hxxps://drive[.]google[.]com/drive/folders/1WzvCLTGcnCyPKTfJtq3ZlTHwiFfSZbfF

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1WzvCLTGcnCyPKTfJtq3ZlTHwiFfSZbfF

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
3680	msedge.exe
3680	msedge.exe
1736	identity_helper.exe
1736	identity_helper.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3680 wrote to memory of 928	3680	msedge.exe	83
PID 3680 wrote to memory of 928	3680	msedge.exe	83
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 212	3680	msedge.exe	85
PID 3680 wrote to memory of 1800	3680	msedge.exe	86
PID 3680 wrote to memory of 1800	3680	msedge.exe	86
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87
PID 3680 wrote to memory of 952	3680	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1WzvCLTGcnCyPKTfJtq3ZlTHwiFfSZbfF
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c07446f8,0x7ff8c0744708,0x7ff8c0744718
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,7107920617319789750,6101309832288248865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b55d2d2ff2a4d5d7eeaff5ebb96f3b4a

SHA1
12d94b9e84142b10d6347a2ff3b634a20f692c7a

SHA256
3d249eae36cfc3837b043e4b8df670724fee5657b302c77d488f1da3d835f776

SHA512
4dc2fe1eeaca5f9c91d548c70a44ffd12b806a385e22a3c5f724b6f749a15c9ccb3ac1a752c63225bd4d1d90f2b25d8004a15d3912ca6a3cb92fcba91248626f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94c981336abc388ca817dab46e7fc547

SHA1
2d0f8d89a31adb0aad5c599a195ff40ecf4b161f

SHA256
4d44efbb5447fedc3cb21311290fe6a9d0e5a0e682387a1a341bd214df820ef2

SHA512
f1c9c98f6642ea3b90c8667a4871d5a3b8c05eb0c50d5dc31e32704e0eeca1d33add414df485aced130523d6be824c48e37d0022b4d58db60006efe3e337fdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4610caca2fd9a61a75e1d566f85e758a

SHA1
08608264dcbf36a92c4e5b4c152f2ecdd37a6990

SHA256
bc2174432bbc0d9bdfd0d3ac04973ae2a38bfab61b4bb428d0d98d4deb5a7229

SHA512
e99db1b92314c179d5da9e0e769f80f8c6bf65fbdc53ecb23dbf5e2ca1767a36bf7f1ece4a302c37d8ce6b26c1f54ff15c57f7092626455cffd6e2c411cc8382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
800cf6ac3831f3e8ca27ea5417a16492

SHA1
bf641326a218dc4aa9cf719f37ad195b7f98d6e2

SHA256
942672d378a8617de6d64bcabaa4a95db42dbba450a1384087fc7a448a1fa4ee

SHA512
018401b0dbe88a1bd3395003d6e25c8a8e0d2f3343c47b793e9d395eaae045b66b1ea82336ff8256da6d129c05042ab96a86598420fde5338f780582843e34de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
00f7c4617c80d30440e58f281694917b

SHA1
3320910d7958dc37bffd6e4a433020f56ed30d0a

SHA256
c00e79bc96a88547cbb586063bb7c19914a8e217a6670aa6353953382afac186

SHA512
23376734995927f0c560eb167086a2c874d8105d59842c10c08c3f10728a19cf77d0e182d24b6b3e42614917a3f4cbd97a376205ba2ba48d99216d2a8ac00ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b2fe14d551676058dac2a4525722f0e

SHA1
9fa0dbb0d72494bf7ec5ede4759f86ddbaa6b6a5

SHA256
ba188d4d1d87fd5a6c68440bfab41e71439a510f79084bb0413b55df0139c636

SHA512
c8dbd8acdd4d90fb5427f83029c920ab6f08c14f46392f45f2ba35d6fa81b6bc286d95a0f480efb1dbfc74af39282391d64ce94a17031afdbbd4dd112741c88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b4ea2d3fc557c7f5d231eb9e5cf4ed8

