Analysis

  • max time kernel
    146s
  • max time network
    140s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-11-2024 03:01

General

  • Target

    https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4168
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc597d3cb8,0x7ffc597d3cc8,0x7ffc597d3cd8
      2⤵
        PID:3000
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
        2⤵
          PID:808
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:540
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
          2⤵
            PID:656
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
            2⤵
              PID:3740
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
              2⤵
                PID:976
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:444
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1476
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                2⤵
                  PID:1572
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                  2⤵
                    PID:688
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
                    2⤵
                      PID:2192
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
                      2⤵
                        PID:3836
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9718568684176760668,8743052636717408507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4916 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2508
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4876
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:712
                        • C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                          1⤵
                            PID:4808

                          Network

                          • flag-us
                            DNS
                            drive.google.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            drive.google.com
                            IN A
                            Response
                            drive.google.com
                            IN A
                            142.250.180.14
                          • flag-us
                            DNS
                            ctldl.windowsupdate.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ctldl.windowsupdate.com
                            IN A
                            Response
                            ctldl.windowsupdate.com
                            IN CNAME
                            ctldl.windowsupdate.com.delivery.microsoft.com
                            ctldl.windowsupdate.com.delivery.microsoft.com
                            IN CNAME
                            wu-b-net.trafficmanager.net
                            wu-b-net.trafficmanager.net
                            IN CNAME
                            bg.microsoft.map.fastly.net
                            bg.microsoft.map.fastly.net
                            IN A
                            199.232.210.172
                            bg.microsoft.map.fastly.net
                            IN A
                            199.232.214.172
                          • flag-us
                            DNS
                            fonts.googleapis.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            fonts.googleapis.com
                            IN A
                            Response
                            fonts.googleapis.com
                            IN A
                            216.58.212.202
                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            206.187.250.142.in-addr.arpa
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            206.187.250.142.in-addr.arpa
                            IN PTR
                            Response
                            206.187.250.142.in-addr.arpa
                            IN PTR
                            lhr25s33-in-f141e100net
                          • flag-us
                            DNS
                            14.227.111.52.in-addr.arpa
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            14.227.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-gb
                            GET
                            https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing
                            msedge.exe
                            Remote address:
                            142.250.180.14:443
                            Request
                            GET /file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing HTTP/2.0
                            host: drive.google.com
                            sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                            sec-ch-ua-mobile: ?0
                            dnt: 1
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            sec-fetch-site: none
                            sec-fetch-mode: navigate
                            sec-fetch-user: ?1
                            sec-fetch-dest: document
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            ssl.gstatic.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ssl.gstatic.com
                            IN A
                            Response
                            ssl.gstatic.com
                            IN A
                            216.58.201.99
                          • flag-us
                            DNS
                            14.160.190.20.in-addr.arpa
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            14.160.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            227.187.250.142.in-addr.arpa
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            227.187.250.142.in-addr.arpa
                            IN PTR
                            Response
                            227.187.250.142.in-addr.arpa
                            IN PTR
                            lhr25s34-in-f31e100net
                          • flag-us
                            DNS
                            nexusrules.officeapps.live.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            nexusrules.officeapps.live.com
                            IN A
                            Response
                            nexusrules.officeapps.live.com
                            IN CNAME
                            prod.nexusrules.live.com.akadns.net
                            prod.nexusrules.live.com.akadns.net
                            IN A
                            52.111.227.14
                          • flag-gb
                            GET
                            https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png
                            msedge.exe
                            Remote address:
                            216.58.201.99:443
                            Request
                            GET /images/branding/googlelogo/1x/googlelogo_color_116x41dp.png HTTP/2.0
                            host: ssl.gstatic.com
                            sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            referer: https://drive.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-gb
                            GET
                            https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
                            msedge.exe
                            Remote address:
                            216.58.201.99:443
                            Request
                            GET /images/branding/product/1x/drive_2020q4_32dp.png HTTP/2.0
                            host: ssl.gstatic.com
                            sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            referer: https://drive.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            202.212.58.216.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            202.212.58.216.in-addr.arpa
                            IN PTR
                            Response
                            202.212.58.216.in-addr.arpa
                            IN PTR
                            ams16s21-in-f101e100net
                            202.212.58.216.in-addr.arpa
                            IN PTR
                            lhr25s27-in-f10�I
                            202.212.58.216.in-addr.arpa
                            IN PTR
                            ams16s21-in-f202�I
                          • flag-us
                            DNS
                            ctldl.windowsupdate.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            ctldl.windowsupdate.com
                            IN A
                            Response
                            ctldl.windowsupdate.com
                            IN CNAME
                            ctldl.windowsupdate.com.delivery.microsoft.com
                            ctldl.windowsupdate.com.delivery.microsoft.com
                            IN CNAME
                            wu-b-net.trafficmanager.net
                            wu-b-net.trafficmanager.net
                            IN CNAME
                            download.windowsupdate.com.edgesuite.net
                            download.windowsupdate.com.edgesuite.net
                            IN CNAME
                            a767.dspw65.akamai.net
                            a767.dspw65.akamai.net
                            IN A
                            2.23.210.83
                            a767.dspw65.akamai.net
                            IN A
                            2.23.210.88
                          • flag-us
                            DNS
                            ctldl.windowsupdate.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            ctldl.windowsupdate.com
                            IN A
                          • flag-gb
                            GET
                            https://docs.google.com/favicon.ico
                            msedge.exe
                            Remote address:
                            142.250.187.206:443
                            Request
                            GET /favicon.ico HTTP/2.0
                            host: docs.google.com
                            sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: same-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            referer: https://drive.google.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: NID=519=NXQafkjWz0qPSthCxcDr_6KsIAUVcOogkk_rAn8TJT7qanI3zdrRZ49dY_5O6ylud6qgYAvEiMI7w00BygsRF95Kz-EN0OGkKCPuXF_ny-R1TrmAjWfq2qltGuiwXy6OZBbrrWYSkreTiyo4i0QFgEWra7DjmMAtVXeb21ESz_loius
                          • 142.250.180.14:443
                            https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing
                            tls, http2
                            msedge.exe
                            2.0kB
                            10.6kB
                            18
                            20

