hxxps://drive[.]google[.]com/file/d/1mAsm1Pb-XLb7GF4qvPOAjx4Yktqx3LI8/view?usp=drive_link

Analysis

max time kernel
1782s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1mAsm1Pb-XLb7GF4qvPOAjx4Yktqx3LI8/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
5088	msedge.exe
5088	msedge.exe
2852	identity_helper.exe
2852	identity_helper.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 4480	5088	msedge.exe	83
PID 5088 wrote to memory of 4480	5088	msedge.exe	83
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2608	5088	msedge.exe	84
PID 5088 wrote to memory of 2120	5088	msedge.exe	85
PID 5088 wrote to memory of 2120	5088	msedge.exe	85
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86
PID 5088 wrote to memory of 1700	5088	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1mAsm1Pb-XLb7GF4qvPOAjx4Yktqx3LI8/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb0ca46f8,0x7ffcb0ca4708,0x7ffcb0ca4718
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12899026513912491921,2018682899584839639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
aa8551e2b4db2a354410c6e7f82dfc24

SHA1
81b89bb482ca87bef5c8d7c61accad40d1ef0138

SHA256
e5d0c7aa6c21a806cdbd47e662b19b85abc3b719d94d2a8daaf35a53b97a5735

SHA512
a3a66f6ce06789f9bb3c898acd7b4688ba14d29fc2d53ecf950e599127123e42c2e7faf6246546af12949201bbbaf397e04bb96af5170a8c0fc2f85c399edd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
539c1973d8c451f38b1d34cd8d3eb000

SHA1
cd1fd86413915205c8a2743c31aec5282657df66

SHA256
0ff269545de9d7a12eaa97d73a063f8c6a18849b5ee1de6fb823b78a84877407

SHA512
d4040ca0f5b3cc397105f808b331fcc3d166f8c31e869772832a5201aa7b06d537012697a9d50b4bb9953b64bbd52726875904f9a6cfaf5be7d323a707847525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e908ca8b2fbd0bcab43646a68bb508e4

SHA1
9085e059ec780275aa4d734bc28e7bc9dc1b5c8a

SHA256
c0244d924509fc0caebd217cd28cdc34b0859f8d7ad289e4c90cdba1ad298478

SHA512
ab571f3309718d318d9f4ed0efa0c4620aa75086a94ebff52389c677e3556b642e26f80ba2c1e942e44b4d8d4f3659e62fd3470abd3a735fade66573b8e439ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
13a09ed1dea4ec53d1dbe23c68832639

SHA1
0d0735c27af10f3651e15405e24dad5458f0d591

SHA256
e7809f5bf700638f7eddc3ece6039ebd6f9c5f3c5a574a989e97a562ac814e29

SHA512
9726d5a71188550337647c207dcba2d1b70050c09358bf49582341a9b75c632060751be2c83ab82ffd333b8625389863b454992d6b5f789c0cb5cf2089a40104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
23e65f0cd2293bda29478dff12ea2176

SHA1
b2d6a6efa595a9d490775a5e151661f39a7174c8

SHA256
8f1cb2a428b096d4bd1152b36423ff484d0ebe1e5bd281bf012b29f2127f7168

SHA512
14031bdbaef8a2db70cca91e47bb844a6183a50f325c828f464453165143aaf0db5e9631c521267d37e4788e763f5523a80b047c4d61fd7fbc8fb979a56a62a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e988894eb3ede66d525bfd6b1856cc72

SHA1
8a015e4036f1e48c89da71ae3cd4b1305ef415ac

SHA256
9dd9560b63daa4497e218767397883d994a08556bf8f39d12517e162f7269601

SHA512
08d5bb0f021c1ca243b98b171f26fffc8e24a231351b328245007948b153cf54d9b6449fcd0341b20665fd4d1f7ed78f6be3258d2f5296d7d3339415ea05b0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f6321ea5765851fbe535d0dba5aba584

SHA1
f0c6814c210b50abf22957923d66a0a6ce9ad0f4

SHA256
48c901b682330b07e36104a89a10352ca068a21631303100289af80e220fc391

SHA512
c8ea3cab302e343f53b18e0b455d4dba0ff2d1274e23d9247971089f4a4217ddc22e2a74726703c392d250cf91cf7218b64147b0da82c1a1212bb00c778dfe83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5f96973d84325bae2f78910ebe71a07b

SHA1
9f9d70c11684b1358938429328d6a005d1a0458a

SHA256
eccda4cd082a8c2192f75fc0cce31dd7dc30e9125e2ddf2dfe4d363f34322db2

SHA512
920a3993dd5bb7ae53605b8853819ad643af7502704ca5468d43d708a8be1799508185ad2b837ebb01715fe719595ceffd4a19a2aa0c0895c0e5c5757828e44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53848243483d49b8ee4cd9930c7af508

