hxxps://drive[.]google[.]com/drive/folders/1yZs9XR6AdkiG_clB3dwu8LP0iw2Ua-v-?usp=sharing

Resubmissions

22-12-2024 03:17

241222-dta8ga1nfw 6

22-12-2024 03:13

241222-dqsy4s1qap 6

Analysis

max time kernel
124s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1yZs9XR6AdkiG_clB3dwu8LP0iw2Ua-v-?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
4408	msedge.exe
4408	msedge.exe
4760	identity_helper.exe
4760	identity_helper.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 748	4408	msedge.exe	86
PID 4408 wrote to memory of 748	4408	msedge.exe	86
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3680	4408	msedge.exe	87
PID 4408 wrote to memory of 3372	4408	msedge.exe	88
PID 4408 wrote to memory of 3372	4408	msedge.exe	88
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89
PID 4408 wrote to memory of 232	4408	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1yZs9XR6AdkiG_clB3dwu8LP0iw2Ua-v-?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb439c46f8,0x7ffb439c4708,0x7ffb439c4718
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12146366800791012796,13851313193758342746,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
32KB

MD5
e0536da7556991ea99d64e645cee9489

SHA1
b9a9f2efcff0aa2d0f1aed4eacd533590415d12f

SHA256
5c55c2ea75d6df79e1597010b13043cd0bd39b02289e5413c0182bc9bc20e561

SHA512
62761a11eeedfb4780b5c643dbc248c633b41d3046b9fbb5a3d2f8c89cc8ee0b12dde7ef7f78402aeeb3d59f6df71476b132e766aea5859daaf26f79d77c1b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dd186b5ca26496a3daca5d2625e19dff

SHA1
2d8b7fd9d7dc7ee69c57c9a15e9b07399269a85d

SHA256
35bac1a105dd7a15585fdbf4dd999031acbbbb7619126ed5636b691fcf468096

SHA512
25de8982aaba76c2a2a90e39c16aee2271957b52f4b123eaf2fe40a593b8792546c0603fd92924db23848cd1cd28ee50db801ad9f46b6028d3d8233dd73fe077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
81ef489cdd77bf37d65dd71588db2b9f

SHA1
10d182b19ffbb0e4b12e541ec7712c2b4d446100

SHA256
1b5f75acde180f3f2cbb989c3e17039d21ae0c667f524da1a43f76b9fe1dc41c

SHA512
5e316231fe6935cc87feaba47d8e8de36878e1d0449828e80c073218c56a3c7787e3174320180064329eab7dc815dba79bbc9828144f16d15d0d92b3bef11fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
548c05a06465e13daabfa8b47d49ee90

SHA1
d77406c68f2722445cb0ce4f4232ad6da5a74f84

SHA256
f31991317d95ccd41468140f6fc642c9b502f92b1fe4b4dd178d3e9c8766f212

SHA512
3e2ea15e49724a39684494136f6d28b6f156c84ab2dad96bfb93604a982e63abea29ee6055cf1964394d4a9ed48c120c11f6ed9df6d2b5f79b90a2982d085c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8ef7af9a39843f88078867a60ee5689

SHA1
59db6582f1cda7344b1ebc3083b9410c814437c6

SHA256
47487e50a3f13933f0986e184a5819372744889bd48353d4b1856d882a9cce49

SHA512
0620bd2a9f284e47a137939e1c90aeb76a95c31b4c3dad3e7386dc9e6dc15fd487a21c508bab4489662aa5a018955ab9b6bfe70078807c47ff173b1b2b31699c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba179572ec2cf136e9342700164dfa32

SHA1
1be1132d85db3ec0da78d2017a9f31ce2c45da0b

SHA256
e3075f5786d4618fc60603e7f8f4e86b593e172549bf6d4a4425e549b0d1d9d4

SHA512
7e8e69817fdc98532fc530624f866e55783e9abdf7fbc230bb8751a2aa2a820dfef65ee9c4e5b91658b888beafaa006a4c7d00350cc731539f404ad2def10398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1a6e340cc349115421adcd47eeaa877

SHA1
d0177b01356ed76ede98483b8df501741679f2fc

SHA256
648dca7ebec31b5131c4ddf8a31e4ba08afad99bb832bb9e382f9dec37c025ce

SHA512
caf8a3a4c7c77d1752b05658e526363e530d941da98d520a77507abc86641d011e91e1706d860f1cc419b6d58ad839e787b4a827e75410bad5f4ee79862bf819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
856925589b94732e1227e4df4f61425e

SHA1
e51f6e4e94e4f6533fe2727e70229e14aa3e38dd

SHA256
63acedaa73215f4e695b9711f52cfb24639214e7341a352f7f017ab2d3f56758

SHA512
e65eb512a72fbf37433b899f936dca1c24cbb82e3e5ace4bc8f462fd5bcff8c12d37153e54cb36c22f531891ce2571faebeaa5910e322c71b28555e574492448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc5eae7ad9649efe7b200cbe668d879b

SHA1
84f03526f06e99f185c8a871517505a8720acde2

SHA256
0ae048e2bbcf14bff5a86234bf882b85125bc4421a30322eed582f47b6bcdc49

SHA512
684c4eeda204f97782413b87634d0a4bc33896ff84a141d5bc229ac7613ea62670f14b4c0bca7263b62f32ab353a4ae3eef5e51c6933b9be8e37ac024f0fd85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588901.TMP

Filesize
1KB

MD5
3a9caa78ee07db6ead3e10833d5e8059

SHA1
f4ee11e6ac82517ab7d9d266ef8741c9a7cd1351

SHA256
ce6e7b819c296c962e433883ee203ec63eb24e84f80c4437ec24af9a8c49dcd3

SHA512
ebd2e7cbe7c0d8ea468ef32e60291e35c33721d7edbc3c507821a6d8c669afcaf3a73aa82a7ebbed58440c98f4c00b8f1e61ea95c383089804cafaadf4a9aa1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0db764b4efcebfb9f2dbfaaade2de60

SHA1
8acd46ef13730ff17e306500f7fffa855fc78ced

SHA256
0b205a84bb5843b9ebd7d6650dd70e3b9cbd38a1d0f074fef88798237a3ee556

SHA512
1be9fb273329d5c646c671733bd8914b9c37bcf0eef1529d7a7478c4298543f5f05f8e96e73b0c671e9d0b558ad89a83e205c384084f68fe5c66bc0ad9e72670

Download Submit