hxxps://drive[.]google[.]com/drive/folders/1JUH80hkBWZnOXc-oOMx9K6UZoXKjYNAd?usp=sharing

Analysis

max time kernel
75s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2024 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1JUH80hkBWZnOXc-oOMx9K6UZoXKjYNAd?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
996	msedge.exe
996	msedge.exe
1940	identity_helper.exe
1940	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 2484	996	msedge.exe	85
PID 996 wrote to memory of 2484	996	msedge.exe	85
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 4788	996	msedge.exe	86
PID 996 wrote to memory of 5116	996	msedge.exe	87
PID 996 wrote to memory of 5116	996	msedge.exe	87
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88
PID 996 wrote to memory of 2420	996	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1JUH80hkBWZnOXc-oOMx9K6UZoXKjYNAd?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5149778747162733317,15855359871982990521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
24KB

MD5
2b77b2c0394bfd2a458452006e617f96

SHA1
11eff89a8e3e64401818f81a02bdc84e8ecc4325

SHA256
c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f

SHA512
21dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
613391537df1a29dc79f36fac2b3ffef

SHA1
08990d1b1a65a72f9131b2cd4b0a207c61a45f9c

SHA256
b23481d7ac32623bc5e83eb30705d5522f24d2edd5783972a2c98129e59325ed

SHA512
1dd8b132261ec88133bc16afaf910bd73ea597394bf91f923b504d677ea53da642311dfd3cb9ccde5d828296f1d224d7b4bb93040cabb916607fe26984da2553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
482d55014ae641276d5045df7580e7a9

SHA1
37b6224c2eb19dd1d573a9a3224f7f6a53fe8ffa

SHA256
83ab8bf110b1edc654ea6f793a9928534af78a65de69e6df5654bc0426e327f1

SHA512
04a32ed2b519969f86b65f766e8d64a2f0e546e64fc664e609458823d48dafb1fec4e3ac1195ae711f36dcd544584e1050420fa031173ec8d6ff6597ef130a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
62f3cc93a015ebb5ba8a38ca6f884a66

SHA1
9335c3cc0f425164842efd01636f508d8da23d19

SHA256
c62c2ead1eb07cb4fc80439d2edc8f007aaaaa54da7791b2675c7c27d0a1174b

SHA512
edf325f8aa88426d2698dc094f19eedc53eb7edf13f9c9ea1808f0185a1c01071fe67f9fcd109651fe00edd27e362af80b657e9682b2a7e47efb4b742844e579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1b97d33867ebdc0ecad9e484c91bf09

SHA1
4014309927a925bb39e3bdbbb3799b8eb509b08d

SHA256
91d514de12297f7e1ce75afe0f0c889bf907742c4a2cf23d193303cf989e09c6

SHA512
e8b678cb7f1cccb81a496935f8fd6e4e69c57131d9144041d9b7a1f0faaaa3a2e2f07cacc4221fd8a05855bde3c8d727840d3a463d30ee9d6d32c59d337d8731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fea756e9e657c7b7efda1c5ce48b7165

SHA1
9e3b3e4eed8d0e1850f56fa2bed982dda313c6a9

SHA256
2ff77ae6b44a5cdea79a47f0cfaa577811b262eea5035456c4c18814c330bf1c

SHA512
89a7311d905246288a02babc2e920e05c466f83163e83d824a524251b2fd5e9535b6385c4a04c67ecdf33f7bf7bf711bafa91c0d9363ec76ca233e6a509ddfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
849aceea321aed39eea7847a08a00eb5

SHA1
705b2fc35beb13973362b6e5d7b28232f166d446

SHA256
de1e01da98c46a96a4eada0ed05c2be5e3639e68c77337e2ebddf1f4cadbd457

SHA512
9ed24398a051c0722be3085144a11121ff2b61e9d0a805851dcdba34ef1dcd09c5a8c13a0b5b7cca632de13f57b88edee6cbdd41789a7a3ab92024b9fcab189c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60a0a0f83ad6a3a51390244a5802a968