SHA1
753667adfce1be949afe9f07a0498ffaa955b88c

SHA256
b04c7eb8dd62d47eb932b499abbf3ec747e1c2164cc4e820830f577971d059df

SHA512
54254eab813a074558534b9f95d411b767c8cd5dd14a48b956cac4035e36119c6f5fb7788178558773aa903de9c6867d332d0b65e14d626e0d51ab6d572f9cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87b79b572e6c01de9ff910fd6c1ab37f

SHA1
26bf0ad41f83120442a003d027b41238bff95b92

SHA256
7f8800009e46354223fa3be33c3b8597b991c2fa7d4b76bf420589d626d6c94e

SHA512
c6c5c821de2e0acafc3121385293a5ba55cf9d70f97754b54e5eab55d729f768a9ee8e65eb8d4d3fda3d0eb3c109578d6a6cec95048a5bfcaee3922f1e9562fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f77889e2f3a0aabdcc51579d0cd31a40

SHA1
1533013027634a12af5a03eb27281b0ab39109bc

SHA256
b68ee8f2690baed69acbc665db49f2db9c2efacc44810bed1dcf409815afffdf

SHA512
d280e442ceff1a5656633a94b182fa3abea3d3e973eed7e5351fe81fc743aaad6c2e8c1040bf6d8030d15706e15e949839a3be28d54f303941242a625d6d53b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8aaaa6c1e916d77ea7c788a3c48362ee

SHA1
3292d59e634aa561aa5c2081cdcebecd5094a8ec

SHA256
6b82ce7c096309ae7a04a6ace8deb85cdc6ec2da681b02cb411b74b9d07beaee

SHA512
439ef9bad2ef1c335ffd817742efd16383c5b6ae67d7fa723435a266df9a08406466019708dcaa56a0e949186b00aeee48dc736a91c54f684c03e9ee5c1b5005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ffe728eefcaf8e7c9f37c8024eeaa7b

SHA1
ef1658c05b8065d4841a25b4789f017b0b32635d

SHA256
de93ed7a6a48d0986dfb962a4c0914904b7bc9a3012bc99c26a68d64a3393e42

SHA512
a10f30c2b6b058187c9e439d67b8ee43f400b4fa95f4577a9dd3b78c70220d19b249fe6ef4f484f3053e0a3d02ffa26fd14edf7667312a618dab6ad03108605e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3fec1a299bd5c0526e68ff14074801b

SHA1
26ba4d7c2e06030cf9b8f11c99dd1e81ec75db67

SHA256
30aa706dae9aa9eb1369adc1e58cda4aabeb56972854808056f7ba0057dac291

SHA512
915c123995c8f888a8629eff19a7aa9cfdfd4f45d47ced171509e14e365edc5c8c7b7a2cf91758a99a471bd3e537732cb4f743d406c89c3bb062ffb7187fd30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31af204e444093590cf331879ff62bae

SHA1
f91173978c7fb36ec4359e79751b2c37811d7c3a

SHA256
735ba5dfd292132a42888914df6bf6069e9fd749e23a209ebf12840c9fdd38cf

SHA512
3af1de3f4cd385c5f1bf44d21c71dc9ef3f2ebcd9022f01d40223c401856ad5a8d12fa8105fe03a2a303f208585863da263a402f84745939162e63e7e39789a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6e3.TMP

Filesize
1KB

MD5
0c68f2ed2936bbdd2bcfed70d3ab81ba

SHA1
6fee18eb47dcfc935494e510d5c800499869a1fa

SHA256
942351d9f2a1817c996daff5b805fe0bd338b33f56f9dac752f1f0de72928c73

SHA512
e97e35511bc820b0cee6d4e8ddbbd4c2516537dfcf7ba96930d5f0d72ea84482606568df57b9f1a516e2b9c5858d3c007b671e7536b44e67c24e92198a16b1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
96f7ef23dae9b6fbbfd7590fd231e440

SHA1
91019d76972a2322452ad37d8586a4442ad88cc0

SHA256
2c8f7848a3cf6dcfb834a1a5739790e5d995f6eaa29694c4ff945ebad354d344

SHA512
1c7f655df3ce6c5d667de5525ac37529f904c4a9f629c48bc98f898d0ed3323b6238317d8a164af8528dff2daeb80fa2f9ae48a8ec4c7df53b60c913bf09f7ce

Download Submit