hxxps://drive[.]google[.]com/drive/folders/1wM4E7wojzTbZI_zXZfIdfUwEI1ILMDLf?usp=sharing

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1wM4E7wojzTbZI_zXZfIdfUwEI1ILMDLf?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
1724	msedge.exe
1724	msedge.exe
2456	identity_helper.exe
2456	identity_helper.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4548	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2948	1724	msedge.exe	84
PID 1724 wrote to memory of 2948	1724	msedge.exe	84
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 4072	1724	msedge.exe	85
PID 1724 wrote to memory of 3440	1724	msedge.exe	86
PID 1724 wrote to memory of 3440	1724	msedge.exe	86
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87
PID 1724 wrote to memory of 744	1724	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1wM4E7wojzTbZI_zXZfIdfUwEI1ILMDLf?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacb0046f8,0x7ffacb004708,0x7ffacb004718
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15488958006775656518,3836574505485776826,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
ecb373c3f5db9963ecd0f9dd8a90952b

SHA1
1b668f74e620f8407df447aac26adb6459d31a63

SHA256
90d0027a1db7fa589b4ce6ac2e031cd1827a458086b9922ee89a6f6caa299eee

SHA512
7719fc8e7022da52d8a0d1ef380fdba0f4d561a5dd8a558c425034b0ba894a3db07dd1f7301e5c6b75e44618b7be12f4593b1aaa0ec1655445c7f1cc2337c0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d341b959e26bbf28ee789864b1f49807

SHA1
76cd7153416f289cc2142430ea3a2424d6bf09d8

SHA256
3d219de7e8ca463e3fbb44f02c4416e9df4f284385b0e14dc3a412fb9bacadea

SHA512
35780180879425bff783f1fa110f99d7626210bd0236dbe937c1a6659192e7b91a23942c42ba6a982f14eccfcac1cc5c570b841cb1c26c08cd5daeaeb7f542d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
94039dafefbfa39fbb1882c579418528

SHA1
f284ebfb3b35621aebb0b84ac3b51c442e1d9ba1

SHA256
48563c556d103a7fcf078f56ba2958dc8afcb253423a8503bacb2a37e197f889

SHA512
ac2e8665c50917e0ba718a1b006218c2d1416c1e62a90063bd1d82ab564c7fb218bb6f9109d457994fe5997beab0feed8e19b1478de20911a251bcc6e9910529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c68f6e7e62ee96cc65cf9fa95e0405c7

SHA1
f31a9f162b0537b4d5601ef375c42be7c6587402

SHA256
8960de17074002bde32d558db91d211a3b55aea1744f16ccf3e10ed4025e1675

SHA512
80e90961f5151b5990765862348f3df559836d5fa8d4a643c33a37002d9b51ed4e7be1f3678f89a7d3bf56ee5d9e08b6e48131b98d3bea2e5bbb097f126e6e61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b62ce7e0aae5440a54ef0c645b43b124

SHA1
c9f6bc6d107dc8a27ab5b98d5df21d8aa8413c3a

SHA256
d3d04debc4f9d82e09df6b940a5fcd1e7a2177f561b91744c9294b4636bfbbb1

SHA512
3ef6f0266877c69e6cf970fbad2597fb701ef8112d1e5ccb761edc9dcec163c603203dd46d928efe1884cf775a70ec04d343c2536af0572d2dcc6c52ac76ac6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0a2489c1ec2f371d9214117cb9cc8d3

SHA1
d84322b92bb3767026226180cff67322f1712cdc

SHA256
c982130f0cfd9959091f915ddaf1533f13429ec348b9d653dd1d440095219109

SHA512
73e7ad436ccf91b148f5d89079d555525aad8d161649cfd4e323c6fa7bef1a690f18107709df16915351bf1e220753c1206bf84be011428d29de7b1bd67403dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e427f26e7b44f355a923642cfc2ce036

SHA1
9947c8887eff16af1c3943191bcd3558f8b4ee5e

SHA256
1f52cf9ce92215c85a314c6431a0a0be5776a9d91ac3bedcbcca2b8b7c69f963

SHA512
c69256eedc857a309eaf95d20c76b076df8283f080553ab68fbee377e6ff9c9f72bdbc64dd4898a620058b2e657d684bfaaeaf4e3bdd88a071d33d6d067bdc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c034766c80c2eb3becb64559cf28ce3c

SHA1
d573bb93ee272aaf03cb3176f63c612abd3bcfc8

SHA256
a5381f9aa07ed1d5ec05d32e8d68a401d6d360933bb4abad801be3281b218460

SHA512
ee1182d0f783b05d15f0e7801d31486a54098de4d25a5d8fd1b3fc17bd3f7b936c95145ed90842252208667b585272e1137bbaf667ddb5b9cc8e22df91d46a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c341d923ce02b649697370764ff6997

