hxxps://drive[.]google[.]com/file/d/1jzQyDU41 WWAZRucSY9pczPInvmvHtmX7/view?usp= sharing

Analysis

max time kernel
147s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-08-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1jzQyDU41 WWAZRucSY9pczPInvmvHtmX7/view?usp= sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
1876	msedge.exe
1876	msedge.exe
3792	identity_helper.exe
3792	identity_helper.exe
4644	msedge.exe
4644	msedge.exe
1168	msedge.exe
1168	msedge.exe
556	msedge.exe
556	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 532	1876	msedge.exe	84
PID 1876 wrote to memory of 532	1876	msedge.exe	84
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 336	1876	msedge.exe	85
PID 1876 wrote to memory of 2108	1876	msedge.exe	86
PID 1876 wrote to memory of 2108	1876	msedge.exe	86
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87
PID 1876 wrote to memory of 1552	1876	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1jzQyDU41 WWAZRucSY9pczPInvmvHtmX7/view?usp= sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc40146f8,0x7ffcc4014708,0x7ffcc4014718
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9448294943233267867,16723946411303646751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
01b4fd2233abd7794e770f0c2d54a1fe

SHA1
c96b633faa906f54fa4d529ad8d26e7ea9076c08

SHA256
bc4fdd4ce37a1ae3ec0da59ed70f7713ea909282f816b5f7e49474e59fc67151

SHA512
c481b63656d3763aa99369cccd24cd45a53574a7f10083d78e09bd1bead58eae8366843ea172b76900a9aa0f3ada3818fe95e5007dc2305661f4c47a2171f8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
050564d1f9ed19f9da106a8c89576bc6

SHA1
916341d6b6634859ca830042dcd404d5a7dd5c3e

SHA256
ea3306d1e57b98e953555e33e17b496325bce9b6692e12546bdbcb35928e5360

SHA512
1c6ef6d3bd2f880eeab78bfb79aadab43fac6806c389116851f6497da9e4c7dfa48a65ea0970f3457ed603d2dfe83588f90f54f96dfdf4d63823852e03a52e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ff98c17c4f9dfdf5a81ae0819624b50

SHA1
9de16180a07ca0fead99978d8800d55e10346961

SHA256
b07c1bae22a86df94aa66e898cc32a718db8888cdfff95f22ef1fe32d7ce6bc9

SHA512
c5a139c279a9ff2e5ad4b1176d6a563d7f17e5bf4e0efad8fef6205557ab1a666227d9e1ef1b3e57abe2ee36edbfdc58b2505eb9a675e6659baf782ebd4afcef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39012a32e502eb708eed00d49a63901f

SHA1
a12100b50ba6e4d5d7bd3b03c54a6a3550e416ed

SHA256
6fa3e4cdd63b7fb2ed8110515f121b4a8dfde04c150ee96f5b9662ad7bfd214f

SHA512
bcfba2cd3a1039ba3eb641a0b045187169377d8bc5d7e14e075a69b6736ecc2d0190138414cf489bc540c3ebee236d16b5e9bb09ea467a3f0cd37e29d99eba07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3bb80eef70fc5f87e20cf9e7324a8b02

SHA1
6f09c0e65c99d42b999d68d4e8648e86da6f0be8

SHA256
b44e88bd7fb9fb6e8f4608d4ec793efcb328538366c0135f7770d5228b4a38d2

SHA512
13a6181fe93b5dcc2fc19129b48f0e5e7a4bd28232fdea4d706271f157dd6bb4b1813a61258d80d006869609fa621d2da0f7d77c5df618aaa5097568f2e76113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f794c560539e22f26200202cd5ba3c13

SHA1
286b124ce7cf6e78eb30db14bc4bf99617d46a97

SHA256
62b99a802de1019c7f943c878d9bcd423830dfcf694ca809b3efb233396b1976

SHA512
08fcbc1916a6ea1c35fd13d66ff46d283b83016cdfc70649835128674105475138231b076aaf15baeaea11c762621ec7243362cf30109c070cb27b1236039b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4d208521d7c707623f42bebcf780f863

SHA1
e46aae5b3ff9a1eb5a1543a8f07a5b02847df338

SHA256
cc1d139c6266192d7c1adc26426cff62c9ebf153550f61e680a0d8ad3d91b7db

SHA512
917d04430b333785f30d15288b188ae1e12e5e3d9da6a123c1b13fcbb87b70e51653d41ac12a1c31c7968b961d08d96ef185f1b4cf68eb2b6115148e2dc783bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
64c77837f89363ef3a6f70c91465ad69

SHA1
8e38e97558865a0dbd5ac582e0b98ec494bba1f2

SHA256
ae6e09e7aa1872d86ddde800d9f0db375555cab319e6c8372fc259e9bb99b1d8

SHA512
1aff4e82aa7296ad750d96439f1dd3928d61cc4e11d928315d38a1042b9ffb7088bbd638cadd3bbbc0d6dd858936c0ee490b178b7dceac94635662c2e492dd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580347.TMP

Filesize
204B

MD5
d33aad6d14edcbe62f597868ec409132

SHA1
7f3a92b3915472c3f701ac12ca50864a8b99e4da

SHA256
51577f214f507a8777addffd09a3bda9d8e5c0401dec7d754aeee3a0f710d4d7

SHA512
7b38f59902bd55fe1ff58c13539901ac9cc71ad59fccf633c771ebe71653b0b396dde6d469fca7a254a975c01084fb345690eaba998dfb6f8235bdfc1fca394d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
be36ec7824cc34369ef3498c79a350c9

SHA1
3d6340ee32522ee24168d0b68b33f4c9dbb05a20

SHA256
4485b4e656dbba41443dc6a3007578bce75534acd1ce53d716e7507a7e11bd50

SHA512
8167c2ab5882ace98c91bd31b42f7c4785f13c0008c0359ac57459ac83b97fe0ee0befe13accfd83257193f4a1c5c2ba11c91af5f38b7cf3f6733279c2095f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e0b25166a3855218416a42bc6becfb35

SHA1
2952262298cd41cd7de17a7a40f215791ca7a879

SHA256
dfb06258a8c1735cc6d2929a25fdcc14db5cd23f76c7fad6397b606fb5b73cec

SHA512
0f879d12519057a81e8546af1c82f361b62133894dbca43e3f136f270544528e6cf16415abf6d5c26df73079cb6d3ed754e9bed03c63c502e91748f2b313ce70

Download Submit