hxxps://drive[.]google[.]com/drive/home?dmr=1&ec=wgc-drive-hero-goto

Resubmissions

23-11-2024 23:30

241123-3hgzbaymck 6

23-11-2024 23:28

241123-3f9xbaskgw 6

Analysis

max time kernel
110s
max time network
113s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-11-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/home?dmr=1&ec=wgc-drive-hero-goto

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241123232848.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\11085077-e409-4163-86f6-b0a193b77d23.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
2520	msedge.exe
2520	msedge.exe
824	identity_helper.exe
824	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 5064	2520	msedge.exe	81
PID 2520 wrote to memory of 5064	2520	msedge.exe	81
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 5056	2520	msedge.exe	82
PID 2520 wrote to memory of 1180	2520	msedge.exe	83
PID 2520 wrote to memory of 1180	2520	msedge.exe	83
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84
PID 2520 wrote to memory of 1932	2520	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/home?dmr=1&ec=wgc-drive-hero-goto
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8363846f8,0x7ff836384708,0x7ff836384718
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff743e65460,0x7ff743e65470,0x7ff743e65480
    3⤵
    PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5391169556502531447,7298058484799573954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccff51f965f8f4176e4ad112c34c86a7

SHA1
eab249ca0f58ed7a8afbca30bdae123136463cd8

SHA256
3eb00cf1bd645d308d0385a95a30737679be58dcc5433bc66216aac762d9da33

SHA512
8c68f146152045c2a78c9e52198b8180b261edf61a8c28364728eafb1cba1df0fa29906e5ede69b3c1e0b67cfcbeb7fde65b8d2edbc397c9a4b99ecfe8dea2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c29339188732b78d10f11d3fb23063cb

SHA1
2db38f26fbc92417888251d9e31be37c9380136f

SHA256
0a61fa9e17b9ae7812cdeda5e890b22b14e53fa14a90db334f721252a9c874c2

SHA512
77f1f5f78e73f4fc01151e7e2a553dc4ed9bf35dd3a9565501f698be373640f153c6d7fc83450b9d2f29aeaa72387dd627d56f287a46635c2da07c60bc3d6e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
df2670578ab663cff87a55e9fdeae0d8

SHA1
f7d7ea53039937d655df23b2d19689de555796b5

SHA256
2289fe352366f991251c18994d80668857e876222e2fc4ff656795add257bf18

SHA512
24d925bff3e7a53c1438f2107e9ec69164a1778623ce212a5a4e44214a3f75d5f89705b0d4b75a3d0f77856e401742dc9ccf85d248dffaeb358c54347385c921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
7ad9153b1bd484a823d0640201c8c1f2

SHA1
d5616c9bcd56e32a0d502bfba3f52de417965449

SHA256
f0429639385688a3963d6336d48166ce20ade6ae86ea8bdbe2dd597da3805715

SHA512
f07d2ba6ed137aabbcb34f283fa3007aae3b561fa0f516c2633e493fcfc130c10c64ea225faa7a54efe2200916c328e9c157bf9316c7a5a6556a38ac59c34aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
84bef9277001e68cb0e70efdceed5d73

SHA1
77b533a4b25a6473d5d4efc4fd05b0fbca1e92b5

SHA256
fa87b3facb6122ea872548c3885d60b2ddc7750c405f9e5613c102ffc9004c5d

SHA512
7dd8e7a8305cc50b91b2bdf758ae6aa17a177f0f252078f98b37d3a9f40e7d1746e40d90237dbdfc95db7d1c41ccd20c73ab7a373b41722368801b837ee1a4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a1998b700f702a59de2b1870e977cb1

SHA1
282e56f3bd81717e0d6855f01f7056a6f2d5f701

SHA256
f499169570c934fa89da66189835ca265bf091493f716bdac54648146ec22a34

SHA512
961466322516cf4cddccd52a3a71427cf622e8ea757b973ecbc75f999140f58588bc3035f8225caf6d6243945a0d8a0a167d403b985c644838d93220d3c10180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58abfa.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ba47421a8ffbefb5e0e377ad9f3894b

SHA1
a73bc28a7a59d8d8b5ea4de75df514a2441dcdfb

SHA256
a9b29f13c283f041c19f00b7692142f0b23a8685378067390fe04618e7db64ab

SHA512
1edabf9abb2bd8079f6b5226cd5e6d5b5d2d4e204fae7b4bd2a169a41160c04326990c9fc53aff9b34ba01a0424239d800c8e59e2a2c92a819ae5b444bec306c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d51ddd724a58bf713defdabdbaa61fc

