hxxps://drive[.]google[.]com/drive/mobile/folders/14ON_8HqA2a4DSAKO8Vme7HYixm7dB_P4?usp=drive_link

Analysis

max time kernel
116s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/mobile/folders/14ON_8HqA2a4DSAKO8Vme7HYixm7dB_P4?usp=drive_link

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com
8	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
4740	identity_helper.exe
4740	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 4868	5084	msedge.exe	83
PID 5084 wrote to memory of 4868	5084	msedge.exe	83
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 5072	5084	msedge.exe	86
PID 5084 wrote to memory of 2724	5084	msedge.exe	87
PID 5084 wrote to memory of 2724	5084	msedge.exe	87
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88
PID 5084 wrote to memory of 3176	5084	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/mobile/folders/14ON_8HqA2a4DSAKO8Vme7HYixm7dB_P4?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x74,0x108,0x7ffc1c7146f8,0x7ffc1c714708,0x7ffc1c714718
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10621862074347884821,90345764333249392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
28KB

MD5
7f5a5d45ee4ea0bd1ccf5178c63f43c0

SHA1
71cafbec33de805f8c65c04ab40a7fc072420df1

SHA256
e47f30921e1d3fda22de0ed56c9847b80e379396ea95d3fe60e04cf9e4c9773a

SHA512
11dcabf8a16fd008783be04cf72e9ebcdc3b37a9a92c0769daa32fcec0a7ac5f1380d5e7636dca14eee05e5787419d2f5782726c94846c39085b325099c123d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d68ad3a854abdd79611882465208b175

SHA1
692d0586104a146c4b502aa99c49ffb89c8f29e2

SHA256
534259fbf8e75b89a5a166f4a23e787797499768fa70f7a4aacbf7accf88111d

SHA512
cbebf18130be534bc1ee309df76328313c1c4930d0b58ab7165fc0a77ee545c29212aaae3284bb015b0923cbfe3c394d819d210d7341e7d500a01a71e4850166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bc41b58760ea20c9bef041ef2b0055e4

SHA1
9faf4ded5558e90a67e7f410d91620f21c12e2e1

SHA256
f11e5a6df0a56a8345c224cec1d8ee87a176865b8d0373418e59f8dc9542d2bd

SHA512
e4672e2c48f825aa742eed849048bea69560038b8b63efb011e3451d14502cce0638076ef34e8e87d196a87205265e188f477cf4d954e63a43803e1cc02a9cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
95a18c62aa3f95ee2294233a93a34317

SHA1
0c66af6d4b2b8354287a29194b8e2f7496647a8a

SHA256
7c4bfa56938d665bd644a66231f6a880bde144e0d501b5ed60427a2e6dc324f4

SHA512
871e812b86f9171f217e48ab6fccaffe0041d8033ae854fb5ceb18ea33ddf9af55b971add0c581081b9c4619642a8cb9a44f164dd1e934de41318ec1eb5c1f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f67140b02bf3cef1300e136d61b771c

SHA1
034bce41c56931bdc361aafe760f5d870d4abfc8

SHA256
8cd5b7134b53e5897312e3dda581e11639821daa9238dc7245218289cf3c7e12

SHA512
bd4a6ce9e730afb1069257fd3d28af0f868dbe6979c885b627e65114da47d01821caae1bcbd2c7fc84bb236ed5fe434cfa6d62346ad9bdb457396169aaa20b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d9a13a9873196966cba7d67baba86cc

SHA1
216e1d0dfc8a3447cb5f0cbd2a7398f69988d2f6

SHA256
b5edbde25a93c01eb7c2c3a0f4752a74919827f6649154ed9f209bee499ccb63

SHA512
cefb244db6567f7798e73b863eb2f24b63f0271a08d8579bb4b6b7bf5d712b3be324acdbd9f93080f0b705354cc2da84406f9086b1b4683dd9f982c11a2d1012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbd33d2cf2d50ec72d13050d035b292f

