hxxps://drive[.]google[.]com/drive/folders/1e79dtxUZzHZOgkbC-raDOb2uLqN-4MUM

Analysis

max time kernel
1013s
max time network
1021s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
14-10-2024 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1e79dtxUZzHZOgkbC-raDOb2uLqN-4MUM

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2584	msedge.exe
2584	msedge.exe
2268	identity_helper.exe
2268	identity_helper.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4664	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4664	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 628	2584	msedge.exe	84
PID 2584 wrote to memory of 628	2584	msedge.exe	84
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 4888	2584	msedge.exe	85
PID 2584 wrote to memory of 2480	2584	msedge.exe	86
PID 2584 wrote to memory of 2480	2584	msedge.exe	86
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87
PID 2584 wrote to memory of 2956	2584	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1e79dtxUZzHZOgkbC-raDOb2uLqN-4MUM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffaef46f8,0x7ffffaef4708,0x7ffffaef4718
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6711569303278739886,8071977169628831700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
28KB

MD5
78fbaa6c69ccc961b8ec438a8588001b

SHA1
990c7f85fd6739a39ceb934cacbddd8ca7672627

SHA256
708cc85c1b714f37d78a73e237276b2525f644e3e5ab935d7671368f21c2d4d9

SHA512
c9b167bc97e6a65745576831721bc21c1ebb4ea9545643f2af6e7b4879b5930db85991013a12a8debf645f3b152b9c27afa619c245e21d35d9cd66b1347a0aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
387bb6c5d163b86c5fe9e30cc392d3d3

SHA1
2371081618bcec4f951d30ff22042340afe9207f

SHA256
bc5c3cf741b8621aa581147bc2455e5223d0be3af68cb9944df47bcde8112709

SHA512
40fb52aaa2dcbb726a6f530154d199ce3f6c311b68d8bbeaf972ee73a9571f843cb0705749e28f664360816814a70b94b5591a894476ff5c4f1f7f1e9952bc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
1c18d69b2ef211354bd55c442146728a

SHA1
b22b6fb464e20beb75dc7de68fb62f001f5675b8

SHA256
79ce9925664ec3069517b475d1a98f987f7d946401a225749f7d5c6819e30b75

SHA512
b309b29fde359b589b44a059b0e3ee7688bc05c76a291831d8cc30a6dc7a6d1b143d4118ca1adad70876fa5d3a77f8e84efe83d904b6dc46043c8aa02516186a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1fadc9d818982caef6cc5cec5653f4bd

SHA1
28d5564fda6dbe7cbc64ba332404f4afbabb8309

SHA256
1951d86f27a9287d03007d4cce4b515814cc67567667b5440d1e10112da1db23

SHA512
06143ee39d8c671d407087c8d55fd17125ef1b76c5d9d049924cc63af981e9da72308bfd905f22c989d535cd8e4d50fd86db4fa6602c9dfb3ed16c788885148e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f60149dcba6727f9611e23cf1400588a

SHA1
307746e9679c46b384ccab527444b0ae05c4a410

SHA256
b7f28471333b27c75504418030101a7d4da28913a2e19f6476fc832c1413cd6e

SHA512
eaca89669dcf55634ea785680177087ef3519d3484e68b480be33a69f42a08cca8fda2fad0c0fb56bd0c463b4db7d49d572e64395fe71b8a60c8c604a53b8bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d9aec507fd7f36a65c8adf24aa3e4bcd

SHA1
7663fd72738856b43d63b9003e71f20303b797ec

SHA256
61636a63b348f04060eccbe1994e742ad0b64cb0ace743fc7ba6141d8854b047

SHA512
5be1f11c76af7c97c750e9748d048c4beb07d20860043d3c2c911274a93ea6969e62c79dfccedcb422ceb6f755c5af2c0d14d38163f5d31e781070a28b3ed28a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5931b62062de66cb64506e2ef14f63b

SHA1
982c3d285f80829ef5c506a60bb4738465a5192c

SHA256
12dd54f3deb34cac62645fe07470413fd7715f7f3b93f504b4889079f35b3835

SHA512
490b57aabf19e197e8e3c6215c622314ef7e28cc9dc9aed9e8725b83ec6003105711c428269aac2baf7b6996829360d4b7acdf69702bf1b1a29b81873e043717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c4eca804176f3519b5d46ffa6fcff68

SHA1
cecd405672352abd287191a7d67df397775ee325

SHA256
888a7bfd68093492fdccb43d597fca0ed0b78407702581e91fb8b98792c9b035

SHA512
aa9c8cfcd91201e3c75606ff13fbc2b73410649929afe298e6973e0032c6865295eb9fd4f8f05a8459dbe426a794e086b62bb956b5c1f287a96f3406fb1c5595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
cf247213da0541b35aecae8b3cbc68cb

SHA1
2d405bd1feb3ba5fa195257376bfff339cb982aa

SHA256
3ab835f63549cf6234b825b63bef8fb0460430ccdd44dab6693f530a4ba97ee3

SHA512
808732ae75d2801c08e87d86c5ef5c87d14e725d41e69e13c0c029dd359cb1b22836f0653b986e57c2215702ff506942e0e8fa2c053411f05705b7b90bc108a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
33B

