hxxps://drive[.]google[.]com/file/d/12UPAPzP-fXldYGtKEhf3QG0peeS4PqNZ/view

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/12UPAPzP-fXldYGtKEhf3QG0peeS4PqNZ/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1764	msedge.exe
1764	msedge.exe
908	msedge.exe
908	msedge.exe
3260	identity_helper.exe
3260	identity_helper.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1488	908	msedge.exe	83
PID 908 wrote to memory of 1488	908	msedge.exe	83
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 2608	908	msedge.exe	85
PID 908 wrote to memory of 1764	908	msedge.exe	86
PID 908 wrote to memory of 1764	908	msedge.exe	86
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87
PID 908 wrote to memory of 3728	908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/12UPAPzP-fXldYGtKEhf3QG0peeS4PqNZ/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5a7d46f8,0x7ffe5a7d4708,0x7ffe5a7d4718
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2388 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,1071538799392620011,2774441867569307071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
320e0af86357ca96a3d45b16f78918f9

SHA1
5a4e65104281663b5000a41f5b548ce246450caa

SHA256
e15affdba97445713ef43a0498babf68170e7e675ff2f75f7f64352bb2414a9c

SHA512
43c01c93e80e15424b46778977d31b3a91c4a4bb60580ac45f35f521b213c6683f0bb187545126adf8d8d0f8204290b25e062bf2ac665d541e627269d8157979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c55db0329b8faf052ee90d1f9787bcae

SHA1
10054c2a50382432e33af00d0d2a0702bc79612d

SHA256
0426c617780e024ea5e6be016e569642391a189d7495af690ea7208c3744a926

SHA512
d9aa91e257b1db159f25b0b9c8857de9ca0fe877510564616f28e120c3fbcece110c479394532c8841c7a826d1b52fe3cda58f899b5cf44247fdac98beae2560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8a0be2306a02203d1883a0891f005a2b

SHA1
732074eead124b4e8ba8d6bd7c1adc808fb9510c

SHA256
3f32d0e0b10a3d286345e5aaadb00318b10245b69ae3ecb5bfd401ec1ed84839

SHA512
6f359fec3cf9cfa6e0f92c348e6189d0b3141b53624ba54acf786e507bf2a3c6e137b8291588cef66016e68c75aedbb07964e4bd317a4a1feadf92733c4820c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94d873b34560ba6e821fbf6e2f65bb52

SHA1
54a4c213491a2135d932b0ae281af1431140bb8c

SHA256
922a2252467367daf99e7d335fafdaf3a1a332f57c648cbe5d2cc273f39bb1d8

SHA512
7db42b6cc9580b73500d77a3e27d76b335966c22d6e0c8b70612198f77b0677a0ba9bbb0301e85879ec24df5f18202bffe158112fcc9385f0b57591d776a0d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71939d28cf7d8ac1dbf989e760b7ed89

SHA1
89da286d877708df94786f153ef49f9930237cb8

SHA256
ef03611090c9c0c60afbc2429a94bd4aed63bc5a2431558904521f28594644a5

SHA512
d42ca94e95a9524a5ba6552795afa7fd6678449ef4b082ee1292d79afaf497c865666ac8e219055dafad940157c379340aa3c8b271608059858780826f08939c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4524d9f09eb284075856aa4cc1dfc574

SHA1
e6d0870e112a9e48fc790121af40af6ecc313a87

SHA256
d76dbb0f2a16377049ebd904c325d982477eb8b90c9bdd2d004ccbef5657d441

SHA512
f092e19952d5a624f90451330e2bda5fadeb38ed15504447d2649481860dbf30c56ccf9717dc3272af17d51a75ae314f11a1a254ecc02e513336d2a04b305f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\6d0f7bd1-d2cf-4982-86e5-8c74eb41a1d1.tmp

Filesize
24KB

MD5
fc82b39141b2844434b14f13d657a94b

SHA1
9c0b7ab1fc70dadd1983472f2842794719717121

SHA256
93fc72564b52a8d63b59b663b6838acc8f4b03959414c1de0e657d2a12151f5d

SHA512
e372d0a16496a0cf2d905926adf8bdeef9931e31c3088156d2ba730aecd39df8b066358fbdac7f92f42328b40c386d0c07be01d907d3d51ccf96686fa9adbd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
2KB

MD5
2ce9bc49672c1cd86dfd776e6dfc34e4

SHA1
ec8c46d6761e931decfa4cb4df53245178149373

SHA256
9846c7804c69b158826e99abce5240e628b713bcf5a2894862d45462487e42c8

SHA512
071028c1179a0fd3fba5bcf40be67c3c72ce0be394a375417abf311cbfac654335b7b4b04537113217fc47cfc3d4d6729fa34bc52dcba4598ca983a78df5f887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
1KB

MD5
f07b2bd1d137d76c511077777d0f838c

SHA1
2404994ae092863b03cf8290b55afad90abb5da3

SHA256
9fe495197449d5af883fe764484ac2603e4702e0789a489374779474272efe7e

SHA512
c8d90ce58b2f7e333f14196f1885d1d786c6889cf096673f51c21af33ed306aefee58dd36094bab6eb13296da3fb7fe1fa79889178397ca9702e05c51e94c188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
2KB

MD5
fcd8e88ea0594c68c831fbec5aca909c

SHA1
c2bad4bddfd8f1b6a845cf6c34d14b3ec3deb8b2

SHA256
7885d66c17e2d70e14ab8688855409d9ae68b17b26a9f942bb2680fb2dd628f7

SHA512
cd820d57bcb50cf97196297585cf78f382b89c06ca5cb070a8bb1a7f5c8d5ad334303d782d79c37d6e883a1d5293e1f01e55229d4ec4f23f22bb4e57690a1fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences~RFe57c014.TMP

Filesize
1KB

MD5
399592be530e7e68d464a24a21e1eb9a

SHA1
8276db27fcbd85c194e9f4ffc0360e4a3bf9497f

SHA256
faf62f3feae0670c84b36585d5d96a1aac702b65d75a2f042bcc5b73bbaa9543

SHA512
6e57555d1cf2ba8bbe192fbdaf420ffff1e95eb742a7851922ff8781d03fad6842b616baba27eaa11750bbc8220a5f7c8c3c4fab385efe1e024fefcfb5e8d70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4b0c326da5961be531b18f3e102d00ab

SHA1
05f175a6acddfcbf812050c6595c5ef86f8076d4

SHA256
c36ea30b2554abae7fda1122ed6e33453a2c42c0535cd02327d53c0080a7daf7

SHA512
dbd6f4217f22896ed4644ad9f19fe6f2e696b0aef9c28486d5afcc1edf272e236f901545f1acc6356ea52f6b07dde14acf99f3c375f908c736c206f26cefe2a8

Download Submit