hxxps://drive[.]google[.]com/drive/folders/1hJC_i_NjSLz8AuAkjmrRpziweg5gH1nq?usp=sharing

Analysis

max time kernel
170s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1hJC_i_NjSLz8AuAkjmrRpziweg5gH1nq?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
3596	msedge.exe
3596	msedge.exe
4408	identity_helper.exe
4408	identity_helper.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 5032	3596	msedge.exe	83
PID 3596 wrote to memory of 5032	3596	msedge.exe	83
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4560	3596	msedge.exe	84
PID 3596 wrote to memory of 4564	3596	msedge.exe	85
PID 3596 wrote to memory of 4564	3596	msedge.exe	85
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86
PID 3596 wrote to memory of 2748	3596	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1hJC_i_NjSLz8AuAkjmrRpziweg5gH1nq?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9116c46f8,0x7ff9116c4708,0x7ff9116c4718
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4466220745502632552,17272684713215622621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
78fbaa6c69ccc961b8ec438a8588001b

SHA1
990c7f85fd6739a39ceb934cacbddd8ca7672627

SHA256
708cc85c1b714f37d78a73e237276b2525f644e3e5ab935d7671368f21c2d4d9

SHA512
c9b167bc97e6a65745576831721bc21c1ebb4ea9545643f2af6e7b4879b5930db85991013a12a8debf645f3b152b9c27afa619c245e21d35d9cd66b1347a0aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d65964bf938f13986a9e733a24049a93

SHA1
66383781206c1f6a3b4f0e9ebdbfbb0b4b0698a2

SHA256
40e1d92c3abf24ea26ac26c7cd8e3701168787d7020a915e2414f6542b91ffbf

SHA512
26b391333cb593d5a87e62fdf5b99929ed8892313695aa14e244833e7baec0e4636f85a6a8fc865b96cfa77ed3618b203f5da9d5f8aa3eeb887724e71b4d61b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
77178b0a691adb36ad24210e51de0a97

SHA1
3b0aac2c9d4e210491fbc0bd6a22b87a0014703d

SHA256
83297f56b1452fd26036f663ebedc884288007844e52949b5e2552425d51f079

SHA512
17a99288b0c03d376e316cacdc6aae766789659e0bfc35214427baef9fc47e5d3a217bb5211876cb58e3a13021eec4bc509e5d7b2a579190e7e4079ee08d68c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
42b29cd8450c7051c0945ee19b436e58

SHA1
d71a142cc8fd095b68b4d57160241bc1d1eecea0

SHA256
693b8b7e4704837cac4faa7ac8f289baada9754a4290e5ec91c2f10761a2b810

SHA512
6865e23ec8db7b67965f0e4cab65f3dd170d0e8342960988e018318811ce509c3321a397bd6666da934a88e2f97c9a3d71c4748afe82d1d09f5ad27f9ddfb7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
006b95749d4cf641bfc04a643065be5f

SHA1
399baa9ce21d13b99bfd5ee84fc001e969730680

SHA256
dc2a8159ae2bdcba918b343727cef3db85d77ae25bdcb4cfc58b90022242048e

SHA512
57d9b3e4ecf66500459b3d928b48a44e04669b02e4d2f5ec6db6f1cb9c5df9918a7420b87af1e0e6af844867ac8f920927d67475d5f7529de38311f764941f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
605f89420298a503cb6ef8737c105e9e

SHA1
24b44ec4bc8ba032d2ed38683f5dbe68207aa7f6

SHA256
336c3caa2f8416a81250b6cbf1af997976b5e7cd7013640a099669b6c3352a0e

SHA512
16b023eeab7c8c2cb74fc9749b9ce21863de3fbf395cec1147a7dafebe01b086f5c9ca042659d474c8b3f9183b52e6ae04892bbbf4f87216d64179fcc841827d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f28dc3b6af0dc1dfab2e62d7e975e9f

SHA1
40a748aa8f225b1ea2fd6d508f709540b37d3cde

SHA256
743023d3e653cecf008ea3a59bc972fc42caca6207976b3e2a7018437718b56b

SHA512
90d6c607747ed9c1e91501d996b045a26936e21cad4c2e206a55ef80961d9541b29e1f37ea31e07a5e9177d32fb844b0545e9d61587343455e52146b22dfbd97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7904e1b77639197ee80819d756283816

SHA1
714b1e34f21186027bc1e3634b127d0ab490d1e6

SHA256
409fdadc66d937abe568e7ad4e599b7208d58a27a878e8a1e11dd0e7a3a7afdb

SHA512
ea2f1328379d72cb385faa6d51316841939effa6d983c7077b02468f2a57b97339ea0b70e5498bd91ba0a079070c7099a60731dfa42adf58e85080816cac2e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44c56075af028f4c823df5ae90062828

SHA1
542a81eb6e27f1726c58648685833b77b846afa7

SHA256
caf2df969575f6116e59b5e97c62a046cded243ffedcfc1f504638efc92db7bc

SHA512
52a8d049b615cb2b4635d98bcc6b3dd123b88c4dc149f6642467147784d75b965ba2ca4ee26ef1c37074434c7c185082f6ae285ddd969c1274a5d89e6fe21d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08f7ef307f8a089f89886e7db89a69db

SHA1
8ebd481ea13ba674438f9418b3905e0cb9c7bdaf

SHA256
14e35dfa8bd9774cf5b2a668223ff0835634276b569f25027713d6e66517b418

SHA512
73d6deecd4ec5ce97cf2d60c4e37afddb2d0c9775052cbb9b3e9eb7a765c9302834346560ad6d113a8856d2b011f95c5dfe0535588a59554bd33803196f37c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bc088687ee28694fca37030c663a666

SHA1
bf2c3816be6a7535c076a784f81db294df0934d5

SHA256
ae8ac1c49f712193df0389c5c43de756628c116d6ac034e2f3e450c29934fd56

SHA512
06501fd7297534b4128604d14f6e00a6ed4c5074738d2688cb116cc5807b749d3a80cc8f0cbf0cc3bf5851d491623bfee3bb1b3075e15a40a85664aef117c869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cb2b.TMP

Filesize
1KB

MD5
75d1d07889dca5cd1a89c96c8aca201f

SHA1
7bc7572aa7799fda04286a86bc7fdf474dfbb5ef

SHA256
4b7b6b28c04d78b7ec5c50be7325d177d8cfef2a4d94d5f9c29224c0385b5ee7

SHA512
ba1df2d6e93217ab4cf7b148a83ce68321141ad05bc86f7820003b831d470ce479018ce1a9589674abad5b3889152d98d2a51c02f3192246f412c5b57cc4187c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2c0e474646321b13a16eff7b002728b

SHA1
214954c14d5616ff0e620fa2f79a938d1c5d7546

SHA256
9cbfae179bef4d34d0b8938a1c5418b9e69b6e785109b89a209724dbbc42ea0c

SHA512
98f6a35dfc24a15bceaebecf6168ac0314a101289b9d8917ac695420ecdbe92f08992afc9015bcb610cf4acc0a8ec43d365f1b02a46ef8e9f1a7a7d70862dac7

Download Submit