e025f3596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c32cff3e-06ac-41e2-84d0-6493ddb59df4.tmp

Filesize
7KB

MD5
0f036fa71095f7c59e5beda5360e130b

SHA1
219ddf146964cf2f78733e324e97ca200d9e63c5

SHA256
c6c944e8625ca6b4cce46e47dfd935d29c02cf6d6ee427d9777c3b174ee7034e

SHA512
5c034e929526924660f19a0ed165f089bb14353997dba11594e7af7f0b4622f050755c1799879dd069926a9333b3006d207bf24542c48061815798a6c9a43a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed603b797caba5fad6e078c83e7c0dad

SHA1
33bc59848dfc6b6e1777e6e50a80191d91330b66

SHA256
9cd2c3765f5c7d1f7a13cd96215e3cc646d4f2cee03a88c903ef741b04b2c2e5

SHA512
462a7ac514d87c8b696f0986b4d19c383058c85c7058c16e1768917361ea96b38e305130d224de3f596f93813bb456ad7543fee2da51d3f9ea0ce5cc34a52273

Download Submit