hxxps://drive[.]google[.]com/file/d/1wBmODFs1_C_MQoO5Z6xkvSNzsU0tJw4k/view?usp=sharing

Analysis

max time kernel
45s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2024 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1wBmODFs1_C_MQoO5Z6xkvSNzsU0tJw4k/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
11	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
3296	msedge.exe
3296	msedge.exe
4764	identity_helper.exe
4764	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 2468	3296	msedge.exe	83
PID 3296 wrote to memory of 2468	3296	msedge.exe	83
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 212	3296	msedge.exe	84
PID 3296 wrote to memory of 2172	3296	msedge.exe	85
PID 3296 wrote to memory of 2172	3296	msedge.exe	85
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86
PID 3296 wrote to memory of 5080	3296	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1wBmODFs1_C_MQoO5Z6xkvSNzsU0tJw4k/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa37246f8,0x7fffa3724708,0x7fffa3724718
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3251644590036638443,5440211230038676690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1196 /prefetch:1
  2⤵
  PID:2328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
34KB

MD5
54c5bfb8a890d87139d9abfe01662c83

SHA1
f9eddf5b8a3269e6d6fa40b4f13083705e6267c6

SHA256
9685e5cabe4efc8c85e986725af8009b306416aad3ecc9086ca5bb12b84ce4ef

SHA512
5c0cd726211cc74bfdb7aac7967f51b1af183bd509f17d9d9ae4fcc4f8cb51c4253091b8cf2fce600552cb48411aa075321c7333d9aae617784cfdf71f90adf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
23KB

MD5
b66dcaa9b915228df1350bd5ddf9f6db

SHA1
7c26215c873ab693b60ebf5e008a084f8043ddab

SHA256
019877724eae20071daa030593eb73141720854c8420194690551897d2620970

SHA512
a82f757ef65672938e457eb1fbcdcb0bde64547cbfc95d910ce728d8c5f472f65d65d1616c5a8709fea5016f10ae9d6e63f848ff3750a8e05488226cbf2d6df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
27KB

MD5
aa9dbfde4738d5ee11ccdad9108767bc

SHA1
b83a79ada4eb49db870c2f59f832a1927ec0d567

SHA256
68f900b7efb5d11fab2c6a21d4cda36a9aefad2b05bc2d18b4f78d12d5f14f6d

SHA512
4da288875daee424d12e56b1a59deaa94574e76a3e46bd4497221feab1e796031bef6f065e5a080dd05b18489c87ea749557091092c2fa9df24c823046336625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
91KB

MD5
44cf924573307eba21c2b07b5d2692be

SHA1
bfd73567774210ab49599aecf653da471cb855e6

SHA256
dc46dc90cc3ea84db7dab7a9828164d5f580766d4d20cf42e1e9c528411f673b

SHA512
5c8b36cc15cec9472da69d4e7f9a3418b3d57ce9a120fafd1e9918f6b4e59a6e06f0d5ad14ba1dd7736c0de96d7125baee19d05d7792bd2505ccb9dfb61b76fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6816d4d979e7c078736e3eba7a3d5dd3

SHA1
684f091e132a3ff31380c0bd1f8c8153ea454600

SHA256
e346a4b18f675394c9eecf1beebca0d96eb73e89bb56b70448f20afef4f1f9a6

SHA512
8e739d53501040e8b0a7ad0615c1fe05fe694644e147094ed7fb92b410fc29452ef91bc2239e3462df6ced1ee20f76b0240ea8c5fe784916a20ac8e836eb7283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9377ae569d40d3241b1d62b4a1dc4616

SHA1
c741d4344dfe1233e0ff8d2ae944bb5092e20309

SHA256
b08beb7543f62d0dc27df29bbf0978dcca6fe7b848391d26b8c821428b84267f

SHA512
bbb7044154e730cf115cffa060e2c01ffa4a85b6bbb1e362ea9d8df2af03163771d294aa49126a15982fb6a2a45d6295673a968794d863c4830d2786edbadd23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c53dd56ad1941a205fe56700ca3c92f9

SHA1
e07dcb9f303732f72121dca8d29d717adc6a0f5d

SHA256
dd93bbbfdaab49e04faaac49fe617479f194ff409e0acca1e593bc28f75249fb

SHA512
b3220ec6f211d980fe8569c2e35d487ad00d5fe864e673d137911f1e545d849dd9b01652a512f019b7cb3713ffbac06312c49ee80d81a924092372901f957c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c9a3a5be3e31043dc1ab6de7e8f2598

SHA1
b09606e25ee3412e7522b89bd41129fa139a404f

SHA256
176903513db71375490980a00ffeeb848d9b8bfec51014afad6a25cf7e424bab

SHA512
4a63f64acab1754f327563b9992653296a01ab0f7b2a73cace9455a07a7f976e3a1b4070efda842a5d69ef3eced99a6cac905fdc2492e1a5f806610228799c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cbcfe39c24c5a79d91aeccea8367bd63

SHA1
27ad542316e34e285b71b10f1b9bec5a2fe102a1

SHA256
ee9d9ebaea69a3ee8ba3097ba3769c93dcb78518678b521119819584ac54882b

SHA512
ab3e4162c6e2bc9177251a7df8c0beb18ba26d56af07ad539013373ffaf67012a17ed666985dd2a32b1ff4f3b0c8751d3ac66f84c5cf0d58a9a3ad40f683ef30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4bef5c16f2a6dd9881b9dbb9bd82df30

SHA1
04299564bae0680468d9f2af644920db774bb4a6

SHA256
9e7725f8090aaeb3940b2287ca18a88da3ed858f0c3d1dac81e1f55babd51c07

SHA512
bdb2bdbdce534023f3f80e529d60e95334208c27a93a3c6cecd82d207ec0cffe12561064f8f6548c22b4efb9c9ff545fed74a141ff1f39b4374935409d466dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580fab.TMP

Filesize
1KB

MD5
8cb9559af18102b041d0609cd9203636

SHA1
86641a2ec9f762ab9f16ed10408be6469e59e43f

SHA256
a3c5fa92d148cf159349f2079cffa6124bd0113907206adf9d03a9f48798e464

SHA512
1942d74b9872a84fb52433bd1f6875634b81c80ff97785095268c70e072ad1faece9d60496a13aff8259f4640aeae2f18626e08b2430f2e9e98ec29b3a32556b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
88411c7b36037e48306213d78c18459e

SHA1
19a58dbc88d43b8d13b22daaf66d16e273ee826f

SHA256
c9532bbf27ded64b31cffce77b838497046ca25c1e56b7e93aa67eb9354d52a4

SHA512
cef174a25c67b954880ebab56e6bdfabb4ad8b307f88a861add9dc0b9af4bd418b2dcdfb19ceef731e8dbcb75ec37befb3395e00780930a5fe52f4f8d7024159

Download Submit