hxxps://drive[.]google[.]com/drive/folders/1hJC_i_NjSLz8AuAkjmrRpziweg5gH1nq?usp=sharing

Analysis

max time kernel
55s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1hJC_i_NjSLz8AuAkjmrRpziweg5gH1nq?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
2	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
2008	msedge.exe
2008	msedge.exe
2636	identity_helper.exe
2636	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 3248	2008	msedge.exe	85
PID 2008 wrote to memory of 3248	2008	msedge.exe	85
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 2084	2008	msedge.exe	86
PID 2008 wrote to memory of 4744	2008	msedge.exe	87
PID 2008 wrote to memory of 4744	2008	msedge.exe	87
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88
PID 2008 wrote to memory of 1836	2008	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1hJC_i_NjSLz8AuAkjmrRpziweg5gH1nq?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc01e846f8,0x7ffc01e84708,0x7ffc01e84718
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8491007627757533918,16456018069199067605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
78fbaa6c69ccc961b8ec438a8588001b

SHA1
990c7f85fd6739a39ceb934cacbddd8ca7672627

SHA256
708cc85c1b714f37d78a73e237276b2525f644e3e5ab935d7671368f21c2d4d9

SHA512
c9b167bc97e6a65745576831721bc21c1ebb4ea9545643f2af6e7b4879b5930db85991013a12a8debf645f3b152b9c27afa619c245e21d35d9cd66b1347a0aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5afef2acc9bcd45c965fcf068434eda0

SHA1
b6bd9498e8ae1aea92c804a1ba804258b6a1b19d

SHA256
721048b3c44b1fa516c522e3d3b9521b964dfdd1b4d827d7eeb76efdfb9e3f05

SHA512
95ffe8f78c4dec01569a76df81e567c2b8ec2076f45bfca59c74b363f6ae9d1d4351d1a94f54e33d26f6257d902fbef57144f6608e8e2ed6cc034b455bcff312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
69868b5bf4c704cbb213a5359aacae7c

SHA1
73f950d12ccf186c1091e505110d8b1f65bf25ee

SHA256
46ab65f9dd963c325927addb995924bee497f4a4cc6abce01aa02b33e4510807

SHA512
3be6e228d5e96be3f623292337fc3df6d8f7fb789200fc1da1e46ec84d5e3721de6950aaf0d691700be49e48e6bc2fe2941de3381572408a8a7d8c7c9d7f64c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3590cd0864e6190f9da2f59b54aed3ae

SHA1
bd0c46b8a631ada39d6e6429858738ee7a993c94

SHA256
46659ba8a7c7e65636472d4f1645159d9e4ceb02bedc2f7f504a3f93174783b5

SHA512
43b79b008c0ef91f6522743d2d6f99d92492ac86078c05e278e6a878283fe2d621af2d155be508119d2ac0f12481ccba9594525bfb5f6c4e978887aa56d43bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
904d6c95d01f1b2e90d2b91528881186

SHA1
7d103a0814afb494ecbea1e2443d8744d5c1fd8e

SHA256
b561fb19c4a0bb5891faf5ed4fe42986d261316a4582cab7d59821b389f5c56c

SHA512
58378d79aa8787792846da6c275b35c2532f3fa92d5ad1be2a634eaad8c20dc34087a0956486b837faff805f7761c149c297e4a0af148e610163edc95c0c8e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b1c74d79a806f4d1008fac5e8f58a60

SHA1
bd8b3a0a5f532df84de980884b98a6990ecea56b

SHA256
1517de1f9c6676cb1b1a115563550351f4be4eed848fe00701b2018dfb754fca

SHA512
3ca7059efa3bbff177acc5a004f2118f2f63d4a645cc970b03e13789aecd29b84a85131e7dc036df691350132b85f1a9264c4dc7a8146c3ca2ad7b5950e3ce60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a953af71d41b2bba2c1747fb829e131

SHA1
6959dacf7f66750dfb687f49a4e4bd19f33d93c8

SHA256
a1015a71be5fdcf0d2bd07c9fb83dd0e86bcb0d10ffa1866837521c9a6913e7a

SHA512
6b4823cb3f2b8bdb9b9a327a8dab41138f62c69ee2ad0aa8e06ff3e7e5f225ae9ea68afaf763cff5d3ce56663602f05c810df29a2e4214b750d0775ce3648167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89e8827ef68c72be7bf8cf786e7be18a

SHA1
120bbb4eaeca1bf81adef7d0f001cc86ed8fd3a7

SHA256
f8804b8365e233dcd7c7402e83432628782075aef98262f562d78fc04ce7c762

SHA512
2ce150b36756acdaf94c8011007431cd8b2d4d2c0a7296007bbedbedb3f31412fd96369c6f4dd12c543209f42dba75b1983fe270cbbcf7f9394130a56e2e599c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e4e.TMP

Filesize
1KB

MD5
38cc05093aed21476e19c038e5a29009

SHA1
8e2fac80bbe35e7fb5198b7f4231f165e72c4132

SHA256
29216d143abfebe335e828661c8ec797bb87fca56550f9258873235228fcc6e0

SHA512
f84915e21ab98f46439aae49449daf639d24e0544596ae1843827d4c203c94c2e4ad49ec07cd3965695c2e9abf70c6f09c72ae2ddd83f6a68fedea3fa710ea6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd684c8a0b8d4aee818293d7a33c0636

SHA1
1d0693ed17e63c6a319ce88761fdd74fd7c73208

SHA256
7c1cd2c8310132251f1a6257e2aa9bfdf767626055ab58a268b930a15991c65f

SHA512
2489170872643492a63406a222cf67bc398bfbd60e3d5cf1c9cde80cb7c2878a6b8150812f533a7dad14ac953192d244eaedb5cb0c6d64748695316711fc9a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69ad20e41d57fd71a1608dd4be50f212

SHA1
e8cbb315ce4581a821dacef20bc91b1299749f16

SHA256
46bfa637fdcab48a70f024ea44a99962d31485dbc85972cdf192c683f0242b8d

SHA512
5dad1b77b2bc64915e8b107cf3b4d6be386c32f9c2a971e48086745a79083fe0c744622338e922d34e41ad36e7dac4f3205bdc194645ec66a7b0e081099d86bd

Download Submit