SHA1
cfa7df8d4b88ac9d7fe94e018fbfbbbd97550bd7

SHA256
067f1b0132c62f4bfea58b257152e0e5ff32914e6a4e347af0078b2373530078

SHA512
fc0e0a6fd5121753c1cb62db39168a160889935bab955f6622efcf86c0d3ac387adac38bf76ec854dd7a55c88d213c65a3d51ff0c737ea48678e1655349af8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32d6ef56be27a24844c5eb26a3a78f6e

SHA1
ecdcf83bde719b704f0cf2cbe4e6354ef15bc856

SHA256
4714e557f425c9c94b233cdf7fc00b938437f5af20e47df8e82dc288893c2c14

SHA512
4d065b3a61345bfccf5cae9712c65d8b903586e637f0b9c8af098e70c18aee8a978372fc8afa2e52f32886edf3f61712d0fb83341979667d70d2230e854f0ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32de5e5a4351d530012f22ee24c8d907

SHA1
3f9e0a50fda2bccdbec53169869180d556ebb599

SHA256
5bef93cc5554a6b1cf2a0c7692cb5f85c28d77fea032ca23336788d60aeb2188

SHA512
26c34840457dea7ba96bd0712716dc436f0cbe7adece7abb774a0b79ac1abb0b10f4c9ddb2fa9dba6783eb159c0799140f4f689214209f3a1d443e565e393a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1e1673760147b46ecaf746fefa5cad5

SHA1
192e07b1b87794857e6a221236fff2253bb0aad4

SHA256
bd7f1e53f3fa61db14e68f209fe3c0c0aea4a4096abc95c16cb3fcb7601820af

SHA512
dc871d81cb594b57999b10aeda1e65a32130ea7d05a867f100528ab43b7319e02b901004b67c44ca857d45995c1c435530e171d34afcf16b9a56fdde7024cfc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6446a181b736896e592a1a59d2fa227c

SHA1
96d785e23e04c45cdb1b9562929375f2d06856f3

SHA256
da401c8b47644fd5801c8195447eb99f8a59fa0e6526b880fcb936988a0fb48b

SHA512
8b209c2fe31eb8a4a95631174acd2c02985d647fb8f72fff2c7f684d64e074b9e2dd648afb70db3381414dedc2b86df480546260b8f59aa5eddc00c72a155264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7521a9e669566dec499dfb53b5981545

SHA1
8d4dd295f596b7002b263d8e514804165a316cdb

SHA256
34b32dabdaca37dd1c3937d87e94700a621d7069133ac8c4764f214e3576b81e

SHA512
6504f550557db5b55792edfce98ce24cd1b96dbabf4f30be9cbcc1cc5b310ce22d7330de6e4c8cbf7bad965bb438d77cecc783cb2054fd6981232bc592947ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11273ad832ea288db9871a65dcc76230

SHA1
8ef910972058961f5ba303d415990cd23aa05e97

SHA256
6a50f08a79fd2ce1987ad892e1ac21cda10473ef94c251f3dd37c0aeff951396

SHA512
a3a0f4f902684f9dd5133f22568acdd86b1c48f61aad99f064f11e1fe2bca07bcd51df5620cfb9fd204d21a94acd67aa12f141c6e2ab2c3ad06e730312d00624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fbc6481fbb17d98ba52766b65d5feedf

SHA1
11d96020b65832b75eea94c3d192ad1494f6587f

SHA256
a119ef7c1b95e9cf58d06a4f279ba3784a116471781a1227aa6c23adabb67e6e

SHA512
5d1aeab48b7aca55e72bfd358bef26bd5099b4972152e328c81875ff37b7328b3c10d782765c0c745a09040b57a987325bcacd53397a5982854a2966a8cb8bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58506d.TMP

Filesize
1KB

MD5
361d9c4399886aeae5027b85977ffc6f

SHA1
d9e4d3605205a2fa5ea4225f2bfd50575af774f4

SHA256
ced9b78c719dd9b0cd3a3a964b4260c835975684a644b0d7dbab3e30c57546c7

SHA512
dc40971798f43a6d35192311cc1963770e536a35bbe749c6aee85237767767da188abe646b1f88b5467477df8e4841f8c520ab2111bb2e0216cdcaead760b204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7369216e905b7d026f3a92042b6692bc

SHA1
ba688f5eee3cfaf80ea3258625ddd43d26575718

SHA256
ab98bbb815853c6af8fc6a9809a0bf7346fb449e7468ec9bb07511ae6de1019a

SHA512
7a4acf11ea0423572c6bf8978ed0fad360a9803684f13ec500359e609a48d9052f49f58c64a231196d6650c7d684e8562430d92c44a48bfa8aba99997156eae3

Download Submit