hxxps://drive[.]google[.]com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?82stsXJaW7

Analysis

max time kernel
240s
max time network
243s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?82stsXJaW7

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4352	identity_helper.exe
4352	identity_helper.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 456	4392	msedge.exe	85
PID 4392 wrote to memory of 456	4392	msedge.exe	85
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1652	4392	msedge.exe	86
PID 4392 wrote to memory of 1916	4392	msedge.exe	87
PID 4392 wrote to memory of 1916	4392	msedge.exe	87
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88
PID 4392 wrote to memory of 2040	4392	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?82stsXJaW7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdcac46f8,0x7fffdcac4708,0x7fffdcac4718
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,3756352060641365099,6348066303618234979,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
b08d697b881f3ce6bc81d2025092cb56

SHA1
83b5e1e672f72c0a325e5f1e0c93de7186e05855

SHA256
8be220bd67e180805267a6e438ba4342d017f1a11f307ac3ee1f1336865d6e6e

SHA512
0719b4c8fd3eddf73571e0f0e4e3957014fa73baec7bed748b04bfae424b1046b2d54f637e725d9777a1d3fbc8990215f72e7d7032d9abebf64beb4dfbc79348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7c553daf7d5728b088b157c76f84ec38

SHA1
89047aab2e073a707cd5ed6a8effb7abd1a3342b

SHA256
71a957a69e57f719910d2d94f6770e0b009b24af48d5b55fe6196b4e4058c53e

SHA512
504b1c0647e3055cee45cd55ced5b8127d477e4aecdea1f2ff4c63dedd87c681529f7dbe078a0a23a43cd46dc404c1f88376c0ad0e67e83936ba9ba7ba159772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3bd6c77f2128391e0da7cd13eba65c98

SHA1
93d0f8b95257571de4aa743e38027326321eb3cc

SHA256
22569d75e79997e2a60f75ae3d7a6e8319037ec23a1fa0c345157da632a5960d

SHA512
4582cd0c32dfde999d3a1daecae2439a2badf7bcce6cc3d2dc672d76ff23184bc6e37cf3c26fd93697b99d9c6bfc0871fdb7471c3e8c231971bf0efeefe69b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9554d7e91dfcf48518e6a5bc66bf7ab3

SHA1
37f34f792d671fb7db473ab5c3ad538933abb4ef

SHA256
2d48dc3b5a8660eaea02c78545e2d31cf4db51f76f8fbfd03426074300302e7c

SHA512
36f4fd50404a01d8acadc7967f1e360e809bd322f88a4afe385fb39a7c17f645e749202508256feee4949745dffec3ed9d021107d6203b1beba7c0a92f98dbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2f252d59205578f2bfb4acab038d16c

SHA1
6115506274f1cc917c49873134b442e71b51cc7c

SHA256
20860d14aeee0086a10cf37306745b9f80a8e5ac92d28811a1d85895df3a03b8

SHA512
5723dd39960db5a49ead825dbe9d1944442296bab9fcaef3fa5609259d7a876fbbe7dd19da6dcb53505a3fe97f57c38300f0631fc5022f79762125853f188d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
276fe691e24bf10f8c1bc6a89a25e873

SHA1
728160e861243b4ccb75da008a633045dd913588

SHA256
47604925cd7a96149380110885f24eec573dcae36d364f919f254518805f4c2b

SHA512
bccc744687618d3cc9346e6806284ccf8388895face960f1cc3c476b7e7ded88d2ae17525c081b4a1878e644dea8199feecd75dd354271e51e95911b3d4d1f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2778588129c62126184329a8191b8ffa

SHA1
df73ba2fcd75de74f7d98940f65f18fd7e77e267

SHA256
3727bbb6885456806b95ad6e719a322ea381423af4932493823197c15f77610a

SHA512
2d352382f756b0e0c57d54893728d289d1f02b890f911031e3c007153c4ad0889e9111d81e0079b822273986c5679981d135e2b48dec3c1adc06fc365ed797a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
797323c3a201d7590ed277f941eecbf5

