hxxps://drive[.]google[.]com/drive/folders/1moEeXV6cfxNAZ6aScnhNtHGnXVUctto-?usp=sharing

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1moEeXV6cfxNAZ6aScnhNtHGnXVUctto-?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3840	msedge.exe
3840	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
1528	identity_helper.exe
1528	identity_helper.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 4960	3056	msedge.exe	82
PID 3056 wrote to memory of 4960	3056	msedge.exe	82
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 4980	3056	msedge.exe	83
PID 3056 wrote to memory of 3840	3056	msedge.exe	84
PID 3056 wrote to memory of 3840	3056	msedge.exe	84
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85
PID 3056 wrote to memory of 3148	3056	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1moEeXV6cfxNAZ6aScnhNtHGnXVUctto-?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd956346f8,0x7ffd95634708,0x7ffd95634718
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10160947401738173318,13628975048777770762,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6d62b9e6-a38f-43a6-9ae9-39a99bc55134.tmp

Filesize
1KB

MD5
ec48b939cb90dc7dde8b76ed2a406825

SHA1
6c6fc47bcfcdbbe7e5e0109a1e5877ba154cbe77

SHA256
5050e763891b8555560e9a6954837309c9d48ec012e6826f96da3c0ba9a6b2d3

SHA512
b63e8f5d832cd8546c032210aa8fb5ab69b0c74e3ae017c04e64eca6fbf30575044f471d12aed5215f1bd64848af681cf5f45324ae95d8572b71a7f9f7bdfaeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
78fbaa6c69ccc961b8ec438a8588001b

SHA1
990c7f85fd6739a39ceb934cacbddd8ca7672627

SHA256
708cc85c1b714f37d78a73e237276b2525f644e3e5ab935d7671368f21c2d4d9

SHA512
c9b167bc97e6a65745576831721bc21c1ebb4ea9545643f2af6e7b4879b5930db85991013a12a8debf645f3b152b9c27afa619c245e21d35d9cd66b1347a0aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb7279b7834959edc83e6d310a74eb04

SHA1
dd18925f9cd9c89fedeb58fa25fce332ebc031ba

SHA256
c0e17b41cc2e71e4ab7cad4e96936fd1807c40290471cacff495fce27bf11ade

SHA512
6e762c94012b62f88f127aee764e75e7fc532f61d2a937319a0a5dd937bf775e6afa54e2c83bc00734182872d8390a646362d5d4d66abb092e6ba417ad8ba5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f3b41e6943fcbf2470fe8b36d6616f36

SHA1
e5822f95b4897e513adce1770a7c4489cda5d5f3

SHA256
519c71dc2dba017369728f108be5af8f606285dcfb10bd09437cd323547d37de

SHA512
3755c6826a3541c6e7e9f55fba2d83e8fb22276d98ecaeacb1f65d5953361158c7dd0a63e815a5fb2d88a01a45b8164efe29de9ddfbcf04fed5f6f14b4352847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
04e5307cb24d5a7e6dc774cfd02bb878

SHA1
2cc54e35aa0d78c0e67ff6b0a370132c494e70a9

SHA256
a2aa41a61348474e0917a3d2cc99438c42d0c327ee05fde43413f07b0812b942

SHA512
42b2cc0fabea76e4f08457ad93ab0796e759aff5d025a83322fb09e3552de89220be5f2ad23ed4cb3a213eedf798a4036538078c45a9be5079f4740670804725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9e1d9b3e47dc412312128d7f19963d97

SHA1
d0a78e982ddba123e9fd530aa808d3e53c1fde2e

SHA256
7ca8bd0e7771f6798a77365dce23f93706ea6770ae26a6f0459c3d1f094e08a0

SHA512
e5d3f0bf21f258e376c9e6b40a25652d5f69cfe4edbac92cd47b1cb63af82171c193a722d33c4300e58ba5e5c60955808f863c19d14ee3d39a7d998ca8a0593c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa7dfb24f417bc4da944e1e3345ff175

SHA1
bb7ad192e833efeb8af5ad87c567941040f5c7a3

SHA256
ee57e0d87453212a741a9aa51efd4a9ce02e9cb3d106999a85a99a869790b489

SHA512
605dfebfcd10000e5d9089d8d7c51fa9b03c6c7a182327a3896a43fa265a2626a6058b043621dabd9e2aa15d4447070149a8e86c60fc476df54594b5058c2bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9fcb7022ee9cc682fc1c85d23dff6dcc