                            HTTP Request

                            GET https://drive.google.com/file/d/1QEWj2UOM_LwrXyVwssNxOEtdk2aMB62y/view?usp=sharing
                          • 216.58.201.99:443
                            https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
                            tls, http2
                            msedge.exe
                            2.1kB
                            9.5kB
                            18
                            17

                            HTTP Request

                            GET https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png

                            HTTP Request

                            GET https://ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
                          • 142.250.187.206:443
                            https://docs.google.com/favicon.ico
                            tls, http2
                            msedge.exe
                            1.9kB
                            8.6kB
                            14
                            16

                            HTTP Request

                            GET https://docs.google.com/favicon.ico
                          • 8.8.8.8:53
                            drive.google.com
                            dns
                            msedge.exe
                            409 B
                            758 B
                            6
                            6

                            DNS Request

                            drive.google.com

                            DNS Response

                            142.250.180.14

                            DNS Request

                            ctldl.windowsupdate.com

                            DNS Response

                            199.232.210.172
                            199.232.214.172

                            DNS Request

                            fonts.googleapis.com

                            DNS Response

                            216.58.212.202

                            DNS Request

                            8.8.8.8.in-addr.arpa

                            DNS Request

                            206.187.250.142.in-addr.arpa

                            DNS Request

                            14.227.111.52.in-addr.arpa

                          • 8.8.8.8:53
                            ssl.gstatic.com
                            dns
                            msedge.exe
                            283 B
                            488 B
                            4
                            4

                            DNS Request

                            ssl.gstatic.com

                            DNS Response

                            216.58.201.99

                            DNS Request

                            14.160.190.20.in-addr.arpa

                            DNS Request

                            227.187.250.142.in-addr.arpa

                            DNS Request

                            nexusrules.officeapps.live.com

                            DNS Response

                            52.111.227.14

                          • 8.8.8.8:53
                            202.212.58.216.in-addr.arpa
                            dns
                            211 B
                            456 B
                            3
                            2

