hxxps://drive[.]google[.]com/drive/folders/1VM9ZrT3A3seJstosFqO29l6lCXyQ42NP?usp=sharing

Analysis

max time kernel
299s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2024 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1VM9ZrT3A3seJstosFqO29l6lCXyQ42NP?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3724	msedge.exe
3724	msedge.exe
3264	msedge.exe
3264	msedge.exe
4320	identity_helper.exe
4320	identity_helper.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 3916	3264	msedge.exe	82
PID 3264 wrote to memory of 3916	3264	msedge.exe	82
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 1816	3264	msedge.exe	83
PID 3264 wrote to memory of 3724	3264	msedge.exe	84
PID 3264 wrote to memory of 3724	3264	msedge.exe	84
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85
PID 3264 wrote to memory of 4904	3264	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1VM9ZrT3A3seJstosFqO29l6lCXyQ42NP?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb55646f8,0x7ffcb5564708,0x7ffcb5564718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12274601113509340276,6606365910639018035,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
106KB

MD5
f20eec0b91c02e4de309fd0bd152dc2a

SHA1
26443bf97f950186d8e80c4fa1fc7abda5ce1061

SHA256
05600c1987576d7a823178743bd9d27d43804043bd4b2ddf5d0d81b467c0510a

SHA512
2a1caf15d4858138ba405eaabf8d48eb59c5217a588fea4503f6a4bd32a5654fe42ccdd6ff5082d95f78ab3a21f44640a5757e4f87e621508342d881fbcef679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b1955fd0cc7900c89b4d014c8997801c

SHA1
c94cb54bc811af70dc955f9220b2167d54b82bae

SHA256
f8f101fae24bf0fdb9f5cd01935227c7ebb659510e4bef0325b8cc2dbec11cdb

SHA512
20124cd406a57a296a0e912a2cae8a267fdd860e091e31e5d3180ae35398cb517227e0542cebad63cb717e0a27539d013a6e1ca906c459ce4a9477c57ddb8112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
92cfe2faedd0bc2e39db9ed4da44b078

SHA1
90f8e726ea34ef3c5f21773c887742004261ae93

SHA256
19f1e0d9a146b87392bde0f4b5dcf37831564d630f4078fe926b9637ae53d7dd

SHA512
f41f46f8a6ce2e8dff6ff6832c8dd8fa210577a5a69df7639a2090f10f5bb150cdb1f926d87a3d1c8ad4f019f34bd1d8c3f90f7cf6b6ceb89cf22a00b8cac29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d3e2ec36d5fd4f016ea4720e0c4f6c30

SHA1
20414379127dad324b30f570c6e9cfe29944d7a2

SHA256
acbf6261ce27305f0db83f1c4a828bee0c2311202118dbbe06da6b86af5fb4ca

SHA512
76ad8a99bf05ac3688503a1127e6ac1076c85f41071e8a2d221ad90786ba440e5027568d02dcd23a3475d7d3bd10d53f9a362647da020d6ab4694bda6fa9844e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4b0de0b126364c7e97b95db4ac41d4a2

SHA1
4a2525476b98a2ad425706c8ff2e259af7d89fdd

SHA256
921ab2e59b943c7a488d2b4e8a868f3af212431e73ea64e56d0e9528c7ee78b9

SHA512
2ab0c2fd72a29d491cfa7c28dcefad09436223f491a0753f923546a4d27ec735e3d8c939cb93351e4bc6dc1ef48e34290b21274c661f50427053bacaf71cb13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93f1573a9101776a3a342a75d73f15bc

SHA1
cd6de49b406108f66aeef9ae5c7c599b3aa89df3

SHA256
0a1de55c3b556c046325a8fd1cd357beb4ede23f17b208b0e5f3928f4ceb107d

SHA512
33ec4264831f066ae2fa9066142bdd0cb1fba24e2054a49972e5ec4b74f610dbe6070adcd1be636fb12ad25b1c9a9a632d6f843d243d00050b802ca88cdee253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1bede49309a2db503241bf9a8dd541de

SHA1
66a8f39d1b021e0df2122fdcc4dddd82e88a8d66

SHA256
605225678b453d8a9f5a5292a5ff3dd6150122bb1c48ed886f0068c7ec6ebd97

SHA512
61b55b9cbfbae132682ba27393771cf75ab3f3d9cd71b0f2082160a75d880dc5b2a1d2fd6581d007a22281fb0e4f1f089164e9e36befd145d8abc3cdab96e923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
203fc1caf22d1c3f5da1e58d1de979d7

SHA1
9e6bcd6fe04a41a74b289ccaaf46b83702c257d7

SHA256
82d589cb3f460d1e2b3f12396faf5b987ff1f7a01c0d00bc1014e1e89c842acc

SHA512
e68485bff069be7353159b90e978bad4fedb0d72c342eb4b32729ba9811679e5d359bb44c41eb7ad8078d46695b468e17c706f33bfc7d1f3053d2e4f52d6301a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5186af8ccab472991dae00244803759

SHA1
997bf50fa7780c8815af158ab73dee629996e31c

SHA256
b1a40f27c5b66dfabb4fc9ca937e9d93747e046ffcd0e030c4afa4ef49d12547

SHA512
51aea31005e1f57d390afe3b80015a1a5bc995e60bb508dc04a8b4265298c1f5e1371ad2eb45d2294b763bfd4ce24d9fead65b8accf7bd6c3d2d1123e3b6eafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
10c8cb2c4d1603d200a0a8618279b4b5

SHA1
6a8d7ce531cc01538baed9de151f509add51f8d4

SHA256
f6f7bbeec7f579b765dd090b14ea1ae622769f2eb66fe7cc7162336e3d3dd1a7

SHA512
d50f1987d45549f3dc560966b5d4e4d833e188b6a199ab78989f5dc0b13999c5bf31430a31bde4d8332e0327a1cd94223b1ede785fd37d4e0b484f0e7276c872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58269e.TMP

Filesize
1KB

MD5
f67f552075949c0aa3fbcfd71974ed86

SHA1
aeac01118f62074165762dbb20e0ef3e9a966c09

SHA256
847db57bc6b7a6b6427d298b5411ab55b79b5602854075a68545008b04610179

SHA512
93330503ad3e045fc140bfb3771d7763c1c7afda27c3e6bde1b7b5d796d02907f30a01ca4fecb3cea723d5d8ac86e05ce4b3245280a7dc203315d701a5d18cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4668fd33ec3787cf1d2965355786e5e9

SHA1
d596413d8d8a3c55c82bb4c38ba7b339cce08ea1

SHA256
6be90561504aeca4f7af996e6b5d2dceb4d5dfa66ea8849addd08aab0f651b75

SHA512
38fba1d7e641b3126ebc1fbc3715e4bd6d2aef65ce712e8a2cbbeb3b641f8048d5c430a1ee0c0a3a6179b06a864bdde169e50ea5bbdba9b9d9c74b452766921f

Download Submit