SHA1
4112296f82fb0a0aba0953d92d4a37aa096a8bb4

SHA256
eb8ee058d41174a87261dbe4cb4a0975a86946f7fa908ea5a843cae12f08b250

SHA512
b073e05b4c416130570f557ed22eecc25979f2274832bbcabc9bf957e7e6971f95e5080bafcf7d2bc8197a82c2745e4507f54e5e7f3e0e527b02791d3df9e79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d53b506ee3c8fc1f3941bb067941c6b

SHA1
811a451cc4d41ad8fd623284e65b893c54581301

SHA256
71f515474047348622cc1b38b2af477836dec665a617b36e56ead115a05f7584

SHA512
82d403402d24e15c3b65c909e896dc267b79cf921244789f4320200a29657599ba21bd6b44f74b107656d02947b2e294676f719c68022022a3dd8fb80cefce30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
94d18df99a01553abe33412da258b62c

SHA1
dd10a1456dbda8a98fecfd1fdead4deaeade7f06

SHA256
dd58a3d978dc6deff444ba95855445bf3ddd5c4d86e5ebf322e8303ca8a050e2

SHA512
756b580e08dc9a170b6ffb7ad0c42132735ec1d48bada9a4ce4c3619631e10197b675102ecb8b269cd4a0253742f289fda5c2c6808721a7c1b169a9bff46773c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
27e85f3438c5880ba142481a4ed38db7

SHA1
085ad16886de90418ff1eb9ac159077714b4aeb1

SHA256
180f54066827c1dd40619949113e152e448ef49a006971d969d6165eb9a33762

SHA512
1d20d6f0a97ae53029343898545c4850c80bf31d948bbbf84fe717c9b47bf90384d0797606e901e64fd760185d6dcfd09759e1e4c25c8e724123bf592696b176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
39ff7e2a70606d1d0dad0762fc256ab7

SHA1
d168adcb5403cdaff6bca75a220f672baa11327b

SHA256
cbc2adf631969d260cd2740552bc183bfc3cc2c11bb334cd1f00009ecd815270

SHA512
673263cbe45631abc009eed9ccbf63700b8c1458812a69573f12ced4ed9374efee4dd9640a57d8418debebf3e05897e9e9cfce4bd24cb9964a7d769b68aea6d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
9bc72f723b2b3e3d47fe3894e3786fcc

SHA1
997b48c4adab081159661410b021d967e605c587

SHA256
16bad73d920d75276e7bbe6dbe8e21900c3305e0c4189ea7a1202811f16d3966

SHA512
e88025d36996cac8217926bd1d4e3d286597501654166f2bbf3c31906b90eeb876afacf585aa27f75cc478ed5d5a6bbb8fb29c395a80e4b215d4a8e3a8cb40e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
1a256a9cb4ba4c020dd86d4056e11f3b

SHA1
d4fcb51ce86ae5833e9f002aa301fc60c61b311e

SHA256
a66a6d97b8fa398ff135cf97cf8e6ce7cbb59d3efcdd1fed3f8f2a0795dde797

SHA512
f664d55817ca8c3e8c0c6007570848e50ea64723dce756371ed645cbe12140f2fa4a7aa40a173c0a11538c06c9361991e1062404bda0d6857ee899b7aa0a4a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8ef5fb98757fb1d22b61fd00faed1506

SHA1
e664c7d9bbf3c0a9e30f4004c3bef2ca1e5c26fe

SHA256
455c4009e6ee5934c9344f362d19805d2da690f07539049a2141a08f5f4f60bc

SHA512
5fd563800bf30258aaaef077526554c0ae26ec8a43aad0445b36db528aa4f1fe36ea5077cb0b4ac9879b52e13c735ac8babb5ff4209de028764e81c59033cea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d35.TMP

Filesize
203B

MD5
09c62bc035c15e515ed77b1304660ada

SHA1
a79d42e793b0555da126caf185f289e14dc8a184

SHA256
d648e9a631e195d86745fdac5d30422c5fea950960f1844d7b79871d321280dd

SHA512
3a1575b42e868f4687f781522f2cab4256ea41199cd42685cd5178b5216281eb1895fba868cc75a0263ddbdf973b7d5ba6fa132f91861d6fa21dc49733417710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
74a7da10fe644d8686b279f83f506418

SHA1
b05d9ca89db09989287b26d15e09a17d460769cd

SHA256
b57aeeca50a78e9ef45ac202b08f804ae9b5f6fda1b2b1c8785f5ff595a71fc1

SHA512
c253f0c230a234962de3b67e2a335c41986961797abe5421172862c096099192ae4e06f4b56151329aa9d27beaf7ce084ad620075e62854e728eba321fdf21e5

Download Submit