hxxps://drive[.]google[.]com/file/d/1wBmODFs1_C_MQoO5Z6xkvSNzsU0tJw4k/view?usp=sharing

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2024 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1wBmODFs1_C_MQoO5Z6xkvSNzsU0tJw4k/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
928	msedge.exe
928	msedge.exe
2372	identity_helper.exe
2372	identity_helper.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2660	928	msedge.exe	82
PID 928 wrote to memory of 2660	928	msedge.exe	82
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 2852	928	msedge.exe	83
PID 928 wrote to memory of 3440	928	msedge.exe	84
PID 928 wrote to memory of 3440	928	msedge.exe	84
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85
PID 928 wrote to memory of 1452	928	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1wBmODFs1_C_MQoO5Z6xkvSNzsU0tJw4k/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff240946f8,0x7fff24094708,0x7fff24094718
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1040 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12979143043448234296,1788336826218288978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7bd573a5a81781e8ca2cf692eeb0a5fb

SHA1
1e8b83d51f42624e5b808597f239c685acf981bf

SHA256
fea21cebb6df2aa768e59b2aa6fd1cfff4fea55126d023a02089563a96a095b2

SHA512
7ffeb4fd5f515f13a0f19dd653ba75477a1f792a275ace35df72ffb3cf2dbe828ff4ebfbaf1e56e14a4f261c36ea51864601d86dd0c3ded440cbc1bc05e2e607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
cb51f2125e23613d4ba5a039af86f53c

SHA1
67e2e7d1863848dca62c9927c88e0c6ff411bfa5

SHA256
e547c8aba2227ea9f0da282835856ad41233597edf57342d6fb6db6e745b9b11

SHA512
beb8d1d00f452df4b0c54f61dfcea7a676bf835ef1951b4e9e7b248f54bf5dc7aebf718eb4cafb220c593f5ecf5fd39c64f97412b5ad847d40e97a30c00bbfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6f6071cd9bbebfcc93861ce9d2c3b565

SHA1
d96170b044ab032b96251f1d20232e67a64bc3d7

SHA256
816e602b4e20cf33365f147e9c4806b83b363811d9388ab7fe1f151c5fe82d91

SHA512
e4e141e982019a1838175dc61b3a40be4a10682e393d7b376c9eb2e4417c07e6d81a58ba56377b9eb1683c705efa39728889c3eac51cafcb94bd2589a4ab2e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6e7f27e996dbdb76fc83cc84540d6a37

SHA1
71eab441a170b3f5d8f4fe80b09841b18039b0ea

SHA256
32d55728ac23f035c2b2b5437a28cdc207f0f5f2f8d1c657181d485aad6a0239

SHA512
6598eaeeabe068677eae5f0998c6d0476486e7c8a3c3164a39b37ef0d5dc13a36013c6714a205bd4be6bb607a31a45246e1f8345d35d24c219bb310a783c55b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eed7c973a21608f82c59897bce2b6ce4

SHA1
62bfd89282b5ae669e14a5356534add70f6e6209

SHA256
ee5ed60fdb04da4e7c61a6d0ef74054c2e6f11507755471fdcccb82861837803

SHA512
6bb6024d46221a02ae6e96487b501092a411b6883ffdf4a9d3e8d2799156134346e27c62d128888694a440576d5af1b9e2b65e550f27c19484afefb608b28117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc9664d8d4e2d7ed136c4bc7c5dda669

SHA1
2815d23c1a245ced6e08c78b74a9c9c5a02ffb4d

SHA256
74548a14b26825cd840338ff8c043d3463894811e86b2fdf3680b8af2d9a9fdf

SHA512
a5f1dafa3d0444aa0aa0ee116fe668f4cd92696b27ae99d3cf41b161056bed4635129fedc97581d139e815366f6a4cc8fe269b18485bd0de6031089520b57c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2221f434d15d4715fd369764a4b99c7

SHA1
21d52d8d3cf9a8c991a748baadca3b32ada0bdae

SHA256
e423d6c3d3001c55c1bce18e299d5772c9e554644672a0868ce94feeffb4eed8

SHA512
0e27b33ee70bf736851699362d7549b3465de62523651788068f0e587b675dc6dc919b91b193143595a1876c2b85594b857cc8666271ef79f9a1bd0420ba2bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2464c954326d2b72bee843fbcec23b8

SHA1
c5f2c1193af177d31fd05c98693ed8f9a6712cac

SHA256
3b24a0364d114bf99fec53eb291d5f20bc1130c97f747641035f83d918fff70a

SHA512
6fd3f89daa6f8a300fe440050319ba4087fb41feea2fb48ca4d96b25a3f698a5993da546c3e8404ec74a16cc7386b7cf067e5df2294c1663e422d70300e9d31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5870a7.TMP

Filesize
874B

MD5
39ecee7649431606ddde488d139f777e

SHA1
9c04312df0dc4df04ef93f45d8b85ef813dd39d0

SHA256
c46a471a02f033f6a2f286e209b88a756901959f036a282410cab52c5b25596c

SHA512
f1073a4b0b20c80f87e36c9ab06429c375a2869d66f6614a6b99a1d159459679844bf68c243ee84bf5ebb15bc3125f60435e7db4adb2c94b8d506d5304dfa975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c30ac588cb49defc536e2ab570064847

SHA1
a598c4842ca4b24ebd05ba4bcad53d0eb8d4ea8d

SHA256
09cd9b3da554737536fe5954cfb1ba90edd6e5b16d51773ffccd10e6a7211b35

SHA512
e30e428b547f4b7ff34cd29ec7be673eae79fd85708b960302e3360c4ed6eb6c643e96832e61a69ac5b79f22fe8cfa5ac2c91b7c9b7c2bf3c3a4cd08390ab148

Download Submit