hxxps://drive[.]google[.]com/file/d/1Ttlb0zvZenLDgTCc5RvtVHv8YvIegVli/view

Analysis

max time kernel
62s
max time network
63s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23/01/2025, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Ttlb0zvZenLDgTCc5RvtVHv8YvIegVli/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
12	drive.google.com
13	drive.google.com
10	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\df621c6c-9767-49bf-aa16-ffeb8e43bbfa.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250123215249.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
1332	msedge.exe
1332	msedge.exe
1860	identity_helper.exe
1860	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1180	1332	msedge.exe	82
PID 1332 wrote to memory of 1180	1332	msedge.exe	82
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 5056	1332	msedge.exe	84
PID 1332 wrote to memory of 808	1332	msedge.exe	85
PID 1332 wrote to memory of 808	1332	msedge.exe	85
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86
PID 1332 wrote to memory of 5472	1332	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1Ttlb0zvZenLDgTCc5RvtVHv8YvIegVli/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x40,0x130,0x7ffb50da46f8,0x7ffb50da4708,0x7ffb50da4718
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x13c,0x254,0x7ff739375460,0x7ff739375470,0x7ff739375480
    3⤵
    PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10893980559288764950,6170330717722432440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
254fc2a9d1a15f391d493bff79f66f08

SHA1
6165d5a9de512bb33a82d99d141a2562aa1aabfb

SHA256
2bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0

SHA512
484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5408de1548eb3231accfb9f086f2b9db

SHA1
f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a

SHA256
3052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670

SHA512
783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
acfb35d57bb1efc743541f04fac25d44

SHA1
eae51bd086a814af9ba8b74395805bf883d14dce

SHA256
42b250adc34472803906da360fbc643db4450cd0bc2e0e4f0a2e983629a5ffd9

SHA512
b60fc5116bee38fe0bca131591064602234609e2adef849396b0f15bde24e12b33d26593bedc9dec326ed3fb1a2507d22773e67d5f71968afe9344c82a51b390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
4e5da9a67b964c65598a4ebd5983e8f0

SHA1
f378eacf82382aee76b406b90e3d56525e2d7dd7

SHA256
0deb6c7041a4dfdaa024bd862c80c6609bb04922ef82194fcb2097d1387960df

SHA512
e5523b666df5d0e739e36ef19f67eb0f5a7413a79653bb000fb8ccc3fbf3b1d9044bea3ba72c637d837d766ce93eb539bc9462319c066f5a12ba71dc272fa463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b3c492f5e9b76b94bc34573acf19ad67

SHA1
e87f48e5ad774066699f1406f69799b11d31c7c6

SHA256
1c717921397f56007d09093a1dee7b298da1ed489f06512cd6d254d7105b09d7

SHA512
9c183cd72e8631db6d7943476ceade06e7ecae94cee707090cf36437ec93fc9cc58ba2b38c8d6fe19e01c8e363bf466572998f3bd59cf4816db4374f5d789f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d48f56f8951a3bc668336f202a654d71

SHA1
b7c6c833d8bb70e38d8071ff7c1292a1b6142c36

SHA256
0a13beece372b3ca49d6139abaa330c549275b44e4086078dd51f4950a48894f

SHA512
8b21562dd82b3383411c6ddbc6d240f480363e2fef92bd9ad1a95bb60f98f9062d73e5ec3bc84f350f718253e69d4996c8a8b2170a46ef84309c63ddbd937f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6677e08ccd05bd44534dc3e91b74c35f

SHA1
24a12b204be14a1529b84d90d952554f530e1dff

SHA256
0a7255be370cf7568fe8be56de7fc3a9a7300393a7bc2eb0721fc31d738110a8

SHA512
f65ee682f86879a07ae92dcdc41889ecd75f6b2f4313eb13c1e98c73fc244ec154078b9cbaa875bfd846d73de035607a31dae276576ad5072fdb7885fa18b5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
48febe0b0625901956573dfb2378e7ed

SHA1
c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24

SHA256
f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0

SHA512
fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bc3a0ca62cfef580ff9ebbb7afc92b9b

SHA1
fde9832ce521fcd53850d0701a543ef75b772e3b

SHA256
b0203fb7c3812937e92ac04ad6065a2129bc165a36a60a4d2fdb0accc4499464

SHA512
fc1f3a5bd2106d9b6ed5a678c2f4978550a0d7414172b0ce6954a835b0da01ac28c177955a48c2ef56ea3d517a6672474a9cab873aeccae3f22a45ccf2d070de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
51e11319002308a6c182251c569f5b45

SHA1
59c9d045872207797c6cd59b2159c42b784c28e7

SHA256
670aeb94206c028a5619dc67c11a69bcbab271909f1c7e481f2b39095e92a542

SHA512
5a5127b8f9873a116bac83631964e55628bbaed61d23b5165cba19d7676478741b3b1d9361045142c79a641bbd33a562ee61a9aefd17c174332b217255b447d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2eafed416b127fd7f18d24ce34b0413a

SHA1
350190f33e6f7ed7f912a7ecd1a389885eed9394

SHA256
1d15b8d7a713435c32214c8ff4e8637def432eeae42dfda8dbf7d61ba35eb3a2

SHA512
ee5d439f9b96d81489a6680b1c04e41f38f6723efcc1045561f3e8ce626b44c5a09592afdca05d163c77e2c3c82d4858aaa4f635120278c9c877443fcac4e175

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c9c4dd7491819130ccc59bc4e7955a4a

SHA1
144100c7de29120442a0a16a41b9215bb5831294

SHA256
1ddbc2a0db5e7e279aa94fed55a252070a5f37484d6820b29b400c118f2eb2d4

SHA512
630d829fde187c94e9797fbdabd524105ddaf00cadf3c3f73a9867a0f5f9ab21209be82c6ca41f77c7aaa89bef9dc1aa6880fbb0b75fde4bf808eea1c7d0296a

Download Submit