hxxps://drive[.]google[.]com/file/d/1edZ_I_3H2v2_0dMEiLofmRMrWIarVxyZ/view?usp=sharing

Analysis

max time kernel
1716s
max time network
1684s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1edZ_I_3H2v2_0dMEiLofmRMrWIarVxyZ/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
2552	msedge.exe
2552	msedge.exe
1172	identity_helper.exe
1172	identity_helper.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 5008	2552	msedge.exe	82
PID 2552 wrote to memory of 5008	2552	msedge.exe	82
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 436	2552	msedge.exe	83
PID 2552 wrote to memory of 4624	2552	msedge.exe	84
PID 2552 wrote to memory of 4624	2552	msedge.exe	84
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85
PID 2552 wrote to memory of 2772	2552	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1edZ_I_3H2v2_0dMEiLofmRMrWIarVxyZ/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd83a46f8,0x7ffcd83a4708,0x7ffcd83a4718
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2723883103913289010,6229245352375761951,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6ee3eb72a1c038eda7084d3e9c26a318

SHA1
32b76624c3635f1eb42caa57a1f61305a623e5c7

SHA256
669a571efaa8a119411a1554489e9b5249d92a4ba68e06bebe7fa1f75f433c48

SHA512
be0bf64fc6699d145627f6270f4c3af053ee6f8fd2b65546b6ccc32657416ca1720a2b3511cd6d3de53e45e8363dc3d13d0bf30ef2e9df202423db9123a910b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
02af127a6dfbbd74b8f940e87c090c82

SHA1
6b31d991ba7e9c98e665e13f58f036810fa70523

SHA256
585ba93f96add3bc0a9a33f3876bc8d4b5601195a5e2f497980de9d3e88d1ff4

SHA512
aa47e1312c210c128dd5d5045fdb218443da5a868ebd1431e4fb45049d5b6409f2b6beffe37408bf471df0247d81d46ce89a18c23b98b7b627bce13d09612e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cd565dd386c9fe553e7f6d05002f5ebe

SHA1
ef568865aff7bd132e0e073a9705be2294c126b8

SHA256
93dad00b3923c92ab19fce9cd7b53c56decde72c44862b7c22f6bf1f0931e3f1

SHA512
f301ca5cf34e657843aeb6c843267906a7dda17222bfe091a85d70c1ed005fb405da953d0edbfee69d6db76a465dff572df58e5e257bf7b0a40ccf55c2ebf4c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ad35a74c3c7652528c317a6a5a927f0b

SHA1
eae8b9dbaaedaa43aef51bbdcc1d5be7e2bf0d5e

SHA256
f98044417b8c11efe6d1635a65a96e389cc18b1c78a8dd4bf071a0af9f6c9ff9

SHA512
62f521a42bb7fbdce7c4c43ff3db4af70152294012bd35bd97372c71bdd99d599eac94b6e5dc83c5738574fc05a123b1d0cc55005bce2989b8b5aefb64d3c2ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3a1af809eff60310eae261ae568de66a

SHA1
6997e038f0b27e09fbd7b6e8fd5b2fddabe74ac1

SHA256
3912f58b936f5afcf36aa9a396c0cdd948de9883c436f8d6635914e7c4004f67

SHA512
eaac92b979b3a36d41ec31633e8fd1f4a677b37ec83b781fa06f239be2183acc4a5e123a3c63a0d7c4d98d6a90db08983e99c905c7a98dffd98f2cb1d32c8331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fede285b86970f191001a045f0699f62

SHA1
f67a9bf15db91a8141536119b098a1fb2d86bdf5

SHA256
b46a6ea33c4db5caf6b2409e7d566ba4182deeb4fef9f7968905ac489bd1b7d4

SHA512
95289ae5d62f96eec4b00129ec714c73c98abba802bc572ed12174e6b2c5f97bcd9c6262a98e71a7e3fbec2fd2261569fae2f935f575bf649d17ae24c6b6e066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fbc3be3092d952cc7393801aab4f27fc

SHA1
82de9564acdac66cfd187675800cb51243f19dda

SHA256
87f62a5bd6fb2d8c896cb13e2b008d5466e9a4b8d8db715dee3ea58087536b15

SHA512
924e09c65b04614984196ee907d7306f90d705c5b1fadda5c246426e56e8f6285078e5a85cd7761d7b197e6ff13ae9782200625b761e34c1c983f5b164160034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d09ca553f81814fad3a4fd1b0afc22bf

SHA1
eed0c7d90662d8fa34461e5bdaadd36b0105021d

SHA256
b0accd576ed9ef5ee0db2221c4f2db97c4d0059f0fb2cbd67e3e803582220947

SHA512
41c8abe90d2ab9178fbe8497b29a1848059dbe446e4539c75a980bd1d20857c1a8df8b7a3ec3e9fc088b65718eaef1f812f75b47a3d5383bbf85090fdf7e50e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c95524f7f5c77251c6ee456ba5c47d2c

SHA1
9bc7fa8614857721a726e1c041e140db05048a3e

SHA256
fa960ba5d46c2400f01c3f8c42ab0be9e63f6a56d39d60da3c37c53da7924976

SHA512
fe15a823bb78a23f59750a5c73ecae402fd3941cb7371fc61b9234fbe0f7794d534edf0a9f7ea14eb62d0f8eed59f43e3e00dc3a10ef85499e8f5e650a15b441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a8509c542524a8a484ce7fac54aa4f5

