hxxps://drive[.]google[.]com/file/d/1poWIWIDA_hKqAqmL-kPUJBveJo--Bn0t/view?usp=drive_link

Analysis

max time kernel
1752s
max time network
1743s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1poWIWIDA_hKqAqmL-kPUJBveJo--Bn0t/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3064	msedge.exe
3064	msedge.exe
848	identity_helper.exe
848	identity_helper.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 948	3064	msedge.exe	82
PID 3064 wrote to memory of 948	3064	msedge.exe	82
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 4032	3064	msedge.exe	83
PID 3064 wrote to memory of 3584	3064	msedge.exe	84
PID 3064 wrote to memory of 3584	3064	msedge.exe	84
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85
PID 3064 wrote to memory of 228	3064	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1poWIWIDA_hKqAqmL-kPUJBveJo--Bn0t/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda90946f8,0x7ffda9094708,0x7ffda9094718
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3558212567223328921,14541492016056086683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
92b782803ba9c729d2cfe78c4dba4c36

SHA1
63e3f7d95dd7e3acd2a90d3d4f424baf83b64aa4

SHA256
53e12fc776f93622128deb04e581ceef37f9f354fb90f78b14e8c8aca39118da

SHA512
222081d7151c53f3ef1883cb58c1b17cdf8c9f7f82a91d1fdf8061ceeae510e4771536f5135c058eed2f2a9b46124036f2dfa8eb2a27a5c4d5d78f84d1b34246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
02d48cc68389b8f3e5a14369ccff8620

SHA1
a0086e0eda463b7b36b0686e466a8ecc7c283bc8

SHA256
c7414461529b00c7c230620a590f4cd9cf8ac1664a25ea8db4e4b40b961d98f4

SHA512
34cc9042d9fa82ccf44538174c2998c894a65ffbf72077b66a94c6fda3c23f45d7fc5c7f74be14d1ee875c730381142ecd13dede72e42c57d5d3b78e9b17602b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f7d3f5e0de25589ac2673ee23f2bca5f

SHA1
fb5904ac4f1aa401a8421389c83a7cf21509d0d8

SHA256
9a3a37fbe8713ebf936f76d53f325e57a7c5641955b48fd606d84102deaeed2a

SHA512
f9b9121e462af4726b1cfd73b182659c1ddfc3e2ef5fbf256064369226a23968393d7ca14e61e375c8c53666bb6d4ca255eaff3553def109fd00c570722c695b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1d6b2e635077cbe40658cabc523ddfba

SHA1
71ca981ec9cc138de188514c5677b5eecd3967a9

SHA256
3e970537269cd9074ae8a92e886db7756c62a6879dabca63ff1be04732f8ce8f

SHA512
f0deccff59e06efb96b1a7a5707dd712000a2d19a79e994929e830dbd5c8db3755ac032b2adefdd69953f65cb763ad973527f655cd8b57cdd57efc40f04b2b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
10d2400017305067497246e2c69351bb

SHA1
deaadc31e35710faa6778d4818e6b2a71ddcc995

SHA256
61e802f33df8543d14f1e8940e8d046f8bbcda782ae6280cac256894fdc7f6b1

SHA512
19cebebd42f5cad05e76ebfdbcd3f7e1a5ee25ccd809abfab54f09c9124f2ace8f6f9bd296f1665163fa895d57d19275ef6dae98ecc252fdb0a746dc2a3506d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b0c978cd5e1f8b80e744cbf5c4331915

SHA1
867387d5d4b82545dab4282f2701b2c051d22133

SHA256
3aab97fd6063dc98fb3a2efba574982c317dc4ad280649de3e46a1880a8c22e2

SHA512
f5e052b212f602e11c62ad0b7edcfd44ef76824fad30939c828ddd759fdbd191c42b2d99758a7675424fcc63111484c5d954fde4ceba3440e87e479e8d06e207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bea49478e3ec72601cbce976caa8c031

