hxxps://drive[.]google[.]com/file/d/1nREfz0R9bYO4Kaiev0R2aCxoj5pd_M22/view?usp=drive_link

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1nREfz0R9bYO4Kaiev0R2aCxoj5pd_M22/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1764	msedge.exe
1764	msedge.exe
2548	msedge.exe
2548	msedge.exe
5040	identity_helper.exe
5040	identity_helper.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 4404	2548	msedge.exe	83
PID 2548 wrote to memory of 4404	2548	msedge.exe	83
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 2696	2548	msedge.exe	84
PID 2548 wrote to memory of 1764	2548	msedge.exe	85
PID 2548 wrote to memory of 1764	2548	msedge.exe	85
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86
PID 2548 wrote to memory of 8	2548	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1nREfz0R9bYO4Kaiev0R2aCxoj5pd_M22/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85f5346f8,0x7ff85f534708,0x7ff85f534718
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17956621752103232439,11404370382388861383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
0d17932e0626482afe8b6f310e47cb24

SHA1
78dd115cea950e82c6428486836b1975b6630573

SHA256
1f5b32a1afcdf9092cf1f0bb84eae0a6be1c8b4ddeb4d2fc4d271d1314aab252

SHA512
75e51a80add7329ddf91df268fe15a827931325283f15212b55a2dc41b76c1050863b0c0eecc4e7f20c069c0b8cf0c5b4e666ec9dca843c37a8e25867785edb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
7cddd2a4c797de9ab8bdf03ddaaac670

SHA1
3eb686cf71da399d0fe78f99c5a88a7682692ca5

SHA256
2ff6b5b3d5bab6f8961fa226b9890fc0efeffc988e3005df06a3e9b57e4bece8

SHA512
13d8f17fa3eb0426f62d823429eb93142030ceaf11495960e512d1545b5e04d1fa80908ae48ada0406dcdc7a74c4e803025b0c7eb75dcd3f335b5ec85b4e7161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
ed989ce23bbcd3f936e718678ca4f3e9

SHA1
f6a268c2e0e9630dd61d1a667d0b891fd03522c3

SHA256
c7e8c395a5bf8bd67830d4cb03f799bfa1cec26e5ebe9e99741a3ebfb5cae4ee

SHA512
8296e745f89a795db7bf555ccdf7b8849f16eff5ab9ec0b15b83673f6ec07fa316f2f1015f12d5912f695e76bf159d2566bdde9d2a608c6488b9d072a0fafa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
4e1dca7b1b25e01d19dfca6a44129658

SHA1
37974f2d7c72d7ae55f738bf7789b22219fff5e8

SHA256
b5efabe599a5f5c317c2af97ba1c99e490edf7fbd5ed810038f937b4a29fbff4

SHA512
3a996cdbb2c39909dcf3fa47be0f92576ec3292d08f880b0c36ec867ac9392b69c7fe102828c0618677590dd8effcca133f6c49c70ed66b103db90b9c81b837e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bbdb829f7c364334ef287d8a57d72db2

SHA1
ef929ad4205fe3c25847103d8a2f4ab5352bee86

SHA256
1e02e3360e390591ad49f0ecb88711b502d75bf1cd7b0b930f9ce37c825cd627

SHA512
100b2573f5b1ae2ba98c38065fdee9f93a24f5b19dece2e039e4e4a716d96e756b2ff7414cef8efde1a5814139ed98ed6d78ea814deccc9e7530634cb3411312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
64c716cff683185d19c9b337334345a8

SHA1
fc185dc5672d356d20d04124d06d720cdf5e3034

SHA256
5febd5d3af5e3221709ec70853db55e1d6e43206720a7546adc9eae9376600ba

SHA512
7eee9bebc54dd70f6c03ec2ac27be27fd63de358be2d0120cc3341eeaffb3e14327a9b6471d32e49797c439ed4792d2731e5999b130f6550961bdffcac033d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77223d97c2961c05de0e192cd08c9de3

