hxxps://drive[.]google[.]com/drive/folders/1FhvYwhIrKmbcE-Emipa4sGUgA2XhXOVZ?usp=drive_link

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1FhvYwhIrKmbcE-Emipa4sGUgA2XhXOVZ?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
3056	msedge.exe
3056	msedge.exe
4892	identity_helper.exe
4892	identity_helper.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 4656	3056	msedge.exe	83
PID 3056 wrote to memory of 4656	3056	msedge.exe	83
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 3280	3056	msedge.exe	84
PID 3056 wrote to memory of 4780	3056	msedge.exe	85
PID 3056 wrote to memory of 4780	3056	msedge.exe	85
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86
PID 3056 wrote to memory of 3688	3056	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1FhvYwhIrKmbcE-Emipa4sGUgA2XhXOVZ?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9542046f8,0x7ff954204708,0x7ff954204718
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,9439429004192368074,4836468946843001166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
4dd36552638146f0db4bbb586d77bbc8

SHA1
40eedaffe7ae31d329d039266ac9d0e684abf7c2

SHA256
f6834510e1a68c8ff59e74df570dff297539a877ae77f26438a729d7b4a3b140

SHA512
2f2fcff9cf628a64b0d92944fec0665d2ab361fdc670ec62cd69d4bcd48f39d93fbce17f60cbdcbc51752b536f6eedad2913eaed2f193c80bf5723284d366c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b2a2519631935bd9ee31e5adf95c8077

SHA1
663cf1fffbbc276bd854900ce41d30ea249a9ef8

SHA256
6e4c5df72eab978465535d4ce3d9f5258fe8a683f771884823c63776eb6cb095

SHA512
04dfde5d29dc29168b9ec19c1c85426a87889a52daa10fd46750675cda98851e037451c86edc9f863154494984e55a78b58c5bc901cdb2a4b205646833320946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
58b794abe13c3e3ebd8b27d9426ebd6b

SHA1
bd591003800668859615727bad882a6b49d172e7

SHA256
0d48dc22dd8fd336f4158bff11c1e4e6ccfa17cc2bd9bc5428ad168d4b89add0

SHA512
9d35a51705a03464cb52ec1cd975e71e407830715ded03eaaa327be40a5855ae99ea7b2dbf5c80491d6b19a6b74544224cbee1c3831e9c0257f8d73aff55d247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b2735d17d1c8f8f20f925f4e2710c784

SHA1
0bd2ac328b8af8a82c5b026e172f130432a01a1e

SHA256
900e02b2ddc32baf38cd8f612334cb6fa051a0d5cff99c82262f7fd237da921b

SHA512
434e0f0aaf1388d7a9d6ee8e4d756c0100b3304d624146d1fcc3ee1bea390a3271aaaf3bc1d1c8c77181c7d6080ff00aa775d5300fbbc1ee5d03bb187f13725c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b491ba7dc0f468050d72f5a60faec489

SHA1
f5cbfd72c8c7e3ebd5be46dc85d063ea2886b0bf

SHA256
c81bb802a4ecc078c32b24034edd75153cc028ae20ca0f5933c2bc3c2addaee5

SHA512
15b0ba7c4a5961ab1bad20bf7531dfbc5b92b01f838df0e25683cda1bcdfd7417ad34df18f4300ac0c9c93dd8ae43162be86e6d312c170f1ebba81611b9ba781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
123951ce0a20e46c6981600bedd14df6

SHA1
232d62ef2a7ed87cc9b6efcdc5f1882d235a1745

SHA256
5f7a13e6f884b39ea8cd2f07b108b64de35959d0b12387beea151a3e0362b37e

SHA512
9de48e4c5f92ac5d95292243197f6253027a3a875c9b650137d3a7bfddbe7934276732ab458d65917d10b76ad572aadc42761ccd396e1a0bdadd33e422dbd7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16e2c86142386e9b0d1b61f93e2a6d52

SHA1
0731392d10d31fd763d54fe767cd612b1e58b8fd

SHA256
049cf6501b3767a42fd4e034f0db7f6d8180dd9dd0fc129fdd1551d4c165f1f5

SHA512
f566f66cc80264b7301fa78a2f962cd00d4a37fb2deeb0738ab0384d841c6fc08a459c7514b35da5c6083ae1b8b45a4990c2eb565738620a8538a90d34ab3334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08fd310b078906c4cdd961c04b77a031

SHA1
7f5c3ff180efb793ef4e60112c117dc8c348721f

SHA256
10012d7439ca955b76ea818b6781fc5448c1f353d860f300f3ff016549b91aa9

SHA512
13e06672749774ef00bd19363f4de508e02f8a2b8d762884eb4bad294d7408dff247727fa32bcd5c5c5f0ab4577a478039cf836b5182b7f7be236956f5ecd750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dffc81a112f408a606bb2c577dfcd9fa

SHA1
125db1ed53f39a8ff810ce20950dca88af1bf3a8

SHA256
e130168f0b8063a3cd3b1a764786019fb1d2bc479766aa05d1c82777ea34d182

SHA512
009f628e1e256ceadb596995c72912f111d5a3344f015c1f008137a1dfca6c1afe6aa789d88c48ce64da5b7eac30ea392b88bb005e3796245e7ce7a90471bd93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d79eed1bba462f46f9ef77bdf6aa7f2f

SHA1
3357e7ee38f9100e48b6351dbd9f4e16b64e2f89

SHA256
a47d8dca7da177c4cf6e16a190c4204b5b4c5eee3d9f96bb61ec65f477c60371

SHA512
7228c71b2ec458be84a5f4f47a274eda39f246088b57f2ded4f6e7f435797c451273dce08b3e26690dabd1aa8f9a6b59bca442aa581278bcf7e658ffab91a177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79ff9bb4e4d2f2f7eddc7dc7b2510efa

SHA1
7dd4b2d4447fcc1efcc68f8ded5da1c5dc8cc5da

SHA256
c68aa9e0f9d280ab007d328e2dae68e61bcd4886e5b6cc5e6f63e076bc74108a

SHA512
ea32ab4c4142ad674bf585d46fe3f5221a3c3d376926502df82fc78589fd5ec372ea29a7fe9541f06b302ed60871b5f666d05936576983fd7473fc305aa8a0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e4a3.TMP

Filesize
1KB

MD5
b079aaa4b7a6641f000f8524768c0084

SHA1
d9617dd4e813fc2299e7d1729abec516b95ffa93

SHA256
7bf7be5d78754809a403ed941f0ffc04ed82c02a0dbabc487333fb3995373dd5

SHA512
ead63e84db85b84ac9c99a4fe323bbdbc879feb2c026de76bc979003ed7d0a3d2d519298c0a2dfe9dfca963b5e1c3d4175bc09777ef5499fa1e018a8a4481520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b2ad6c21c4d3054eeb6d93644eb75a2

SHA1
e65231f1efb31e9ca5af883c3fd274b155971303

SHA256
9d8fa580a81003128429a912b301331cf670936880aa5348a96f9024c9a9edb6

SHA512
d7d4e79f57ce5be9546e6f4f4d89e43706f5834e2342aaee29771a99c3ccaabab417bebd13f07d0dd835b76aaf5c6b064ba096cca59ea8f4b5ddf677f0194e7e

Download Submit