hxxps://drive[.]google[.]com/file/d/1RmzieyQNMSM7vaDQd0jDHfXG28ylz-EJ/view?usp=drivesdk

Analysis

max time kernel
36s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1RmzieyQNMSM7vaDQd0jDHfXG28ylz-EJ/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
1252	msedge.exe
1252	msedge.exe
1972	identity_helper.exe
1972	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe
1252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 1840	1252	msedge.exe	83
PID 1252 wrote to memory of 1840	1252	msedge.exe	83
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 2956	1252	msedge.exe	84
PID 1252 wrote to memory of 224	1252	msedge.exe	85
PID 1252 wrote to memory of 224	1252	msedge.exe	85
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86
PID 1252 wrote to memory of 2588	1252	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1RmzieyQNMSM7vaDQd0jDHfXG28ylz-EJ/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb89746f8,0x7ffbb8974708,0x7ffbb8974718
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13812622805922042527,17057353089173116083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6c2676a33c2af5aff0f640e44a99830f

SHA1
12650b7389c206d4f4c14a3e8cce49143ff7ce50

SHA256
dcbc2c0b63c6ee59c1900628745664e04fbb4fdd4a19ed32d2ef4366a25bbbb0

SHA512
4dd4560b56187b0e8b9d935872ddd9261c4f43a2530e357203729827b9c2ceab6fc932166efb4c9a1da0975db1041228b77cef28259cc0ddc49b1bf920f8901b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
672c0c628cf3d8863ba6f5a7f54fccc1

SHA1
ba53138a97fa63b84cf071141a290a4dee81a8bf

SHA256
39f6822f5c3ad74d3d3b360997e17c6234c9cd815b3304917bb440917a051e99

SHA512
7d47a6bb47f4d6c676c1d5387b3e84822b8be2042bd4c345bbfaaa4481e77eac82ae5521c5f9bb704827625da23b80af8acd36bf673f05e22735b2411574b64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b63455b92ba9c6bbb0b141cca5552fae

SHA1
df37b648e4eae0f251ee6b40b095656fb0d4c606

SHA256
09eab927f18483b4a8ae6ae5fe87a37dfd16d67e8ffae75d650d64d107707864

SHA512
25242f6b3e95cadd1a51a8581e994f37f8609d6b262f729887f94e04f13406152fbae4b97c9f8fa8fb2b379bf7e380e009518b71c357abcc804cbf31ed83ab11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb5f9311e53c26604077902846f50ad1

SHA1
75343514802fa2309829a06610015921c2f5521a

SHA256
c78a859c84a69050149c8ea2a9cc957058d1ba30502327b672cfd665172c4d71

SHA512
6bddacc0340cc6f3c9b75211ce69aa5a87748852ebd3e93c5c18eb2a2e9efc4fa35b8bb8b4b39e2acd3edceef2523f92bab36cd0768a315184464a0981e36485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb20e9ffdd7e84d590a7bf3893646db2

SHA1
784764dc9243990254ca886cebbd205292b1d1be

SHA256
175de213ea30e978e248da70f04147c7a06ea9af502301a82927b7cd254186a1

SHA512
7a0965f687c6e1c586c813335ae01b2fe67eb58f2ae702d38eebc12f3558dfc07d00ebd8afc8d65c9a83beefd9fa6553740f70519c6a7547238bd31c3858088f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ba142bca9ddc435c2cd7e5a173ef8fd

SHA1
fb5000976226f5f23f851f5e580b9a79c937be3e

SHA256
e1ed45855e9028cd1f98f63a97f89c363a1f1ac5e635dbead4ceae3ca0b6803e

SHA512
038cd13e5fb00f15f8ca31f9dda88d6d4fadd8802285660a7f7683a11460711fb4670e05cb5a7723eb19a69907ea77477d9d35079c5cc8d64812b9611e8dd2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58051c.TMP

Filesize
204B

MD5
3a2b95d3fb506f2cc698d0d7b02b66ed

SHA1
feab7f45a63665d00f2919fa049da8f78f4171b0

SHA256
0d7c96caadb744b2d9b81c5e6a160d03b9a6cafa1ef705db5c912b0a135a9265

SHA512
cf5bd73becec11257f974f4036a3c723702de150be8897c225d55b2b35b206d6aed3e9a8262d110bd40e0b97e951329206aebe0ac1736ece54dfa7d8ecd54ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e5c9b945-f98d-4eda-af64-c9fa66a16b33.tmp

Filesize
1KB

MD5
ad20e51c4b7ddee924240ef08a5e36a6

SHA1
dd9ecde10ef12becf51fe999ae90a9bac637d266

SHA256
36de0ef452582db1c3b75e6bd8fde3472dda3fca28a27b8626af65dc788f05f3

SHA512
57c684193200249c2aa41d4b2a1cb952d6745ee2c97468b2caaec3c6778cda3ae61a7a0ac25bd5e99b156d99d9b15697eee7842429339cd1755dd033c6dfbbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d8f1da47310235132205e1dd7e9db7ca

SHA1
21e2ef0da05db8f7eae13d7b8d2877c59631ec28

SHA256
36bfdb70d634a852056025fe07d6f7aba35ec291805f6e0a440706ee3c47e05f

SHA512
15cb5423b7e9c2df44630dc22ee66ef206fb8ac5327cf89f2526f00b5e35ca3ac2f571c578213ebf1d7f3a5246d832ab67daed78cd167d9a0c7e3d85ef4f9f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f065579850cf14e2e063387ec9171f0f

SHA1
cfe1e6e0d7b4c1c27afbde29fb0bc7d9d284d830

SHA256
f4ad9692e623f860d1923d0138e1e34496ef8fa3a2b5b8bbf7bb9fdea8c5ede0

SHA512
ecb795d36663174174d8e2caf6442cd002cf71363379e65e5a4ce93386533f880a7e316cbf667c32d2f356803a258a2943d54239d269a36f85452d5915799b78

Download Submit