SHA1
eb7c5a2c2449a5a44e1b97888868d55f8a824323

SHA256
fe5996dfc5dc3f77ffd6c308e13e56478420b98820cacf4429f9127eb81da5c8

SHA512
a4ee723477c94ad15ce4acca1c9a20f02d16d720d3fc1d319730f3a3dd7222c77cb2aba5e2e85604a623b694a7399453377442163391b0188d2ce525f02f795e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22a7646d78e2f05ebfd08fbad9310c02

SHA1
66549ac0c26878d89884438fe8c93b7ff877e310

SHA256
acf8be0ca374ff5e3cbdab34cb004ebb4294493186f9526bd281bb717acebcf2

SHA512
c1c9b8b958a31ffb99b3fbe5dc874b0804c047982e8d7c70893e9007f77857b258a0933cc773b5f4ddb031eaf6261f0e3a3a5041579a17eee776182832cec6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d53e36adb27cb672d3d1176bebc66d7

SHA1
8ce2d706b2ac30ae45ff9d5ebb244bfaaa863910

SHA256
06e6df4a572c47f794ba1a9c9d6ddfef85ad1b7458ff52e290833adc6a954b38

SHA512
7952a00a1f83a1ccc984a45d70d570ce1145b6123c8455fe6e0cd99b19ac4b5b7d7edce0b431a1385e4e973498c708b1f06ea116193d29b9ca77f65d1cdf856f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8471c1795878bf4f98942d4b2ea82819

SHA1
b028c338455d9ee64a2ae465384d37fde4440c24

SHA256
244ded0afbbca85ed508645af76da1319fe9924ca1620103e2cc79e4b3a81014

SHA512
f306f0ffff9203b22420a4ec49c55bfa27707138a87b07dc5e0fd7e052c7035c8b9591d8656bee788dbfc9a409feca908addaf731ee0a39ce2903f2492b49762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f4c5af20e2591d6a2c65e4822bb95a7

SHA1
2840f49a228eaa7f1476ed6d70d6d5c7398b01e4

SHA256
be28ecfc053254ba110193b009a7947e8aa9625d50fabb49b1975fcc61731ff8

SHA512
bac8bfd0126bfaf143383d6be0f500d2d78655b09f9f23c7b3ef3a302da71f432415959dfae10d00a29385e0f8a70f8f89cab73f0f4f85a5f8340c086b3741c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5f0.TMP

Filesize
1KB

MD5
0a88487b50ec9ba6a05a94da113b95db

SHA1
ff0202d39b52d05f81490f957478cb1bb37019b2

SHA256
7d186d81cd5573363010635b8083de9b712bc643b9c653f06c9155e0841449a2

SHA512
b14020502ad88e9691503c72f11d6fa5370adae3def640d5fc1e4173f3634b69dc550bf9a5da1a6dd733b89e19cff302674410a8a55d50db29474ab239139c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
97cadab83182e243b2f0bedcf57d89ae

SHA1
5bd3fc17cd2cfe2695414afd9528cb0005b422eb

SHA256
8bec3d0de6e90b3b990e993c222774710267e8232d1896841011a0fc5459aa67

SHA512
1d0a8a676fc7dcc4b4d667492db47907c47a54b9a758e815de07b720fd0f9a17c558634cac426b8aded409477158dfe2c80e19d02caedcd585dc79143f49bc5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b029438b9cc7f264a9144043dfdc2e0

SHA1
f01f1a61da06daec0b40a6b647d46742c1aafd87

SHA256
e49956408fe6d828818976799242f15582ea3cb7244eb53d35baa8d997eb2aad

SHA512
31f6df9850e6da0ef7f579ff63172c6fe1e1dcaa61ff1536bed46e6b9828b54109ee303c37dee0328ca5e1d38d3413f762255be27c09f97d6b1bea7c171730a1

Download Submit