                            DNS Request

                            202.212.58.216.in-addr.arpa

                            DNS Request

                            ctldl.windowsupdate.com

                            DNS Request

                            ctldl.windowsupdate.com

                            DNS Response

                            2.23.210.83
                            2.23.210.88

                          • 216.58.201.99:443
                            ssl.gstatic.com
                            https
                            msedge.exe
                            3.7kB
                            7.2kB
                            8
                            9
                          • 224.0.0.251:5353
                            564 B
                            9
                          • 142.250.180.14:443
                            drive.google.com
                            https
                            msedge.exe
                            4.0kB
                            8.9kB
                            10
                            13
                          • 142.250.187.206:443
                            docs.google.com
                            https
                            msedge.exe
                            3.8kB
                            7.4kB
                            8
                            11

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            aad1d98ca9748cc4c31aa3b5abfe0fed

                            SHA1

                            32e8d4d9447b13bc00ec3eb15a88c55c29489495

                            SHA256

                            2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

                            SHA512

                            150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            cb557349d7af9d6754aed39b4ace5bee

                            SHA1

                            04de2ac30defbb36508a41872ddb475effe2d793

                            SHA256

                            cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

                            SHA512

                            f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            f5459ec5c4750be18612996a23541295

                            SHA1

                            67e5700b2a19c68e331857782359ddce21623bbe

                            SHA256

                            02eb45c7b9471f5b18f7d12a54d3e5b1fdddaace92c95bcf08320b1f104998c6

                            SHA512

                            405a1c82e92ec53554d54d5920b6bc9b0c7be87b84b8388cc3932d011c26b4ca0758e79c31eaee3f8f6fdbdb2d7cd9a1242ef1452e9e00198e5e03af307c5611

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            5aeeaaf68f5eea7c2b91bda16d260c0a

                            SHA1

                            5ea5982e21308f368a7c708cfb0b343c39152110

                            SHA256

                            064dcd52e2741738664e68ec83fd8bef0aa20d45516ca957ecb6d0607f02c443

                            SHA512

                            34311b359df8d133c8e813c1fc9d63e5d3479d3721560cce380676f4e0738eedccb7f5af687c2af62c41c1c010ab98f126a9acddfbb1b264cea1f3069205cb94

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            bae19618a8aae892d0fb15ea583c1431

                            SHA1

                            0f5cc0101645f13ea912336909a6dcd9f4376d62

                            SHA256

                            20f3ba4c38d740a5f5fee49ff23697f95a6ed01245b44feac9cc22aa4f5c73c5

                            SHA512

                            858d78a4e6be7c4a45a65c5184aca28477ba528b2c446e5daee2acfa0dd16bcfa1dd18a02adad58fc3b3522efcff46b68d0938abf43011b8d6f7be90226cd5fc

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            10KB

                            MD5

                            8c2eb8c3439a25530c6a6391d77fe7f3

                            SHA1

                            1fa714c65c5415d2e126aae49e3fda4b9b2d7c7d

                            SHA256

                            f72154ad1a554af4524343d7add480e1d2a0bb00600e5a1b2225659742a76e86

                            SHA512

                            acc267e94cb274ede587406e743eb3efef6d0299433a3bf81d641ff594b5a46c3ac3cb7b86e62f5a5d6845df1b2bea4afcf3ff386525923b3d99397586ca44d0

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            10KB

                            MD5

                            70de61d6f2a2b8a8ec055c40094a5c30

                            SHA1

                            f2c3e899a13227426e2c997d8a345644f0389f54

                            SHA256

                            7457e11aafc91b8d17c32747a4eb89c6a5593ffce7e7ed6d1d4e908b5c7675a4

                            SHA512

                            78f98c1818266fa9ec70a5699334c9266bdb10611f43dabd005861d4583a46906bc8dc00dc50774797ceaade58238437785ca307ebe86df8e02a347dee4af91e

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.