SHA1
5cc6c476cb48000a378107a58df35f85c6982aea

SHA256
f266c96ceb8a3c518d15c6013329584090d1df6dfe1c15eb03299431598acc75

SHA512
c675d068b28440390b7f1e8e9c236803afb35dc83e8843ac79e6d7444c5cf4a4b09579ac37a4a7d4f5c4f09db868c9eff60b794c7483a7ec1cb33b2607a07f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7466522f837a6940dceaa794adce12a3

SHA1
6bbaacb1dac72c77df52e7acbb8c3a93eaf56ed6

SHA256
e7f92af06de80f941f89a30c542468002c2e65a09aff4183408b2379a36ab3f3

SHA512
cad6bf6f0234c943565517739fb5ab6a2d0bdbcb5a31751d72a4b0bb7114451ccfeffdb4f98e3065d1bc630f83ef499ff0a5efa06527f388296a42d4fae07fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6be782c70a1ed6182367feeff85d44b2

SHA1
35c95119fbe49cf31e539f729b41fd8a86d6d4df

SHA256
738276a0272ff15caa0187d879a372cb14b5c4f3af3c039de74b65cb028c3110

SHA512
7834155e96c4d36c6c45e7c9dd3b256c33aed166ced0a3dfecce643ac3ce4719929c80718bcb618d47ac9b8cc1572682ab0509981dbc22c93b5676834472d126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6469396b3e378071caf466e6e4cc66a8

SHA1
4d4c81ffeb4ca1705405d79948059765c4f0f637

SHA256
03d101e2903798f6d82359bed82c5cebb7f1a4fbfd5cf0a2b156ae8a0a05214c

SHA512
0754d2258ff14c47908f06f446f62ac2cd6a15f8a84fc268b1cc8fd208e556bef7a31ff1bca9ecd776c7bac46b7df946485db54caad289d7848227aa3c05df36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9cacb1c9da14fff356bdb4e8f310139

SHA1
80a1bce69725bb1b7273574b43d54fdd584be807

SHA256
65022ff1388e6bb840afc3a5b7e7b81655262ce79bb0b012660bf6f69829267f

SHA512
ba157ee20302984402f2ab367fc5fdee71982d5050c35d7fd2e1573bb08db73ac2dffc81a0ecde7c0876a650ea7002d6a0c6b053125c9a41ca091e2ac46064e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fcd18e2fede7f2a7eb7eef18ff24e7a5

SHA1
0bd07e43fe22b89f143171653cae0718e3168752

SHA256
8f72e6493c360f13c538b367187ae2f39d2b8c094f6c181ebddbd9c44f8988d6

SHA512
f9b3a18a586d64af4096ba5d9172387cfebaef6ba10fb6ac79abf669ea425a1b6c748910cef0d6f7f5e39862636ad3d876f3411b75a025b4a03283804e627a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8db.TMP

Filesize
874B

MD5
37b0b089c86a45072535b801d6336d85

SHA1
d3170b1f24f3ddd537a25095853e84e846f01de5

SHA256
fcba82e9f132bfcb66bef5e05efdabeaccbbdee153dec92eea511101b3b46150

SHA512
14356ef21e28b4968589c3ea96b1c28038b61e8c4345bbacf8a443e976c3789238486610edc477cfd7eeef4af614e362d218d35b676c1907142bfee2510e1ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d49d24e047915522360d7d5aec1c170

SHA1
c0c4ab7297ea7b994ecc1e6b7a1a8526ca37124f

SHA256
9a0ea7d55fef03272a625da1b8956c44e655a15dde994db4cb44df07518c16e3

SHA512
4aa66e0629714b40804c7c36e20e2d0b8aa4d9f73140ab4000d08db8f062ad4a7d85d8c99492a389a2d7ae72e4af71d05c39af54ff2b129599036c1a3fcc1355

Download Submit