hxxps://drive[.]google[.]com/drive/folders/1AMYiBcKM44SMngrOLIazvvlxJiZe5npf

Analysis

max time kernel
262s
max time network
285s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
26-01-2025 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1AMYiBcKM44SMngrOLIazvvlxJiZe5npf

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1812	msedge.exe
1812	msedge.exe
3144	msedge.exe
3144	msedge.exe
840	msedge.exe
840	msedge.exe
3736	identity_helper.exe
3736	identity_helper.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 4032	3144	msedge.exe	77
PID 3144 wrote to memory of 4032	3144	msedge.exe	77
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 2324	3144	msedge.exe	78
PID 3144 wrote to memory of 1812	3144	msedge.exe	79
PID 3144 wrote to memory of 1812	3144	msedge.exe	79
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80
PID 3144 wrote to memory of 544	3144	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1AMYiBcKM44SMngrOLIazvvlxJiZe5npf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff846df3cb8,0x7ff846df3cc8,0x7ff846df3cd8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,13640818367550392945,4216392332518627506,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3612 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aae1e221165d879b3e44dd2889dad9d5

SHA1
69846904b26f03f448637ded99baec53abec2ec7

SHA256
be115bc60dc238e795f2b9ea6fe2ce9da5898412eb84312e34f847997c16500e

SHA512
b9b232ed0deb8b203ddd47feb27961a5aba9b3cfa8430958fa18e9e9ed8f53a0b89f5a9422703f8c73d0da8ffe40a94776642a5a02edf578b795c22f49d97d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
755f8224c2b02f5c2fb635577cee3b41

SHA1
f42471cd6649440ce9f25190828f1c1a3ad31407

SHA256
dc9ab34bdee2829dd6912d73977944b48c45ddb6c205616761eec4c5328cdd6b

SHA512
79bc0f8c15506fe8a0f57c1d016610e702a229d92d7318934b9d2ce35ad3a203ae5cf31804c8a0e0ec1044d87317a48648502fdf41337ca8e855023ca841b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a09d6de6bbef2cc61d4174c9768d77e

SHA1
17082b8a0654e35405d3b546fe57a2e52412482c

SHA256
f9058011011ffa6e31b561f5898fe4cbb3f7f87bb8e7b16667827f4012123a35

SHA512
6fd39684c2c788ef5fd860b822c413d59234997add91ef580a35c0f75dbbce1091945c470998db488f73ba9477e31c8736adebd1e224ae214a064233bf638986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c3bed70e545505e2d0c0a0f33d0046b2

SHA1
54b9ac22c97307efecb5cb2d34536ae624d72411

SHA256
8d94709ec8a48277293ebacc0dbb44ac8ff9eb7dc1a59719b751de8a87f08bc8

SHA512
696499e4c5727f2367a2ae224139aba3564d2271c4b395b4b3c21f950fd26d71b92558cb15eaa571a6230781fcb66da76171d5368c12dae25691bfcf79330e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a22c6bd2bcad6545785771c71cb87df9

SHA1
890603b766676fd015134cde95d9466e1f614412

SHA256
0572742613b4a685952c6f153de4c21d488527257e5be2a795490cc95ceec9bf

SHA512
d6ed8057b6dcb1813bb8bd8761effc5b7c966fed2132094095f8ca2ed1c3916a551a2cf307a0e5d2a5bf8a34b45352d90ab53e4f225fbc54abf228e461ba4a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
41d0edcd2018ec1d939fb956aee02fc1

SHA1
6c64863c0d8e4d546778d7e4dc75a857a2e39a4b

SHA256
81a96657121d101516d24411bdb59b1d034e374797400875a0ba1b5f703fa6ba

SHA512
dd28bb2d791d0137e2b8f7db6a550334975af79abaf617fe2129018240b3b82d0979b8944243093eccd0f3d78afb852c262e0de040c6b9ff7bcaa8476b40a877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50fb8eeaa6f2b11ab2a2da61c20e8502

SHA1
8805e000ff5e4bd8051cf71074d1da1139bc5b59

SHA256
41f045337d3216c9154cf1ad1900c6b338bd645f43e034860d251974f5e4c3a6

SHA512
10f4b8840ffa8dad3c553bbc210c4da66b847e58a707f750d5c65b453b2825957c8968fcb4749521120dd655416a17367180295e2dcfddfc0af8778a4134c559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd35321d30eba32eeb1b63f4bb8fbe64

SHA1
e74f81e139fd0f4c7f377aa091141d8cb18237cf

SHA256
4edda1fd31d772a38c493e1e5d1f5a7856cb4b2829a87568d8e4f1df1530535f

SHA512
8f558b76e9141d627f2ef1fb87a93840f371b9120c4fb13e898659158f549ca302ab655099ca98e99240443414ef80d3994450fc609b18f1b8cfc5bc95728a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bca4.TMP

Filesize
1KB

MD5
a66a7cadc685b2ec18a505aebb28e50e

SHA1
96d7ddda09271e600f041f40c428f153f05dcf92

SHA256
18f1e82dcabf43b3785360bccf42bc448a555a498939207cd12cb4383b8ccecf

SHA512
46f965e116c2f62b355b477aa16b376048eec8bc68c547dcd631cf49e5027f579e85cb2a20e45c69b0ba8fb02b89f6b6753b4349a4eedb205c2db57d2db654ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
32b139889524d17bf8511cbfcc8ad8a1

SHA1
36d31f67eed7ee797e16fce4d5b88b398e7d9016

SHA256
b587cafc220fc0c29e288eac74232d2a3084095e2a9e2831ef62a42850e9622d

SHA512
8127732822c1a968de553da2da93fea1ecdc12423669b2a6778a1a04c5a00850531a7b52be24fb38d6a47b38119a00982bbfe7c2eefbd280f6445a460629b68e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4fa6a7011db1447a9726b55a56ff9fe

SHA1
b5066156ebb54823cb81b7a31e9eca2af08a88bd

SHA256
687ce103ea01e4056ecae8b264b79f8442b98d5b35330cc86ce5ca51c9f185da

SHA512
9dc2f87bed7e11dba904e67c2a63bb55c03860df7a0af27a08574702edce5adddf7e21d71de02d6085947f295525878ddb1f07b9c97e7acd1db7fbe0ea90dcdb

Download Submit