hxxps://drive[.]google[.]com/file/d/1q90LG4n5g2v_O66RZ7cDG8tBh2cS5UAa/preview

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1q90LG4n5g2v_O66RZ7cDG8tBh2cS5UAa/preview

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
3560	msedge.exe
3560	msedge.exe
1196	identity_helper.exe
1196	identity_helper.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 3036	3560	msedge.exe	83
PID 3560 wrote to memory of 3036	3560	msedge.exe	83
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 3972	3560	msedge.exe	84
PID 3560 wrote to memory of 2808	3560	msedge.exe	85
PID 3560 wrote to memory of 2808	3560	msedge.exe	85
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86
PID 3560 wrote to memory of 5028	3560	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1q90LG4n5g2v_O66RZ7cDG8tBh2cS5UAa/preview
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfa9946f8,0x7ffdfa994708,0x7ffdfa994718
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16370985730915851271,16675753118108444524,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\221223dd-9d07-41fb-bf40-1dd7e40cb0f2.tmp

Filesize
2KB

MD5
960bab6305f6aaaad999fa41867f32ad

SHA1
74b03f728167c4321d3bdb6c107051549534f99e

SHA256
753f5f3717893f1a369cb78de56fb040dfbb33cb441125cfff9ec6f1237ab977

SHA512
683b494269fc1926b0cd983e076ab73cdbd4272d5247d598deb22c4aae0f994a0801ffe8ef3a326451f1154e3a42766c92beebf6dcc1439b9e2ea4847d82d187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
760f4ed8ad0e2a62148ff4e3a82af8bb

SHA1
89656c173ae59ac5591c4c839658673aaa014a35

SHA256
5dccce408b93557f11ff6054b6f821b38747c5350705cddb412d754435cddbe6

SHA512
bf383240c28a95e20352466782a325cd852e06c6c4f92d085ca97669183f80266b252190c9da1067e002dd0e55d61f64e303373f2d2fcf564027945f9bf8f11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a2f3ea5f7a33844070c7acdb692ff216

SHA1
f1e0d91797ffe33007438e0a934dea433b959e57

SHA256
6de256d3fd9ca3a46002ea5a8fbdb09eb42adfa243dd6298ea1d9f676f461426

SHA512
434f373e3c54d7cf4b9b765e24c958d62bf7afca43c6f12759dd5fac901981e7da7bc6c21b1a63225c23ace1984d20839fca79ea1052e345a51fb42022e31f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a880cfb10338e2685238364e45556812

SHA1
1923540ed617e251fbd82705086483a25af748b6

SHA256
be3b81625d27d81b854fa042c7877084679b55805a111442c97acee8b89809a5

SHA512
59a5b136abb1cc840193bc1e56720e918e0471268be4949505f7015421d476b18f74171411c2ddfc53f634fbd4d99a32fbe6007b1cccc939a86900dba89a68f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11e4c289df7d89a44844d270b25478b2

SHA1
9c682d380872d0afeddbc54163f5fc934d4082e2

SHA256
51a06b3300eee08d70b8666005d198c2fa671659517059782d824927426f98bb

SHA512
ccd0653471ec209a45fe6bd4e1ad7037b096b4e37513903684ef692db8e22ff3a665d83697396915dc39bc7d1e4af81b4fb36b14d5e41d7b9afafbad69b04859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8dea624716936080eae361621d414c93

SHA1
8b888ee6c88a9dbac402f2e5817a742e014c41fd

SHA256
c66a7f94a1b9b0014539f2e077581f03b2abcf2e8a3b4255127a979fdab66bdd

SHA512
9280fcae8632a4bc260807e6514fb8d7487a2d3c05eb8859f633795608e4ebf76dbffc26eced042ad0df0f3b92f6c01ee6e176162271a6e6c00de77ef89ec5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ec61e2956103ce8e56025716b3230a7

SHA1
7b76d9d2ed43ba6a12645e1fe7367a615083f69e

SHA256
d03a1e342978aba6e30f5f7d0aac89e9c9568a043ad7f93c6c31b0dc32e0af72

SHA512
45d2b642c497e45cf7bf8da4377f6a8dd398217adc8a1af0da224fce2f63904f2e96f2453f69651f43a986739dedeb99d006f55e39896793f1602bce80f2cd40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
71bc6b6b538b095a6a19d61c64404866

SHA1
e77f5cf43a11ab0e72f28ca5940c5f7dc48968d1

SHA256
786284708e84aa4cc6b96b59a312b0c8d703ee2495fb5b6add0981289eeea673

SHA512
8dc8643408b23c6539045770672ffea0217c2ca29df469c5cb6c76758632f6d1f3c4e74b63d6f827158ec69cc55e11de91e8a1d2a9827f13b10f5eaef25cdadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583b6e.TMP

Filesize
705B

MD5
13c1d117523e62c2610a9fce36ec1cf4

SHA1
7fd158c45d3a054c44df1889adee45d6f636eb78

SHA256
c2d534836ed1c26da452d6fe2bb303ce0348dc647e127ba491c89c0d603dfb11

SHA512
7cfe72ed1bcd2323c908cfa58ae7633417a4682bbe63a25b6f00dfcf0bb80b32adeb52f32b1585b06d8ebb7a23b2b7f04bd65e2ddb14ec6b29263a4a4999ce00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cfc2e5fce28e2de85b1900d5e9706e09

SHA1
0dd1fe96647b6f380faed9f9e4fa3f6209058741

SHA256
1299074bd243a877feaef56e308a00d6aea71003bca6f2ddb81966e01359ccb2

SHA512
be4b21d2be9c9a5a3779916461d675998552eded9c64d248112fd8f91ff25ddb5dc7838f103074f4f976e83c9f7fde796a23db06b3bfc21abb95d7ebb18aefd3

Download Submit