SHA1
6392a43e6358b8b184ea32b1399b3b5c49174f23

SHA256
07ebbe13de7556be2571f3ae5623dbceb07e07875877b35b73b39d09f7e05956

SHA512
455dcd7b6b5591655874f143372641161af9c74612dc38259a5b496e5ddc885140578ffec709aaf13c785c38b042e1198bb233146f9d78423eb809c1baade267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c7efd460f5d0d2b613d6fdad9bccda9

SHA1
49d960dba37bc65546f85c5b2c3a66aac55f6413

SHA256
285b4cd089c9ad39557a033caa46b17019df632fc4e005016ceba8e4746ba4c7

SHA512
ce6f2529dcf0968eb1ea7cb7e50006a933c427e123d3137037ed6a74ec76cf5c9ccd4ac499b3a6658d8d9d799ecd59cc6ee5b3dfad085e9101735e2ca7a0906b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9fac06c3e97940498bcf7e111c0c0568

SHA1
aa9ba13e53830abf834b0af5740ac9b728d9da58

SHA256
9b9fa237216a1463878478de89ad4814a3873efc7a92a06c978f97913bbd7ede

SHA512
661b716e22ae72e5c761c298888871514678700cd9f0acceb07b52a9fe14f2869b9907ea21a5576aba94114f6fbe2118ead8b0367817c3285d5fdf9e96f6d697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac7fd0f11488ccb78c1941bbdec50451

SHA1
c758b8e77370286b5e1b53cb157910ed6c978333

SHA256
3ef3952dd351a7e1732a3b2cc096317018118cdb7b6799f727e5b80ad0046311

SHA512
42901b5ec791242701412073d7d6436fd4cb030477117654c46afbcc9d0b66dbe6fb431a5660de94ae9feb612ed9d26a6f71cea07e9db4fd3bddb05560c88243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a7c2138ddb5fbd5ae4dd9496dd22b5b

SHA1
e59d78ce93dcdabedd4faa2d5da531207f9fca44

SHA256
7621bdaefb338c2748d2769a80ced89b7aff9bc5015294660fef9bfbbac046cc

SHA512
1485625c30033b56e02336eb0909f536ebc479c70dd3ea15cbe5cc705e486e9bc2ab68b4b501bda3146c34c8cb8334a6a6610245825169ed26ea91eb365fabb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
86aa28ffd286b08415aa197216684874

SHA1
d99924976c73e3220108817ad6bc1d8b1795ca2d

SHA256
a6dc4bc6ade3039e57b538f2620b91602199f1908b23c4a2beb3fd3aa721579d

SHA512
a51fbd1af778d32f2f95a9a863a59f42a7eb804dbb8ce85459297959eea21fbfe9625d74c3f91ad65016031d4b3e26eeb748c1c59e09ac68778fc670d408d0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
26978f38b0bce48572b90b762b7d937c

SHA1
8b8b88012fab1d37fca79575a5db81674b424867

SHA256
b38f05e2e63a1f87026aed06f5b85354570c6f91d28947466f0555276bab6afa

SHA512
501e0de5f46bfaac901cde5c39a321edc411426fd91c83427f36710fa56d20b5f6ab8f2219d963f7ab495c2df7def879652381db3876b7e2a7080921cce78379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37b1a3f1fe5e8ad7b32a419ff7ba1dc4

SHA1
44d22f0c1bf71ea423a082970a057264951dc7ea

SHA256
77079cb1411a193ddc2203715037d34a48510aea6f72c944dc0f6d116e243acc

SHA512
7d28eef1b8a5851750cff55edb0ab16676cbe3788850656011fb5becdbd6adbbdfd3ffef41c7e4fbb479390e60014ed64ff7c3f4904b02f82c2c76f1e2120e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ce4482786bf2793d09bb1bf9cacb490

SHA1
dd6d5945d7a47c7f59058982ce78e24d8441b1ad

SHA256
e5dc864abe440b0b854c7117b89c647abf8576339bc4a0efd2373ef764fe2b29

SHA512
03f9aa787138b15f2caf480940edc1c203f2b6a8576fc86d203c0db22a4b045aa3ae0cb3c97cd80ebae01e9e45865794521b62a3b72a64263b149c6c46da5c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
921f5c5921dfa93ad81c99e07cd9057e