SHA1
e203bdd247730a077d8765b2f520eb464c5deade

SHA256
a2a9e11b8a3e715a28c83b8c9490536a4c58e860888624fbe1ed368336249919

SHA512
c459975b22dc82e69bbcff3f1d9e21e56195311dad9a3d69f68695da7363bde5d0320dcfca8ff422e86a9bedb0df71a1f6ae52d9ddc29c180924a910e62eab5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db667843419f14d23c448a02f80518cf

SHA1
0b182d5771e21572a41270d239ae00b50558a579

SHA256
a4cae40db990f5a37598ed118327b6ecd514aedb1d24573c22851a88de18d9c7

SHA512
933d5798721375b5e7c6048af5d6e8a6568e9bbce04953954f33ba38fa7c488ab0705e3c7f77de14fb1da2edebf5b552a9808c6dee3259237bdba46f454ee5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
362844b243f9196265769d71564ce296

SHA1
ce8b3f8c20a49d7ed6fa285940bad449f54a455f

SHA256
e6036cadd2d3b6dc5c9a6cbd3b8de32ff1c5c77f0f80626d18f0da2a1c356d79

SHA512
21191ed92aaee9e47ee8752dd2bd94c17c84f6941b67318562617881135878ccc2049294480e5e4c561266a9e4003e30fcc21c45432861308125dce0d62f3874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4f4a7b319b33674632df57d8be4b8b6

SHA1
932558e7011f023720ea65e97df2809747718d07

SHA256
eccbc31a11ca8f89e4645b796a77c957449479f325f1b1a58b5d96bed7c6c093

SHA512
e2c4e5e031438b58c4939ebd3eaaea26c9e96489355917c377aed862272d4c0b2b1ef5c9e4608438d672443a18cf7989c6bd148c4d406604b74c2fa5888f300d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6edae9e79aab210a3fc977fa0e5ed324

SHA1
51e4cc51dc5bf5511268199a8ab4bde05e02691b

SHA256
f08612a7a6642ad1e817ed11b88ed55cffe28bd2e7523d1f19b33551518c5c2a

SHA512
f7f19d5464d15047cc6731fca98bd531857a47bcdde9a97a48a16a7ac5d5e22ee36357186bc55e3917b641c0bbcb86d526406dbbb330b4ed6d041b914cf71757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
19834c02d5650557816cca6dc68994af

SHA1
eb16715a21813dac656e666da8a039f2a5c039f7

SHA256
7b4f2f0a09b90e1a19eae1a434f7814715bd7b7c024a08c90f011c42c32c3ff8

SHA512
a436bcd0f9de14983939436ea0d538eeb4a46b8383350f547888d86068e78e6b411231893183c66c727ab4847f3fb38840c1217fa6b0d76eec0891ec85f0ef0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587809.TMP

Filesize
1KB

MD5
c5f56b2df799c091df4f550bc819099b

SHA1
93ae0b7006e8cb582230e8df53eb799f1a8ebd2f

SHA256
2132986a1f56c0b88976ec27551347543c4a47804a26cd09de74afa4b4a91dd9

SHA512
e60b6b9af92282fcc20995d6ee75fd0c16d49cd4ad2f3757578430da6486d9f0bc93f7a8143ef4946a7d1b91ef8dca73c82ab0a420dfc6e00e6737301e3a8c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e1b81fb0195d431d382b9e444937ef88

SHA1
0067a46820a375a8ba9b59ea488c6c52b51f670b

SHA256
588ec1feb9e98dcfe65c9bce4c093b8bc7e7a46ee29bb32e9ab157bd4551a458

SHA512
89d9a225bbe97e7c527940d4bcb3c13ab7c8898a53d0646f519c8c819f0105f34244ac183c1e73d668eb4f22b8b64c548ca13de4b4d0973842e1972b24d52487

Download Submit