SHA1
b90000f13f63540e16fd9b4646b743e65f11b922

SHA256
2471edd9c873b4c0dd74a91412a15018bd931b9f2914bcbdf5aaa1ca46ad258a

SHA512
1d02c5ae4f55790948f5e6096a3cd60699e54ff007b9d851e3d308709dd8e25985bd4c26ecd97566f8368d0b4f8fec0fcc713529566462cbf6c58a6549d1398d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
790e4da1bc72e0889d9a88cc9741d1e0

SHA1
73b4a5ba21e850f5275ff1ba3c64958ef45e1c47

SHA256
9fbcbde2abaf68c9d77f31e0881547ea92b318b70db07bf7f45aaaae501af5f0

SHA512
c161efb004a18c928e9b98615fb98a3efef0dcc3dbedf6a574bd25a145c2e3215e826efe405eee57d5064cdb1ef443d80b7436c8807d6d0567b68a1e87309e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
04c92e34a6ea84d56b7935bee109a2f1

SHA1
0285cff4bd6a523a9bc8ac92510b78de87d7d5cb

SHA256
29e422adfa91201c080608082452184058bc65c804ed1ea36dc0e254f7e511a9

SHA512
1eabdda369cf7739d8cc2c8f700b461496c5b230514f53b39d50af0d202da479327b987b0f550fb2ee2c9899bfe7bfb6a5dcf40ae975b326455ccb27d7396b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a30991397b4e5532e5dbbb9cba3801b5

SHA1
4ed3a991be3f6fcd53d986d24899c3b45ef2af1d

SHA256
412d778a76c912bdbfe996d0101f3e9b1ff915657a6db6cfe59d58a9c9aefc84

SHA512
8034e9bf673738460a533db50b79d52dc11b68b1640a530cc9587e71dbd3f936faf6f6d6e37d37cb475a0581003ee5167d320eacf451a4eea19fb4e526687a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04b5fd99e186a7a011b0e62a7d9ed09e

SHA1
5e225cc0fec71bf29f7dbab3923e0b36c075d568

SHA256
96d7dee799b3eeecdf70ec2e619ea465302d68dc178935702a5a426c45424710

SHA512
2bb5767f17f1a2ff3b0255250828832b4c14274a49acba9c99a7a8492ef6f99093c45cfe4ebda9f5a53c21d0b2514cb0e40508898ef1e9e0025cc147b622cb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b8cd223f68629c48e3ee1a3ffe9268b

SHA1
2629a760acb2bd64c17c987092f902d67a794252

SHA256
8325b1b98f739a546d8b5b73dd46edccd0ced05b87657298da9ddec1ebce164a

SHA512
3ff5ecf306dc05d8361360c993525154ff7c8e9504aeba19c30cf55efb289036a948ab23e5994541205948840495f2792ffecd44c6dd2aac267fb76d8d08fcf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
ed3ad625f8dc4a276b09e0f461072d06

SHA1
da2bc80c84c7a18b957da417de5b056c3a48d014

SHA256
33084d88765636082a9d20e4420bfcc46e4893687c190fa9e6f994e56fc2f478

SHA512
7c5177671430f6ac669a373cc0c0529ab31d0fd45dbdb30df35f5b5bf0c82a1b4f29bec0df269fd49383c799dbd26e9099ac343f469d8c5f9f15976c105266ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
9fc1322f9be0e26ec0853496500b552d

SHA1
07b80c80dc1ffafc4ed67c848719eb57af830149

SHA256
7bb98cc0312c1ee4183ccfa7c675a71fd573c7dd6d36b8402ae00a53b59cae61

SHA512
3f71de8964ba778997b9468695faa18429898d5943c7199926aabb611d00b912198efa73237a125c2e9cbe45fe5754fbbbb969cf914d6dd8b67f0388f83ee786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
0be80d19b32e9960a8fb2ed83eb90cf9

SHA1
f695fd398227070d8b7b7835d3cc1d6d6cd4f7c8

SHA256
84758891bd899e17cb498ffc35cba59145cca677610e9009f8f72fef923d6df0

SHA512
23671207064e88905fdc8a52db5aedc309ca9bcb1f55cd7271967e166bf7636183bba7c4949cfd70b2ddd9c88efcf57549c7952903240d63a1d04c157dada3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
deb97708d38aad1a37777f5bf37c6b93