SHA1
785521cef4920443000a9b79c1423090dec47a30

SHA256
2d6aa4a3801cae9bffdafe49e8f31a173cf80687c761381cf4f49668b673da78

SHA512
50a5d9da51719ee2a440f7ab42352b88add5e8186461584b4d011e98368506959bfa5bea8aa30387af90dd409edd16565534c3cf5208d858cb815f4402b87a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e8e66f6e7e53bd10144a76db245543e

SHA1
c9a7e5e63178ffafabc7183654cc85f62d4d21af

SHA256
b39d003182c1e8ef66eb8400a126786e566878d2f458061be14f6d1578baa67e

SHA512
65a15c444b25a232bedb67a97a1847b0e2a75cbf9f9b84098a1f7bea76c0750685ebc02160aecb1c19f5137293b1d29227c7522512ec8817cf7abc19dba0747f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c3f6cad47edd9f3202023e2e6cce32d

SHA1
03c65758b4033281cb3d90905042cb4bc194842e

SHA256
68d4f1db2bd4e46609f7c25220a5771d7832d6ebdbb7084667265ec51c9b9ff4

SHA512
a3891b5bff4168d3edf6ca6f3fec2aaa7d5fb5f0105405e0b0fedd3f803e03e5aed9f32478d78fcb42c920ab69a5581ae138ac5b8a4be5a41c475fc785d608f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0372cade9bf9c5f06106dfbb1a084142

SHA1
69b4eadae2acf16612dd224a56e08f4a08d0f10c

SHA256
91c007229f44e948676cc3cfded8e218f5ac5fa4647e172665c40943524a44c1

SHA512
3d9057e82c7c80a68b3e195ea184b2612407b9eef6acbfb9d881176627a8d75a2b4a541c774be7ee3e9c5e22c5841c3b238e14bd98de423c2ecd33ed9dfa2c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0aec785d8f1b1b52393762f79d80c9e

SHA1
8530ad12411a77c5e4192eb90e1f371e60172e77

SHA256
9aa7d0c57266e513999bde2798bfd739210d91e54b04a6930edfb6cb32b249f2

SHA512
315b1bb165b84a6cc91e159fcc11e86d3ee6347bcadc610fa3e9dbeddb2eaf19b5d8f2229d6705e51a99504045368db9f5d83d6f1733ba18e03c2a6f0939861e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584d21.TMP

Filesize
1KB

MD5
95aa88a5583872356a74bd9a186dadb5

SHA1
2f93bbc46d0747d2a015d3864ed144324db80b4f

SHA256
9ab903483f4ef2d2a6956e1b4655239b2ebc5949861b6e8e24943489e16104af

SHA512
7a3398391bd6e625ebf333f9675ee1cf4c1760a40103070b5ef0bb8f1a8d6d28c4403389a7174bef7fda6d2046d2c9cd9b86a0c24cc29f6e2e31b15ad6dcdc98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd17621a3a8834adc4c6114d76360465

SHA1
59463b5e62b25ff2300e4ceb83e0e2ceef0ce943

SHA256
409241bf3d28e5d487b68a45353c42f7ec5989821683e586fe5cc890b6de267a

SHA512
c61a76a6a618567dee83ac5ac2b6dd8fef0e15a9b109a97f5e4e66a87dc7783b48c52a0569c020df1ea4aa9ae1f70e2c396719493dc33cc51da7b10ec5bf8367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9055276eb1cc0a93aaff5df6185235d6

SHA1
830109064a61b9dc373c1b447e37a90be33b9ef2

SHA256
f71566e628c408520ad2525623f50ba9e0e42ddb6549b33a7b40ec6c9a335dc7

SHA512
93811267c27652582489c61ca381c0114cdfe618640ea82c8dc45b0e192a40b2ed9424044a376f85b6f363605b287cda3b2ab18694df247c59b536b54f2b712b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3e6b054dca4e76d6aaad1e6e2c22681b

SHA1
6d54081358558c8f12517c02c94ce674b2bb2de8

SHA256
23837742db4ba133a7f7879639c4b2a8d0662ed0ffaf2bc6071fd728f8c0a0da

SHA512
9db794a7df35331f32eb16f941983bcf0cda6c72da7e010c6eba87a80376427043895e3f9b9e58a0909f5ac45219efad019ad480204eddf19af4099d30e77f9c

Download Submit