hxxps://drive[.]google[.]com/file/d/1gwvo8NPESOwrU6UKYocbhjmQPl6-jeag/view?usp=drive_link

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1gwvo8NPESOwrU6UKYocbhjmQPl6-jeag/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
2268	msedge.exe
2268	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 4664	2268	msedge.exe	82
PID 2268 wrote to memory of 4664	2268	msedge.exe	82
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 4224	2268	msedge.exe	83
PID 2268 wrote to memory of 1720	2268	msedge.exe	84
PID 2268 wrote to memory of 1720	2268	msedge.exe	84
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85
PID 2268 wrote to memory of 3684	2268	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1gwvo8NPESOwrU6UKYocbhjmQPl6-jeag/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8964d46f8,0x7ff8964d4708,0x7ff8964d4718
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,828005337318403571,2734564837079349307,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
c1750d8a6cbe5a903a7cb877af6f9bbd

SHA1
a89bba861db099d5dd5efc06c4e4535ad3bcb3d7

SHA256
878e54c474d73ecc739e8e17eadf930c25066f13c5fb91bb876cbdc91eeef4d6

SHA512
2564d24dbabfc4c38f3a5315a2102fad5b7832933b153187278933070d06f45c44750af9eb32d2d846afc96243763ab37ec97cd0fe087afd78cbe12e3ab45c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
02d6b4b27a69592b1c63496dd4b94636

SHA1
28f80d5be2ff2ed2f3b1e2f2beb7271dd89ee4f9

SHA256
cd750b62f1898420eec8f9324c58932f4acc0d1cd06960c38362cbd9b5cd64ca

SHA512
0616aac5029c76639a395377c38c74bf3a761adc2c244408fe277ce5a7e7e0a963034eca461a3b08eb4be519aad4ffaeb14659525dcc80780c9ed50439c9d989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
827c646b0693631fa5d80748f3e71035

SHA1
c9c7a839ea190a5a2e1cc11924edb3a21d934daa

SHA256
08a5c607915a2cfc476b257a9167e78234d4db452b5fffeaa48ec2101c61d225

SHA512
d236012e28997c2f849aa6a3d0e31bc001782f9bea5314a3608f98a193ce626919bcdce2adfedfa69d95ea647cd8a4514eb6bb4e30a8cbb0dcd1eb00da75c8a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b1a9d7585be0295c9e441af19d165970

SHA1
28a2978323dd96c0f3e4337bc9a6e4c6d5de4e4b

SHA256
d3d0f1e24541867280c6731593d17322564aa03a2fbdb25bb33f594c0de40a72

SHA512
010f033a3d1989cf67e1831dd75ca0b7558857da1421ce0992bd2062aab24ea6985b94e9e4a473e383faec517e2bd9facd3ce03614af5a58d7511298545730fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eb8b795b324dba8608eedb6f99a07d30

SHA1
10acaeb47ef41bb09cffb1baa833cd190352ac14

SHA256
f6b4d72e2226f4610e42223b97de7e6c3c996d91e385f1937642ec15a0617ae1

SHA512
f8e8ef250f0b48cbb5741136cc84c469c686eae30bae458121032faf5beee603c6548bba2765a061cdf57b0bee47272ce8eb208eb2e2c74ddd1d5379cdb56530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcfdbfeb55f58eae249468f815d1fbe4

SHA1
84cb23af95de0de98d5971a52361ffc05b8a73fe

SHA256
b53998d119ac05590b41084d014d233de24cdde4d063650cd03249f600fc06e2

SHA512
f30673672d72bb0ffbfac494a02731b39a94c7263ef03f7d8ea96e0814112fa68dc9b33a2647d457be726d8acb9043a08ae3057f54669a2e7e8f217a2379554b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f04c71de7a9f8d13e78538f234dd1e63

SHA1
e4b86804ff8036711ddea2a75eb71e2e39f86682

SHA256
a2a1d131115b069da633ded7e764c8271cc8197e2997c10f7de3d3a16f5b4784

SHA512
bb5f17c247914f8d8dee54599e9db29626b275f4fa2506ecd1402251e52cd76dfd9e64f75e28120b2be4969b803f9d4fd3a447e8476f0ef5ccbb113977e0a9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3c319343d0442618e708847e80e4580c

SHA1
537524d4f257a2df6a02b02ed2aa8d7150b8e987

SHA256
8c2b8ca5caa0ac3af87e7d87b88247c18efb2ffc306527359ecebb60b7d3468e

SHA512
c5a169da5a44a9d10253c2b9684b20ad1edc9e1f6d48de2a08965bc5044333d1be64f9c7bc27522290b5d6000d563f90bdb491a8d30f1e7156abeeea4ee3e42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d430af553a0f311e37c43f1ff08289e3

SHA1
7422c5f716b96a2703238fefacf85c2ea206b749

SHA256
5c94acc7933724f8b99308f6f4d0eb63c393a720381480a6c808f03b7160b002

SHA512
f4ddb114e8dd0bd3ba1d268a10ccebdaee3f0b032e8e1041da24d5f4eb825809b4d3fd0579d7b74d8cdc5aae70905c19339926689e5fd440d1bf0f81ca6a723e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d5333696533b86969709a0edc2398e86

SHA1
ac851958d255b8e80b1479275146fa21c467dd4d

SHA256
fdf54221aee02f44e7d4883c90e1a692d4893b45f9fb5b58d02d2cb7dec7ae02

SHA512
4c4d84c78eab9c29c41cc3a3d7f5ebdd51361640d55923541006d01572c2809752324c1bb9dd31e9a5ef074d7b76bf3aa002745eb05aca0884c69d8e266fcd19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e8edec9aad7136d1be04ca02b6097ebf

SHA1
54289d6f9fc8165d6641ec04b73c5ab232b02df9

SHA256
b424ede54f7184561b1e3803bd199d17a0d0d93aecde09fd18d3cb37ad4c1c00

SHA512
c344cb6f9fd563a66227eb1e3cb9f19552c665bcd2b71846514585847b3cd13bed59ed327fb058260ecd943e894562ea406cec0cf395003ce48adce01c793147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b05f.TMP

Filesize
203B

MD5
8431665176b3d8bb24570c73911c4cde

SHA1
01182c68b55e056e35a9eeb614741a35ac114109

SHA256
287834be5ef407b9d1a2d48b2a9354c1c32da62ba43e39f9e0ac4553c002fe28

SHA512
f4152de5add95d3b570496091942d7988296fd46d203370909511755b2694064f474195c9b1fd5ec97e4e6d311d1607e9c0321a20a15402b0caa2e9a28621376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3418067c464ee451e38465f931825936

SHA1
90f1f5af4fc6b9cbf705006491687847f84b2a4d

SHA256
e80dbef920ce55871cd5eb091a7919bea7d45e933d4a571bd8ecb05dca20f5ef

SHA512
10da9198677a83770780016f42ff474026416ca378196a07322e4f51dd87acb086913aad2e73d943e33714c4c43fcdafec31ec3092ca1ad9669b82fe1ead4adb

Download Submit