SHA1
803d7100f0cd018af125b1e38cc364aa9383a4c4

SHA256
13e05ef58380590edd4358e60547dd275ffc0d34b48beb6fca4581a290ba3a69

SHA512
e06ffff087b0c0e170a96cb07179d77ba8b383a394c68893a7b731152e350fd405e358c11897c91f522947458c5c39af0986fad2ab6bd4e1f77659b126fc9280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0716f90b2d376dbf82e554bed747360f

SHA1
a95d2ed54e8b25be3adbe7e8d8ad63bbd54b2c16

SHA256
efde69d267f6c7f4885e89d0cf3a2abce764d6564e7717e64ffa6d4443b86d4f

SHA512
f5433cfda1a7f246ce63cc583fe818d0a72fe6575b388714325b3ecbe7074dc978b839e2e645756ad86e997360c41ac5c5e57afc4804d339d51dd749d4a3bfcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8607ad9e54d8c95f2b4dbe5f6e38ce6

SHA1
12dc55ab294d2bf002e4f494ef5719100b916e10

SHA256
c84b361cd41ea8b055a08bb290b503852fbd9f1a57d66d860fc5f892fb0f169c

SHA512
3aa9ad660c79784eb212355acb26d2f70c86b062ff31668549bcf85c3e392faa16835f6f90a49c59b207f308d64497f42457160d4e31197dc02b84a4be43331f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eabe.TMP

Filesize
370B

MD5
4f24b341be17a30c3774030582ed6ecd

SHA1
12f523e53254e7401757494aa090f0a4e538c2f6

SHA256
4ca34d15037a6335ea9dc8aba615c210798f4f055da9a23135f278b5b66ab2b5

SHA512
e157057e4ca611f21d595551a0d75b28696fe5f37e747de82c2c8b23d4e8d899e9da770355d14680a4e05ca0de35ee5d835676db182bf3893ed0faffbf5dcb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
60e4aa36fea4e32695f894cddcc9d324

SHA1
b6b8c844f8ed7e7a940428e3324b0308e74e58a5

SHA256
36f8082da26d9d7a6c218754824086942bd004e9c27a9984964f42b938e72fa6

SHA512
8127f55306c6d44b9538d73d8b6cfcf5d061719d7ec20e2165855c8212cb73a9074a50b771a589f4698bc44efcbe241af2ba33efd005227d1d1808de3de91e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a8df7c41ce7be4ceaa5cc201f0e81ec2

SHA1
591b79f2c8628cb1f8b706c0663ecb883208a85d

SHA256
fd1004b7a9cc57e257d601b853746751bad460e09797236a13446dd70fc2d221

SHA512
b3ffef7d5dd2cbd3c446d1c00daa0613d324d7234a12a75af833cbf45f8c8bc92df46c4931a48583e27c0305e6e8df1eaeb7ff74efb0b860866ca684188f1295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
362de8657e0466ae259d868eb36c9c43

SHA1
060d7ade9f0af70cb651ac7871e847c95c7ab600

SHA256
9c64733c5a0251a28083a22e22d13f26ce3ae0effc3f00d5bbb3880c92af5473

SHA512
40aa85545b0c4843f58868b86f57bceec7c084a251c95402026eacc714b784752e86cb0e5b2a900a7aaba570aa9a29b431fe9fc8bf198198b8e381c05b45025d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5bec03891e6d40b64097b8fba9a612f1

SHA1
aec154d85d848c67809d6c6ab6d34c165a0ec409

SHA256
6261bb8b96fc804b615c05ec71d4b3c6cbb3deecdeeaf71fd8eaed6407898da8

SHA512
ab67868863a019afdc4892c951dac963e7b94e17bebad8860aa733a5b6c85becd96d446a39e0947861f7894cc45382b7ef120f8fff8f7b996737ce01fc87badd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
45662f2151b2f1d82fb1351e53d704c5

SHA1
b7cdc5b55e5860f81d46e45190a50c2b5eb89406

SHA256
93ff598015dcc43b5e64e8b87c5cfca91c09874269b80a8887f977ad8ff16b9e

SHA512
15ff8152b1841306015e0e0cf1cdb550d3e888925ab07dc7769fdeedca90716b5fcdb051a563929612886c0cce99361ef6a68304de5706b8b2843d5588e12207

Download Submit