hxxps://drive[.]google[.]com/file/d/1diTNNz2GtdUQ7Zw856MXFktvo-epYkyp/view

Analysis

max time kernel
62s
max time network
63s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
12-12-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1diTNNz2GtdUQ7Zw856MXFktvo-epYkyp/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\53372909-589c-4f3a-9ab2-dba571b70ea7.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241212035619.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3916	msedge.exe
3916	msedge.exe
3772	identity_helper.exe
3772	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 4652	3916	msedge.exe	77
PID 3916 wrote to memory of 4652	3916	msedge.exe	77
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 580	3916	msedge.exe	78
PID 3916 wrote to memory of 3336	3916	msedge.exe	79
PID 3916 wrote to memory of 3336	3916	msedge.exe	79
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80
PID 3916 wrote to memory of 1660	3916	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1diTNNz2GtdUQ7Zw856MXFktvo-epYkyp/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc168b46f8,0x7ffc168b4708,0x7ffc168b4718
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:464
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff723835460,0x7ff723835470,0x7ff723835480
    3⤵
    PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17334877959389869197,2477565998815668169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
913cd25b0de81960e841c81a7bee8b19

SHA1
2c4bf2a4de37c06bea3e39898c9a98ee611b5455

SHA256
b01953744098bc035aee2a21976607df9352ca42abc3e01d769e2ceee1c9bd5f

SHA512
e5a879cdd1f83d6b6ee13117924522c967e2413c29722b5507b632514e28a0defbbcc942e7176f819e05df7bef37ca5133ba5efeb67a91c34b3736eec05ac8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de0e1d3019517b3b005d7731bbb8a355

SHA1
ddf1f15c241f72585595cd30de12c4c3ce4e2f97

SHA256
4ceef5b8daa774c456edd70e46668746b8fa086bb9515ed5975e6737e40dc3f0

SHA512
84f7a069fd6f0713fdb9d35f17839b8755671047be477e49102f5777e8ebeeaa6421d3816727dd37f1241f4653c063fb0823ae7bab1d3001635c5075c2ba464d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
4b4637a91a0c73dbc841530d2a2ece4b

SHA1
a15a6cab3d3fb82a97b867984d9d640d989611e6

SHA256
c1b7cc7c3b4fe8fa808bd431eb830a5da8177b11a71e517b5bb7df90cdfb7293

SHA512
7d7569d2518aa2d740de66bd346568fb931d9a08227ca1d8fa06077ad68795cd155690671f2d4a3fd83af95642c98095b3ee0b7294e2b84bedd2f6f533d37ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d52d6ba76e6ecc82045a3770492729c9

SHA1
fc4dab03a730009c33e414d17906a41d6ee2ec2c

SHA256
20e0c5158115ecefd70eb42196aabdf8b6508104a48f81b9e1e6d6541de351be

SHA512
a0dccd79f579013296d10543548e05b938d823bffbe7298cbd6e596012f8a2f34afd139818a685c5c27762888089dbfd1d498a1541e8d59e12538a2b983946a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74ce8acc376cb43e4e57b9cce6a74501

SHA1
75de0a6a223e8c38eacdf81695a7aadc724ac7dc

SHA256
d069306363578af71900d04da5d10a3ed17ae4b64ad738174a7b5130509940ca

SHA512
347a200e773d27834134b53952e42f5a8be72c5d80142970f17f0fbf5f0f88b34c01e211cb2735be945c53ed3e780754ced9a472e46ee21c97df4e8985701b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d44117b92239671239293c78c1008196

SHA1
40a472715d9cf4a52eb2e70e2c943a03c1750909

SHA256
b36ac9c1926f9cba475700fa103282d2df847ca4ffd55d43ee595d8057d44554

SHA512
98b7251359f859bc4d4bc19b5100dab0006563380471f437bf86bdc5bc9306aa9593fdb2c2ecb41e3ccbc682cf8066e1de16eeea987ae3222a8f03eb14200acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03283df45ce769c4fbcb916a19a45baf

SHA1
83343687ae1c837420ccbd6aa6b90479e1de8744

SHA256
979a5bdfd6659af4a9676a6665e0a65d4fd5757414a7ec3ecdef3eca17763931

SHA512
be2d6e6d0ee1e9e0d27c4fe696719c718959dd41b9adc4fdfedc8cd0dc96ce41fcd0c2f668ac5762057064bc77ba757a6a36dd8667d3b8b2d538b9976050d49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cc420cc45f686797b102b94f6bfda2ee

SHA1
2b0b5d4848cc346c341cbd51d5fc6ce8a08910e7

SHA256
23f845e57c6718a65f93b97ac9c425d7abaad84f75e77e662c4df298305b9a19

SHA512
2410ec9ef56e8ad547219c4ffde2d02ab4fe8ea668c51f6519e224805770375427a4db95eab5e5f062ebdf36323c5bf03d1633508776fa553da2e8c408846092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
832b664db8c95c83ff39b95fac93bb5b

SHA1
9d244b3081440efd5dcb15c341b2e790e5af359c

SHA256
d1d1d00928970105a43609aa8e2516b41e9473ac285cb591fecaf74b69213487

SHA512
0d46d177ca250277b341f04e3e4565b048069a14993bd1d89d38d03ac8cc4b499dcb2c181bd86f12f903054923a3bb47787d229ee975d900dfd6297db22c246b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0108c12457ca730b6437f76e077141c1

SHA1
818b82c0525e9a138a2280988cbdd53026a23951

SHA256
40672251bc23e38fce8e137d530193fff2380a89ceadc44a808962868f37064b

SHA512
4f132880a8ee0f71b145772f1553e1e92d3a5f6d7791e03b2f3d7561a2ea6b747591081ac059dbefa851a7007345dab75088d1736f058aba5fd46ab94086826b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8bbaaf296c7c516558048c46ffd64964

SHA1
30da8aa732ed9b622a21cb230283493a65f8674e

SHA256
d2a3e99a9c1214be125ef166c954ee0a713e7b0f932b785717d5b58a87e153df

SHA512
dc900304555b8e723beefaf434a3fc35c9552abb65f4e15414b115f7aadb4c91dd08c33d89a15b5eb6180bc6779f55d4d7c7d1a95d1fcaadbf9642f5db3f74b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
bf1b4353ad50f007b2917129d8306fdf

SHA1
be5d6e29c7e913181ff2a91e271edf7856fde872

SHA256
a7db57e78f16680e4ea0cd86fe65c2cc9ce23e2f4a4a5f39425a661587e1d609

SHA512
18b387f5228b409f45f3632e745eaad3ebe7b9912cf4897a1bd8cc724c99aeb0b3a0428c06aa44af809a972335b28ec4861649ecd2053ebfbf2a8d8a5b81ee4e

Download Submit