SHA1
778013e70658dfd6e75927256a701b364c273269

SHA256
278a0d37cd812c67f9ea75281b33c25eeb04eb84164a041941dfb850cf4f5eee

SHA512
2c11cb560e0b1861e02472a19230855d549cefc1e038c885a42e3039a9513a77e5bea89c7c4cb64c4e7e7cf751997a9d99a2c1804daf38d3661fa4d425e03e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edf2fdd5f78111f08ba7b1c55af333d9

SHA1
11d5d135b88644c7bd5aaf344a17a423b5859321

SHA256
e4f67b5391867281131835551e0a7ca50d0e636142e04b93750c10c86444b3d3

SHA512
243e73fbff37b912e9d2184572041db9aa8244ed0752f480d534073b931fe1926e2a38f217e993bcaa0411b13d0984a9198108652870073bd62bcd328cd637e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
f99d3dfb72db3015212ac0ce63d324e6

SHA1
4dc6b0fd0fcde040d2522c6877dc3d3fd2eb437b

SHA256
2669856944b22c9d757ab3794295f00d597edc52ed700ae8026f57793e18627b

SHA512
c04d7e42957e966d1920f77a32dd29422d7100b9541a2bed64bc3cdb56a956134d8526d0837e68c0ff639d65041444c8f348d202bdfd030e7ef21818d98b5fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3baed6f72354bdc1a58e8e0fbd459a16

SHA1
a86e33628131b4fbdf288ddfa22a39a82ce21217

SHA256
0aedec2edb51587cb6560066b339ac40a8bd61bb69bd5ad2caf52918f2a2b9cf

SHA512
a16943046fedee58c36e6d0695032cf14868df7dd3194aa3ef7cea2ff6d7017b6240afe1f48e91a60bdd8f16885e4bc9912d2447a1717209ad92dd810717c165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
5be8a43e3784367e2e3729fc44e97bbb

SHA1
338f380179bf20c03aeb0c3a610d4c6fee5c2fa7

SHA256
f3aeeaa4fa9c484f9a0186eec0d223a2f8e4eeabb6a8f03e17291083a9542b09

SHA512
5626bc1d4f6b1180acbf3f645f9018607b3223e1dcd4bec7458b589d0108f0da3cc9e24ba5720c17abada797f8a812a8a12d1d1484b0768601d03045b4572b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
b8fc3dbc79e5b7e63509fa0bcc9fdec2

SHA1
36dd3e610a3f645c52a39b09bfb7bad31956781a

SHA256
df07aeb173d5e6bcfc98a7551d8587525125e1439c462519a1b42943775c220d

SHA512
99bda323b93ac0d6cc8062081bdfffc141a0896161acb666426798a727ef10dd5c1128edd10dfb6d09d28393bc0a15248f827b738d6db3c3c199222a2251b7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
efd9b8ba092300f10384627f9d2334b4

SHA1
25a138e2ceb62dc35385aab357caeddf60a594dd

SHA256
57baae0924fd7a2a9d314d9aa137ab8f8dbfc5dc41ef582c7e464db3a5f4239b

SHA512
f7dbd3eb26a0a183745331062a6b903470a252ea887ae6fb0bae1da329111e8f6351a11c2c509dcd8bc50f149d29b90c8d1c444263b9ac320c84bc12798c0226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
21e1eadd8ff24b1ae342b272f9da3b6a

SHA1
349bcf0b74806c63821ef5afa6897e83629e3bcc

SHA256
5cfc16986bc721dcf9db14324a500ade960517f47a6248190d1f2f711e9d1c68

SHA512
6e986281fc5c61a7851d6a070e0d460749bbedf67d55083e600e6c1abdc33c64c2e7d53be2f08430ce2e717fecaf71855d764a5d6f2d9d12d887c07ee6c0136b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
75ea35a8c89894f999ae7832671cc707

SHA1
a52feb7fc485a99c50a2dd71e8771c3d7eb51049

SHA256
098523aa5a3c55a4c85d86d02645002bb62d26c9c6cebee6afad14236d0003f9

SHA512
ff6c5d357fa4bdc6dfdd2b3c540fccddf80f05190eaada9999de88db2a2e10e62e1f2583146e8b70bc6ba5b5f0267282ebc667eb6620d6deae1f054d9c1690fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4db5979d4edb857cd9bd775499547b2c

SHA1
296d68ef24262a280f8d3b25c801e080a5069ae4

SHA256
21dde8865a5828adc4c1a055ad7bae38fcf8efe5d21f120096eefbca72eb9d14

SHA512
72a7f13a559eecdf00143cc58cadf603b9052e436719beb15bdf9aaad787282526d6a6d12edbd481f650fdee6dd4ab69e635efa07aec0752242fe4c9b3f209cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bafe.TMP

Filesize
203B

MD5
af6c143ab81858333e6b5be9d95396bd

SHA1
5b50610e100c3cd1b5710cb65de4a5de5728ceff

SHA256
cd15a551841f9ddd31d635e991debdf59dea5a50d313496a5b33bc39f0f7677b

SHA512
016570e8c2d07d572e0b3598751c5ea95e889aab9e65db72486b9d9566d2187212496b00522753bd6bfda7644b022f36237ac30653e6ca551fbdaef2dd316d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a768ee749fa44a1fa0d8e1f4a21d7ed

SHA1
1faf9ca260287a5c3cc1b6a2a3497ec314e231da

SHA256
fa8459a2ac053335c6ec7b9a0fa9a233acca336cc717cdd3f3429107dbf6820b

SHA512
5b38aac2c5d75e3a1b2d66d3e2e7f972202515b2f70f82eedafd862c416270d186974ce08a74bc97a43a1c7af6a632f2c8bd7b06019fff9c46d3fb9ef41d8300

Download Submit