hxxps://drive[.]google[.]com/drive/folders/1RbsflzU1RlTsKjdrgiptgGbNIW2Fd8XZ

Analysis

max time kernel
600s
max time network
542s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1RbsflzU1RlTsKjdrgiptgGbNIW2Fd8XZ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
11	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
1712	msedge.exe
1712	msedge.exe
2672	identity_helper.exe
2672	identity_helper.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 8	1712	msedge.exe	82
PID 1712 wrote to memory of 8	1712	msedge.exe	82
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 2748	1712	msedge.exe	83
PID 1712 wrote to memory of 4404	1712	msedge.exe	84
PID 1712 wrote to memory of 4404	1712	msedge.exe	84
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85
PID 1712 wrote to memory of 3320	1712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1RbsflzU1RlTsKjdrgiptgGbNIW2Fd8XZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe318f46f8,0x7ffe318f4708,0x7ffe318f4718
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15027095058732176572,13076824412569948268,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5806298928a34fb8e362c966e46cdb6a

SHA1
89f5f1d70c84607118904e949d0f15ab605a4e06

SHA256
a4505f45fe1c15fd37af33d5b69419923827c010bfcdaac8a8363261284f7ede

SHA512
86ac9d185892e007b318e8589519df9b61bfac638ef3c070a26ae30e5cf316ce7de815ec3588c9bb9d1103274f3f71e150593dc96d746378dbefc3a234082e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
15c41e44d5e3d5930194336e828cdb1e

SHA1
809c39f1b97ae8278864acaf1cfdebc7616a047f

SHA256
c116e7fa9605acfcef54223aed3fdc79dff5ff23a94e4060ddb6ec639b2d27ca

SHA512
c34f7b5c24834983e95f6236787236863b53d47a45760e69d7ccaf84a7ffc879e6be2d2a181a70d672e46cff6dfe2d0ae76fdf43f2ed3e9b30075444efc48dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3a7243988b7a3129c1f587d9ac61a6ec

SHA1
1d38dd1969e729734cca29718ce0b959322e6106

SHA256
8846ee9c1f8d407184f336dd2fb014270ad11c1d38dbb16afbd6ea426e70a3d8

SHA512
0d16f0a7088408566588adc5fb83d282a913c9691e64d2e56465cb779c959e90aff0839466e62ce398c8a64d31ef939b95357a34d05184396aae20cb51883a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7686011ea29375ebccaa5769a5dea8f0

SHA1
cc5cfc63e77a5e5f6bc579c5d8312e90f5b756ec

SHA256
4930671a03fe9c984f0db31df3abc5b0345fd474623640fae2e0ff25a98c0186

SHA512
96bcc8c9afaf11fdc05947cfd16700d234dd9d57644bb9be738c953d00f00eeb2dd49da92e2a61157d95d7173da7a914bd9f7ce022d52a7324d1e025e842dfb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2f4446774a80b01b2bb5f15929b46777

SHA1
795e3825368ccabe451a4a945f4388de5abbf7d5

SHA256
6904b96c5f9fe736c378d098e5c712e540da47c5b2c2a0922970e17dffc6c794

SHA512
feb3089edf98a025ca52a55bdc819276c29248ae4b0273899cdb8ae5bc93633ef10927182a3c91b7b5348ca9a89f64bf930f54797079b1df8d02080e9dd1d5a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7f72648ca938dda044e108d7f55cf610

SHA1
61ec709cb1219aab872e2bb8207cca15fd3f41f7

SHA256
8cfb1ae372873437eb309b0151956a0450ee56778be39a3fa3af971c3c7f3a9a

SHA512
816a0bedf354f081e5d4c4e4c57cda37bea9e46e04e096d20fcde066d82b039ccaa904528f85f302a0ed142213857f9bcb3cf80ad1915e53956a2ab71e4a89b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e87cdeed2bb89999abd0fd04d4e7f62d

SHA1
09db9173649ee0c7701ec16670d31db0be8b913d

SHA256
7e2c3465b0bbed152c1b88347994791295523e8346ef046f292b4410114907db

SHA512
6d8f1dc37d441a766c7b22ed36e0bb7fdd861ff37a45be43d41d1fb2608e557215df69bbfe38395c3979b8c17fc983f1ecefa5bd2ea5bf1978d8e15873463f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a2b8c5c3a109ad2616378700625a5856

SHA1
d3725f96cf062bd93ba0a5976193ffda36e160e4

SHA256
c102b01eae21e51d47590ec90dadfd0c196ed221ba053953bf99e55b8f6adc96

SHA512
2a221fbe183fbedb0463b9efba5ec92e76fbf353037ca4d23293e3d6cf72dd5b85eccc18cbd767d96805d119dcd9886cf343c3e87698437f3577617a2bd3f241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
555be77a1825674967d6712f44cb1b13

SHA1
07fa7edc0d00c1c1e166804fb3699c1bebf03090

SHA256
c7810fdc875c63fb12c835e814872d8f894c4d75417acdddd05d7cc099bf14ce

SHA512
08f8a3420c473851d417845e5e317e34014428bf410209745b49965591a5ef89cf32fc6a3555ce3a1ec465c306ad1b7d505d1000298658e18f168eaef10f56e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af82db4c4baf6d6966efee2362ba2b51

SHA1
d279d97a20f36c4c2cdb2ed09969e06731b6235d

SHA256
d0799271a6d9339a23fe1670c0ee47ed75dd51bf9096f755d3280421f95679cb

SHA512
7e6dc7482399fa2980f8f5f27386eb5f63c35c5dd010460a13ce147c853d6565224a4c69ca3a45973d888745bc092c5df5647e36073fb0431bc447dfaeb0ed76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a311d59e7473e713186783b787be67a9

SHA1
fbb9277e75335a07ed04ff586b4474ffcd76b1bb

SHA256
b0db95f410ae7ca549ce4dbfb154af198db7c07c82ef82d1e8efa94985bee415

SHA512
25cbc7b3d5aa8bb7b237401ac518f8aacb67a0b3de97133f95160c423309e7a1231ec8c401d7fce844e270c1e18d4ff0027af3fd33fb15f3202041c2a2a48d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b049a3a663653c8dbeef40e35d736a6

SHA1
45a56e321b02c5ffd4d3dec02a38da800347ddd3

SHA256
cc3d1d8db745003b6df783de537eedf362d28a65b65f1180ee7043c9aa387160

SHA512
6336ffea8d20af6c442a5de9d103c9d7c3ae7ea8126c1aaf9aca33251ef80759c5e095a4a4e4f493ca4563cb2026fdca17dc21b450dce410b7d8ec85165f2dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e484.TMP

Filesize
1KB

MD5
0366eaf4b8058750410504dbdbf5044a

SHA1
4544253065a52e69bcc34071df97031f9ff6c297

SHA256
4f54cd6e1c911650eb2c338e2a5c317c3beaedcd99d487b34ba2172e4b7f7bfa

SHA512
3b73d5c476db86cfaa0488914adffe8cb4562f6968fd210ca6d204c4d0f21030e06eeb0f2737aa8ca209e7be37b7c5632b0c7048be1545017f8b2906bb72a302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9220f5459641d6b820f73163afd69a9b

SHA1
6568420c7f2de9e2a283066a6a8859aeac0bee45

SHA256
ba81836f385a9a09896d21d8d82289fb0fd29f70fc67f245608ecc02e53fb9c0

SHA512
76d5e27e229c54f7a114b2f1457843f79e7d56547e7bf48ee5ccd74d955996b6c9fe0c7dea409363af65f7f44cfcf4a19787901b250c94dcc4aeed2fde7bc69b

Download Submit