MD5
b0195b619cd45d0f8af48fc59c3d7716

SHA1
d153ae8be73da841309a68f26d26642d05ac20cc

SHA256
37bb3e6cd75d830156a6934fa1d1516121b37b4a220705fe32adece7b7ed927e

SHA512
6d917a97131baa380386bcf2c83dffb97f832e85f9510db3df4f7cdcc35396da58e5e098fbcf3fa7867b7909c09158d091ac0432919ca685ca5c7966b88a23c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
97b6bae6aae050bf8ec4c613dafe3e42

SHA1
452e48ec636004f88426d7d25805723b2b7c5b4e

SHA256
17f98452b95054cb9f690d788cdbca239b03a296c05681ac4bf13d061b11f96d

SHA512
5b3ddb4b56ba64ff64fae068ababcebc40b233a3528ea958775496e47e4e5d55e1b12b9511e43cfdb63409af37aaf46e2289f8bf029bff98495e13795580db17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
6e3d44252def3f6f0fe69d4739cffef2

SHA1
4d99fe557ed4412d914343336da797044dbb500e

SHA256
0fc8f7e7b486c1e31a67aa77882fb1a613a07ef3ba2fcf07196b7fa5011524e3

SHA512
7b043f0ef6a2824ef08952038fa69c515438cc066d7d9510fbb4563874f0c5f0247c69399f814c064aeeb825daf9241b4c321b03986169c1246ed63f8975d5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
3e1c228b03bc8b6b25d88ecd3703bb8d

SHA1
13f24eae4149a53606ea25ef0d846112fcf51753

SHA256
1d9de87606e65669137b237604e95f17d435531ee447aef4866fa878f52f6f19

SHA512
a6299896bb69abc5e2c246ff2fc90293fb5e2be6f01bc410dff7cb357e56e3d3cc5c7fd75a4e5c8993bb5a7f840b010471fe93a88c656795201f2240ddeeaac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc2b768460ccbfe21abef6e9771a11bd

SHA1
dc4457f88a32d69cb33b000ae0bc0e85b3e852e2

SHA256
874c256c2a7a3a61273593880cae9c8bb131006e57832685d5487c6e70819bd8

SHA512
1ed0dc126d2eb4af002368c904b045f9885e43fa288e615dcdedded21f5072d1b56062c0b8053055cc992c93f6ff0371243e9f24d4a148231b89b26af2117a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e6b80625b764cfbfb5a91160139a633

SHA1
6db6c8b7e0400b4aa4554b6566064c2e6113a7f1

SHA256
ff75d113abfc9dab920bbe814cbe39abd8158328e5c0ee84853a69b097527ebe

SHA512
a657402f8f10a27b5745336b2df42e639182cb70ddaa0938683b86907cec2d2f671e7e48168fd46f1d2fcde6fdaf474072374e077bba08fb8fa8bde4ad6cf477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1cb5c6e3f44a9489af63e620564dbf47

SHA1
1628563f0071ac774dfe43ef06fd322566e90f6b

SHA256
518e5b6713b56ea554511be55c35013a94407acdc66357cfeec98164d6712e8c

SHA512
dc20fa65297ea49ae09e309e29b23065ac9b45633e4cba2b0e2195ad3ba3e56b88b352acc6aded9d80f812b0c5d4b1d708ac4a47d2d8a4f29e11cdf2493a8067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2610ea72a604cfcfb7d9a42a217aac58

SHA1
d5697e2087203272207b1276232b6a4209db6768

SHA256
26671491ad703d29b34c5b42e8f2be1dbee2bf4b84eacee65ecca52c675551d9

SHA512
32a2ad590c4c8fd1fa35a5bd5704f9d5fd0716fc2a93a4e8c7dea52e287470613fefa2604beaf68a57eac0b874a0822dcdcfae96043e185ece33e6bde734fa23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58125a.TMP

Filesize
1KB

MD5
f4a92584fbd285a63cfe70ce53373fe3

SHA1
9fab2307e38e61a9f6f92ed97892dc3a497a5476

SHA256
dbe076039c9def2c1b424d086fca63afc74af59ff1362ab06022262332de2d52

SHA512
b3f082e6d1df11e1f4a0d9706abfd6240de974b8dd608e1879c90c9584a6002803685fc6ca5d0a9d42c09a80f382e2d72e5d37fa75ad629b2020fdd1cf81aee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f61b2b5d74a5b4206c2fa5751813cedd

SHA1
0681ee213b20a5877c82a41b5dc54bf151826f0a

SHA256
db99be689b99a5982ab98e388d67abeb9277bd106bc79d7002c6c4df24b6e177

SHA512
c8fd8672767d4e5043c1373ace842af8d38fbaaf0a1a091b284bce11b07624f5b62ae1fb3f2aeaa85bcb2fc4b4eaf7cb521012e146821bfd83e9c729274b2c6d

Download Submit