hxxps://drive[.]google[.]com/drive/folders/10nF2B20mB6TunsCpQBTgv26pGY1B6C_5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/10nF2B20mB6TunsCpQBTgv26pGY1B6C_5

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3172	msedge.exe
3172	msedge.exe
2092	identity_helper.exe
2092	identity_helper.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 908	3172	msedge.exe	84
PID 3172 wrote to memory of 908	3172	msedge.exe	84
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 4812	3172	msedge.exe	85
PID 3172 wrote to memory of 3944	3172	msedge.exe	86
PID 3172 wrote to memory of 3944	3172	msedge.exe	86
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87
PID 3172 wrote to memory of 1236	3172	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/10nF2B20mB6TunsCpQBTgv26pGY1B6C_5
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed4bd46f8,0x7ffed4bd4708,0x7ffed4bd4718
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4604992577731573877,14996991794955649923,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
110KB

MD5
c4c3b31fb8ed06e405e2eabfee6f0ca0

SHA1
b27d7a2473a56120d70d0f57fbb17435d6835529

SHA256
beaa2dc0346767d734f891e7c794c823bb768f2d719d96f6a2ea947a0af565c2

SHA512
53b1de893a6c3364896c739e84903311a6380921345928b243b3556be16670cc3c2de3781183f82429a7be412b4491be57581bfb40334d3b0381972c5e650393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
49247bd55f94c02c4f6a45b75ea52e3b

SHA1
19ff2b115367381829ecf060b8f9823e9041a786

SHA256
97fb5cf6364ba3f1780c6bb26c2f1df675a5181d33f3a46e9b20914c3b909b74

SHA512
e2b5763facce8015ff36b45809e43f50f6b53a2fb79c72431c6b672b3cb6d85ce5a5a364808b92986b650d0ffe9fb32f887654da63fb65888aa539aec79806e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2d0044ffaa3b955501a84b0979ba0cf0

SHA1
b1f4e51caef9c334d0ecde41bd08daaeac3d81d4

SHA256
7414ff2d1acfd7b79f0ebc3f35ebbc2dde7a44205eb7282a2e430d59284d681d

SHA512
3c2ae36dbf265d64e70fb52ff0cbbddab9e2636abe045da5be266bd7b85798816149e4d765577c76f15b3f5c7ff337468b8a96d8e3bbd596c1432196a2201162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f072118fe450257fdb3f55ee60d0c4e2

SHA1
2d2ec24e4f3b9430ddeeb8905ee20236b1315550

SHA256
0d14fd3f0774c02214a7b040fe8e98d991ae793474ee904120739b1f05d0a483

SHA512
460f49f529b2538f4309d2ef5c356876f8dab6f49ef950ac2be2abba940a1850321ed31d6c4c954155099cd54720b480bd0e19a4b641d34fd40699f9fa46216f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff0b646d1a2a2f23e7e1c6a816b42113

SHA1
c97557e1d1af94135d4b6a799ec651c2651281fc

SHA256
740faca040ef326395c7f695016f8e7e6993745094946ed1a7eb0c4d98925cad

SHA512
f67189b848a25d8223ce8e68555b070090f84d390d2dbe5769fe10e268a02efb08a7fdfe045aefc85ef64865370e129407980d8d03113085d0372925cd78af10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
918d537b43696c3e79b64ebb0c64fdc1

SHA1
9fd52d187cb77842e73901dcc1b83e18374563e1

SHA256
dc11502409c5de1a5f26efa93f476b48820c2b1ec95932695f3cc75cab44e8b3

SHA512
ff0da317a920141671c70dfd647b64f33d190c429096c6934786d1c1a84a4e3d06e83c09afdbe41c4b90a4ee3308f03554c95c0beb822517bea8a127e44ee54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
822229ee7b9b0b450d8095370d2fa978

SHA1
a436e3c47cdad99fdee736456181ac97d7f2d2b3

SHA256
2c2f7e785978ec91aac7a0f018d7516298aeb6bcdb9767b077e1498fe413c675

SHA512
95703c127f293f279eeca8b7825338e3021e8206f55103cfab51b642e775512ae7a8bde13f1e6017f94f2dada197c45dc3dfde19c69527497e20e940390eef76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c1ff4af8d56e4f7dab967b9433884d1

SHA1
ebf4d4e9561ea9d962b86df120d7127a9e4f718e

SHA256
9cbedcfa818451931a62e3046ced4fc13fab6bd9d02faa7adc234ae674881d46

SHA512
c2315a8f1917804fa84c8e5a7d6ffc8d1c4b29168f7f1a9221067e0d1fab628113851f40616ee4724ffb35ff26f5ece70ae5b3b66ede9999a39a1d844a84bd93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3a265988e328828cbbfe9c047859cd5

SHA1
0340fc95dc3cd174cadc78cf127abfe382a93b11

SHA256
e9d99f74780c1825de942c64a12908b4e97aa6d2d0cda24ab656ea7d664687eb

SHA512
c853bb8a4c0a1a24e07f242258bee92af31e07dbe7193c10a8c8015d43f59db51c595624d1ff84add160bd10d406ae2c9287aa56f031a55e6f3dc7ff3b08e2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb79.TMP

Filesize
1KB

MD5
044af614b75e2b0a51fbbca8da76dda9

SHA1
c03171825119966b957a74cf5abfa4b510304448

SHA256
b9aa4c65e9289df2bbe26c8ef7709ea4b160d6a502ad16f7b8b8a4ffc1218b5e

SHA512
15846c8ef4efe0a39bdf165e2c9b52eed2babe5395d14c23ba4c48331739cf3aa8b15985d37d54140838e61ff1977083ad4686e5ba645e7d72038f12e7a7fa44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cd91e140-eac1-4370-84b2-12f3d92c037a.tmp

Filesize
6KB

MD5
50ae4143147eb2b394554c4e7278a608

SHA1
dc783d8cfcc83b92725c2157f14958efd5ec9367

SHA256
250ea55ab9e4b4bdebf79dc46a1c8130dbb776bd754e0091a2816ac672481adb

SHA512
af88f5f5497e2757fe08214b16357366115e7fac121a7e82c7368ed6a3de3c0fcb7063ed12eed8fd6ecccb616cc87415c22de3b9c76b79fc0b81239f6566b730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7264b0c142b0fdc0b417390500ccbcb9

SHA1
f93ceab5def212fc11d3fa9999ca3d77c0b0d2c8

SHA256
9b32f2c9a707a2f509553306edcc57a9bcd8b79ed681f8a2d349f9a0f2807ba1

SHA512
d1cea6c02d12c48e32aa3551ced1e29afe26f89f23a41f2dd21acc880d4991f8e706e1a03555a87c4ddb965a57839a8317074b372fd74422f118ca277c57d82c

Download Submit