SHA1
ffd005cddf5d960b42692bf756d20c690e9b11c5

SHA256
466bf4fc3f9502bd43af10597a0739984c035fb8f47c29da2e387b7110f6fae4

SHA512
ed77592318c6c87ed23762e026ca32d3356b51b76c34258bd66bef43b87adb74f028801e0d2be74d912e779fe977f4af7f9bdb5bd06c4fc08b7c4a57614938d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21b75c239224a41baa0ccddf53c872fa

SHA1
3cf1bc481724dc061e162d63cfcc995f9c491d0c

SHA256
b23158b172916b2ecf28d090db9e645351390d4bf1af395c3045bce163707e06

SHA512
17b572f1a6a102103f7ea617421f01ff31a8ea701ff6db4b77a6b854a28632043264f7d8479fa9b46403e7bd4c981d1e1fedef01c6e1b01cc87e6e9d49c3e8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89353ee20ff5895e3d4c6bc331b6f35f

SHA1
e2d08ec5fb33113fd1863ca65d3af7b082b3e471

SHA256
3c56bb1f097d248daad20eaf3fa38a8427e04ced54be84661f3541d5850a566f

SHA512
ed4f5025eac6a4a2b55355a28b5c91258e874f8ac29c76cde02fb888c640fe5d609e401604588bf39efe18e1e70042f9a1df28ba4c6005c1ce024748e8620460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ff39b58f09a999bf67b04623dbfae06

SHA1
17b8a00a13fb7b95acf4dabf2a9c039292b882ff

SHA256
da73b270e1986077a7ae2e69b48434cc83c7bc62ca508357a17e8c3d7c9b6ad6

SHA512
ee75581fccea95fbeb9af2b1a7172327aded677a6b3b390f58386bd0b7f62b030e9459def026f5c61e3796b2be1531c9068986997e3f0c2ff5f355b9a1a555b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
81e6e8587c318a61a7e0694623158453

SHA1
464415d9b41bdae2c82b4e64d72e437ebdf7119d

SHA256
26d37853aa0e4d25d0037fd4818e7d3b0085b20bdf3e74e2fb0fd3b5e4b44a32

SHA512
11fb11f126bd26fa95821ebfe5cbef00a3286ce8b02a23587b0eeefe5765d7938fda3f89e5e88622b0dbf4470ff72ba6496408c3503445c56cc1ca82d186b982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c033.TMP

Filesize
1KB

MD5
ec0ee5e4313af9d41ea0e8f7e481c9fc

SHA1
20b56e95fd79dd12f3fef05399d8c2f8103879a6

SHA256
6dc6b727c6dfb117d9b11e93a072304158354a99eac9f714a5e8e6c0db071173

SHA512
0ebeadf1c7dd70a99a4b1ee5bf9c7b6a9203bda780bf7f908f567883e66f465295b105ffd5ec3b340874ad825a1573ae0dd96ad73c2dff4274a52cfec54f832b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b83f7c1b-4c03-4254-bda0-9190450cc6b5.tmp

Filesize
5KB

MD5
756706e2518e202709aa1f8545288c75

SHA1
9c0820d1f90b7d492101b3097c7fb11182374afb

SHA256
def661f1fec837418869df8dbe62d5d4e648c81cf3306e5f2bcde7d2df76421b

SHA512
57722f92f8ad0f53edad04fda3c1d23e6ebe0f1afafefa34e84ef167ee055701978658e97baaae34ae9f807825254d32a91abc7d0323ebc4b12c40551755b363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
035a8fea88543c1e462aee20b98e780b

SHA1
37eb163d14624f742bd561948e8ca844d4d2f79d

SHA256
c5a41eba1ea66b6bf1952cdc7cb57b4993eb084d76cee43226aeff0a5be789ef

SHA512
780a5acdd06c41d62c8c0400cc475755f74bc453f48b3fddff0e31e046692890eca93fd23d3fc04c6094a837201904a95b3ab2f800bb921d1643d90a6893a131

Download Submit