hxxps://drive[.]google[.]com/file/d/1mnVu5OTC0yB0MHhl765mvWowR-qm2hy-/view?usp=drive_web

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1mnVu5OTC0yB0MHhl765mvWowR-qm2hy-/view?usp=drive_web

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
2772	msedge.exe
2772	msedge.exe
1372	identity_helper.exe
1372	identity_helper.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4348	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4348	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 3604	2772	msedge.exe	83
PID 2772 wrote to memory of 3604	2772	msedge.exe	83
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 1268	2772	msedge.exe	84
PID 2772 wrote to memory of 4268	2772	msedge.exe	85
PID 2772 wrote to memory of 4268	2772	msedge.exe	85
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86
PID 2772 wrote to memory of 4896	2772	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1mnVu5OTC0yB0MHhl765mvWowR-qm2hy-/view?usp=drive_web
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc2d446f8,0x7ffcc2d44708,0x7ffcc2d44718
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14044818901658919927,3040664595335201198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x530
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
07aa4f5228ab34e556752855bdd81c00

SHA1
727e02d97841025e49affba95d0f92519d2fb25e

SHA256
aa705367cf3302acafb8de29e26162eb40c1c204a01293fd52db86c560b80784

SHA512
507b2cdc3885395ab6cd17b90946b147623bbc5dda9f2b9f4da4877270687cd8b9736a2962bb6ac162c703542272c247ad551e175243f061de81ea813ff5436c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c811f576755c206c527816757356860b

SHA1
1258be9623bbc1223fab8f9be3ad7cec1523d8ee

SHA256
57974992d311cd8b7701e039c3307224c839e7c5e6486928dab4f1683c4c9311

SHA512
934cb13a9298f35a9c3f342a4cb66ea3d28ed686bbc5af829be44c0d35b25652cee46f46cdda426d654f1ddd15076c4ad23a143d71c5ad244b84b76ea2b15675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
83ca0a8a7b98134d79eaa0435b37fa42

SHA1
0c4fc04dbd2cd62d636e4d2d66e3d209aa4bbfd1

SHA256
27bcfdfd6d7e61c78a4a5774a91ccdffebc76044050f3d40f3bc4dfeaefc7412

SHA512
4a7e69914308519fb8d652615eeef5bc6eb444babb5b03393bc54c4bbcfd1767b63e4fe4664637cd305d02ba23bcd293815964aa8948990eca28f981026c24d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b647f61045eb6a9f0d34e9e1b254741

SHA1
7775c320fff1b6e0b0f327a83f674f907933e568

SHA256
ef05af952371ef20e55e4d99989de01227458a065c5822fabdc3b7095b4d1395

SHA512
45820755be554c202151c14530fd0618a845e913aa5a41ff76d8ff362c6aa03dda28b4be64639b20885155c890db1c409a19596e921a44a6cf8de6d501ac948c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c3fa522eaf9fcf09110a4de49c03579

SHA1
692997dc6760280392def145e127cf7db54ce0c9

SHA256
d32a309ea49bcfdf1245b2ec137201ce403f7019d6eb026d9130d9bc85d3d726

SHA512
8bd5f37583465dd8f841be9d9bfa3b9a22d289570d735075f158815019c3679f1a8f92d2880d4342d18d5b9e637823ad2f542c5f5acd615ee113c8778db24264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
170874bac534a95be6e589f7ab86b204

SHA1
653cb9612fd84bd5d80c0e3866ddc88b52c6a2ff

SHA256
a242db7fb7ac64ac3eca8bd6ec4ccaed43d77e8428a1cb350afa7862dabb413a

SHA512
9addd32ad7b3e0497e195774025e63f066dbd4e857c9fdbddbc4ac42adda071927abd2dadd3f1d8c78df3b9044e81497bd74cc86d74543cf9935775811155ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
33B

MD5
b0195b619cd45d0f8af48fc59c3d7716

SHA1
d153ae8be73da841309a68f26d26642d05ac20cc

SHA256
37bb3e6cd75d830156a6934fa1d1516121b37b4a220705fe32adece7b7ed927e

SHA512
6d917a97131baa380386bcf2c83dffb97f832e85f9510db3df4f7cdcc35396da58e5e098fbcf3fa7867b7909c09158d091ac0432919ca685ca5c7966b88a23c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97df1b26aca0be639218c030142cadf3

SHA1
52bfc7d5e4d86b8b663cbf08e94df3630da7b6a0

SHA256
97bc0f262722662811dad974edbd39c1747ad0fa8e5310377e56fb66fb7ac325

SHA512
3e05fa50105c6b419486424123717aac55a2f7bf0cf0d1aa3a86f56b68b771728cc044c0c1ebc01935d9c98282a33e897e2e83cf0c089a75c09b83a4f0790434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e186.TMP

Filesize
1KB

MD5
51e74cc75e6e2f1b2b663d8bc9d7eaac

SHA1
169b18bf98427895f15bcade50120dd361a8fc6b

SHA256
7834ca7df4ac1c167d9599caae62a1da990d165f7be12ccb2dc77fc2e8e11c46

SHA512
a6307fcf6720f00f7d5bd91bb0fa2b85ac493d34b810e27a75b6fc787dea9f7234b7c3d7b66642a3382a5264dae4aea07a534d3af9c357e67f2f48f10bf62a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fea68b2ce38ee1766ba5cc2a864ca04e

SHA1
3da61beef21e6ac8ee10058a9de89b1d6f82412a

SHA256
687d20d1d2069c241c2a0d7c04569c86fb15e4c56c21224d6b4441e50d656b92

SHA512
50515e539bb9bba488a71e2c9b4bf034ecc63002fc9ee512d36639b3d1c9f3d7cf7823d30e7a9a77d3982b6ce4624bcc49a874bbe5b4c12d0e6ef350171b9c6d

Download Submit