hxxps://drive[.]google[.]com/file/d/1TwNYgFhKBi8WRu605vah7cBXj_oWLoNc/view?usp=drive_link

Resubmissions

02-09-2024 21:00

240902-ztkb2axarl 6

02-09-2024 20:59

240902-zssa9ayakg 6

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2024 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1TwNYgFhKBi8WRu605vah7cBXj_oWLoNc/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
4052	msedge.exe
4052	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 1260	4052	msedge.exe	83
PID 4052 wrote to memory of 1260	4052	msedge.exe	83
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 2636	4052	msedge.exe	84
PID 4052 wrote to memory of 3504	4052	msedge.exe	85
PID 4052 wrote to memory of 3504	4052	msedge.exe	85
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86
PID 4052 wrote to memory of 1656	4052	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1TwNYgFhKBi8WRu605vah7cBXj_oWLoNc/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffead0b46f8,0x7ffead0b4708,0x7ffead0b4718
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9116417736096016842,2441798718006283160,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
e46ed83bd23e3069c5d2f92f633970fc

SHA1
eb823cf4feb0018508474bb84d5aaabe2c53fe90

SHA256
b87c08a73861d92144cff212d97d41e1f3d736a93feea719431e33fb651d599f

SHA512
94f5bb189ab9d7eb324f3999d71d8f8d5bf2e2e3432604b4892972bd3a2e929e561c9a1717015e66e968fa4688c7f52bf6652a51444b220c067d434705d6efb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
878e793cbb11c71e7d469c407956a4fe

SHA1
d37048b6cd50be8707ed4a5d8c9c1f190f902870

SHA256
15b973796a9612c9cc9bec9519937e50386079ed612889631ad7c2150f64d98b

SHA512
beb14d59734c9a1727ddd50fe5460d60b04661316259d85cbb3f86fd9061674bcf9240b4eec865acb17b9aaa1ad1d115f845aa14c9ec464aa455a25cf8b4da27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
69f49a3e482249bce89eb580811846dc

SHA1
8f9e90fad81d600d53a3d9be3b66d7f257d4f8cd

SHA256
9269ece63f94bba5f34cb9fa4958e41c21d5acd2a6398cf28e9fb5a20b27e47f

SHA512
26ece66bf9aa02cc7f22a26e226ab674187270ef3b50df4ac0ba7d30bccc0847ff5cb746fdd079afc4f3aa5f976d66aa4a92ad951d43e87630cc0533cf6af091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0388330f1ec22c02d5c530833f417bf6

SHA1
8bb08641a9c054b81fc68d99ce1c7195454ef89d

SHA256
523abc25c896606aaf6571e95a2994e8ba017e52526ea7ee65a27cd7feab0638

SHA512
5dea7fda6032335ef93e7fb941d9425f3554cc6b488e675839ab6089c4a59979bfc13f8d4d8144090197d7a0a464e6604554f79d1a6c060a64ba48c29523a8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e411fa5e401fa1d632c082758f6e21f3

SHA1
e484425e16352a16d4d6237e7951756284892692

SHA256
f5757a0fd4ce284a832de73dabe3a5ff0daf046fd573f6c397ada84556742a8b

SHA512
dad771df216603b3a6adfc03ff87d64cb977c9bec9b5ecf6368793976e0409c777e7e1cbb2b89be0018decf06597f205f745819a00c1d361821f6d034dd50f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
9ee65a08cc6e2459b1deb7d277166963

SHA1
11dfe6b6e4782e39613b9611713e8dd4583fe960

SHA256
377bd1c0254660978da495f6fa245649c6644f11a38cc08cacb4e70c76d6e230

SHA512
11029deea6791b2024a8d0d147cd1e4065b062ef4254c540921e6dbefe583c91276cce3a441edafb51601a93d0905f20a73f1773dc48e80851d0ae794174c378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
cf30ba22acd4c635197146e57aa276bc

SHA1
833b0a62980565a34d40a930ed2764c2b98c57a9

SHA256
d1d262e71d272e621e922f5fea24cbc100d67ffd171ae4b8c9152f3eaf93f48d

SHA512
cadae83e5c7a70ab41a60ab06db4bfb55345647996bdc9c4df1c87226c2e94c4aff8edaea434264f11eed284a6830a981d81eef11d2d8679ff2e49e001b91e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
71e573c9b6f0de175f50f29588fd509c

SHA1
7c87ca95fd04cde0ce876934ffbbe3967fc949bf

SHA256
d932ce6169c73a15b87964f12a97bff06b147c96b3ca8193f3dfff04ee809fb9

SHA512
2d42e6d0a4107a518f9cbf3e07d0eba5699e54722b46a65825b06f373e2a933898c0f3a7ab741dbceb0c7fbd6d2e9e549da5a83897387e32fe451c68fd8db2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
93aafffbc7d17d6eeeacd9abbe46ca4e

SHA1
a9d7b1ff788c27675552ef6f1db84ce399320615

SHA256
7d319ea1a32671666b21dbcbe3682ecf1961e5731f9dcda0dfbf5d5b89bef903

SHA512
4569e74652fa4497c938bbec5eeee3db74fef72155f2a992033128786272fbd4dea66e9c24ff2f9644796950672a7eb7114d617a6c0206ebd75990aab4ae5888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
6cad2fe1bd17a5de0fbda7d6ab6be9d3

SHA1
3ed27cd58bed6b5ed00ef12443dd071997fc235d

SHA256
f2ff7e7b48d7fd7cbe82eecca6b58af51ff83ff3f527606c49e1c00c11547e60

SHA512
fbe892f54af2756cbd486ed5a5b251cb817433d2d632011da52336b4979411896954c33f0effef3acab93b6e580783277a4a643bb017c9b4d295962939f2b493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5800f5.TMP

Filesize
203B

MD5
7bb4b089aed7fdea819f5a251bc7049a

SHA1
742501fd8b9f33b7e1aca5491ddd51e5010f6af2

SHA256
914751fbe8652cb6a95e54ef9b4319b0fbf2d9a9f5759e0bf7292bd670e79f17

SHA512
33a536687490e2d70d2db1fa12ca0f966d3e1fbfa1350af2b7f11175d21970fa56af7e2fff92d477e6c1f124c99bcaa0dcc69aa19b98ee21ed6ebcef908f4973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f50e5b3936adc568c576e1a9cfc9cb22

SHA1
cde5fe41fe75d5cd08686545d6c96055c33748a9

SHA256
745e1dfbd926cf687762be942e0d3c2f9b702922e2ffed2fa00f05fb3b1e4adf

SHA512
890c4d137c6f71dc619c8f8f8af35abb0273d3b4f9c549e656a9d3462c5001ea9531c8f287d2e314c444be94decfce923dec616f91179d62f55f1f5f9126e46c

Download Submit