SHA1
953c9c3e25b990ab1137203ac23d62cff2d8973e

SHA256
1ba44443d70a196a9dd563cd572c4087d076a1f905a2500c1e150b640d675415

SHA512
fc9e6864b9280d41336a1029a3017ed94a969e759d68e0222eb01d2a84684d21b4698576b52ad8a0e8930f7518750ec7d88049fd4305bc20519c6aae6c607720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
06859dadd0a67a053f87fef36a4611e7

SHA1
2bb7af231168b3acedbe7cbf1de20f55733b94ab

SHA256
b0d9d7b15d4c4a828fa3712463b79738779c13f52665d91edd88c24e8ae129ef

SHA512
7d689a40d57c9d6ac674b3934e868def4cf66c4ef793e63132de89436c17e09bc7c5a89bd33ba63543be8efa91dcb450e1090cb563f2e0b0dc52739a1cd16094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
b132ea43ccb88243fed0cad292edb942

SHA1
3c340ae4856c10a2bad31762ec01b6198ad9ce47

SHA256
2157fbedf5688f37e05879488d66690eda47b96395014714ff699fcf25ce61c1

SHA512
24f89e7ab76edb85d9f54a2d561c4d7328e3dc9ccee20f8f4597825ebb6bd94c14e6f0945869b2ae6f049d41e069895e8f10dae8de91fc7e9a38acf3e5534743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
6fed5621d598b365fa00c3e6aa74ea9f

SHA1
1819f28aafa287fdfe41d23b6c0612e8f8588e43

SHA256
7105bcc9074d96dd32acca385e10ce73b7dc6ac4d60d85fea9bae3befb21ffbb

SHA512
2b01178001c84fd79a91f33774c50d81fcae9cdf0cda69bfec364463944b4fc4a00e462dafed9bf3841fcc46333417aa5e9dd30ad5f915634dfdefc442d0d398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d337c3d250a2a4d97d79bc5822a264b3

SHA1
cc2853fd3282cc946c23b303fc2d45af7c9a9e42

SHA256
ab7c17286a3aa6f3969797121d6388ce5d65b4b64398470c93e1ed216e2994e8

SHA512
3b059c17a8f7ab124e10d091d69fbb46c02d04cd87fb5fbc66fa16236144bbbc2248b78e6a2cd1cb954bdf8523c2d336f79b0e6e98cae55bdd94989f6ff7701d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
f64ab65236e703108957637d084ef00b

SHA1
7ff93b8513a3bed8e94fdd3f4726db624a0cebf9

SHA256
85b4ebdf5a63e93574ab561fe5f7c3aeab09af9781817fcf68acedea35c1c0a4

SHA512
2429707c46619fffe07677a1a90a6ec4f347b4082dccdb92537234ef06374156c17c86726e36225a0526bcf6e22ee17383ac93c495d8f16bc7e893ac95d7e92b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5f403e.TMP

Filesize
203B

MD5
c3c44281fb503f6a443c112a8a605856

SHA1
f12e872826eddb34142abfb43662113f93a7a844

SHA256
d905f44091d8123e7c525b6a564eca0e578bbe0b6f3317fc84d9400749248618

SHA512
44e77135ec5f2536376b124bc8c8ceb9635fbcde67f073b88f3a842296158746dfd44a7bd0e618d2e15205db274ebe30a09ce757493b597acda1850c4b321780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f487d7971a755a1d1e5c9b01667e7689

SHA1
528745a526b76f0eb3d90d3f2346983131200b5d

SHA256
45aa04f5b7f4236c27e5b982b09b0e9bb5d36a2fb3faf5bbc28bb93d02f41eba

SHA512
da93405cb80ec78b88986c63174856b4b0e6334a60a3217fdc3529097cf3079c1cb33fdca269f728472b43bf8bcda8c4c06d7ff62782b0e4805c0ab0bacc5fd8

Download Submit