hxxps://drive[.]google[.]com/drive/folders/1qGOEI0r06oXhjPU9K3rAerv85zbxcNFU

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1qGOEI0r06oXhjPU9K3rAerv85zbxcNFU

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
13	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
312	msedge.exe
312	msedge.exe
2020	msedge.exe
2020	msedge.exe
3880	identity_helper.exe
3880	identity_helper.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 4804	2020	msedge.exe	85
PID 2020 wrote to memory of 4804	2020	msedge.exe	85
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 4396	2020	msedge.exe	86
PID 2020 wrote to memory of 312	2020	msedge.exe	87
PID 2020 wrote to memory of 312	2020	msedge.exe	87
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88
PID 2020 wrote to memory of 936	2020	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1qGOEI0r06oXhjPU9K3rAerv85zbxcNFU
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8dff46f8,0x7ffe8dff4708,0x7ffe8dff4718
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,4367125413578174897,547640005461404708,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
565d902c5b6169e8a588e5a32e7e7def

SHA1
bfebe088d94b26b444c27e2a30f5f59805e216ec

SHA256
d124c894d91c854ad991c7284da68ed7a52d0111edddd4c9ee169cb999129dd9

SHA512
abea86713c1f0363beaa899ae52d7fded6a75bd42f6cc4174464302d81fec690499e0b6986131f83cb3ef791f65e1bdde202cefcf161a1f48adafbb7d7666d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b7b300fbff3c5b7f5a935d94c275082f

SHA1
c3c9a00f3f30614b701ac1a487e6847cb73c9d55

SHA256
79683635664c810013c17e84bbabd81c1286c2f1c9fc8bfc2787c3084d0ae3dd

SHA512
f0fc5fde854aa5d62c7a89f31dfa97a0b23315ce4e6c5e05535dd1b3d11f1ab89fe03fff0a3d8899d5d1be0efb36900466d57a97ae7e8265c877d3fced0a827b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5260c3d8b5f96f216027b4d1e590d0e2

SHA1
5a80865fe04b01cbd6df0c2a4ba6461857f12956

SHA256
4fb030b00856dcb579ddf61441758f507d1e86afaf6997f3aaaa9412268ac8e3

SHA512
2fa77cd750d3646dfe531006782a5ce0acffa2ab50dbbd3c7cdf427e0ab3897ecfa31fcef12a65fb67a34b35c1c4421b6ad6ccb6f29093b4c4c6a374e74680d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3f2bbc8d6b8355efcfc4c0cb3c099c5

SHA1
2c6b1682e0fdce33d3d9c88604bb5cfb01a3664e

SHA256
8f79f3b8bdc1b7f039be39c8574e41f6aa705b11c024e46f61912ba0fd5b3049

SHA512
ec551c26ec3f28b59b32dc392bf9d205720ef47ee184e892cc5ceee8dfd8d397712a4f12ad0f01aea5d29593b947569d59eed03441edc809d0df42d35f1173f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1347227a9c537d7f5d24adf298618868

SHA1
a7a3bd4389b08705e4c6a7efbe03789d04d93b61

SHA256
6ab8ffd92de0a4b73578cd59f7f44761deee116886d746947a95e9e492cc1931

SHA512
3398742abe4e03b8fc4f315db0c3015f50a4d5ba643bae46660b5ba0c698f1d04098f7e461009cb2a0e52e90ab1d2b62596231a82bd7f3aa3010a80ea633629f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6599bb70f8ccac1e08c986a7ef26fad

SHA1
abae1a5e89721357a2594ed0e77f205b784233c4

SHA256
739151b3672aea27747601a82d3766615e96e0f57543292b6828a679699ace96

SHA512
03de26206fab53782712f29bd2c6e14ac400e6e7c5a5a18df6129e0184996c55546cd42ec03273393e14dddd4fe95a3af951e0649d2cb221a2a250cb744a4481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
480689f75ffe024e0975f028d11b2b81

SHA1
94dcb4735f6d8f38528825fa1fe4e3a8dbe6578c

SHA256
7a65367ba0d4ae899b27b77ef87ad97ecd9de107ef20f30f29f080e54292b496

SHA512
dea85e763e883fd93b53aae60a8cb2ea5640bfa533621c1886e0f7da74e805a5dcf2f786c7153f88e4bbc4b20da5f356cac5f35dac89b85d35e148d3eaca865d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c673fc10772922d61d4e9ec281ae4046

SHA1
bf7a8fd54a2fc05dd49aa0fd4fc7073e02f04690

SHA256
b050cb8e1970a03c5cb16829a0659e148b801d2cd598e397a2ff64de0b87428b

SHA512
66ed2814ecd0f75aeae415448bfcdd5caeffa30ebf44271ffb0eb337f7ec3d9ababd4437df31a8ce973312b66de39a4718526af9d5791e643c696451e7965e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
052036676ec835ef799c8b5cd0ddfe9e

SHA1
fc6f1019f2dcd75b31324b7460a7c8c51f941274

SHA256
4bfa31892ac7ec6e195b920ebc28bbe90a8f4347b34bdb4767376c107f843b6f

SHA512
7ae5478a847d40cab73be6b9e8a7667ffb7b3b0415fe833069237ea1172d64850f53d606e6c2c5c6958f498e402af7773169b564905a114f9f281865dfd8bff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00dcde774df397d93d1dd4300b1f6fce

SHA1
8b3691568ff2ffd2cfbd809dbc7b611bde05107c

SHA256
41d92fa5c6ea401b2a8710c3148c350d12a3077a9cf25998de0ea2803be8a475

SHA512
321068864c5dbc2e1089b3327c7f5a5870eb0b65ece8811b4cc33e04e7f72de44638cd31035f6bd0952f3744bb1a50d111370c406e52f63487d99cd46cd72adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca6a8fc067089d19849a212b526d5457

SHA1
1d32e33ecb936bdd6234282a3787e95e23e5b7a8

SHA256
c400505b823c5a98c7d343ce79b03047bafa0bdf373f2838e475eaedd74a3821

SHA512
6cdd6ed0fa8c97bad57ce6b0c77c805d95bb8b8a74bb449325a5b34878a4555a71097fe6d5c1bbe9dee929a6df4055d3a1b7faf69b115750a61153e9d83bea5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b9b80eb117d0a02b3467b5c7836d347

SHA1
01ff6d98ade9918da566763c2bf246a340403c30

SHA256
f4e56c5f5b66d66d341b0bd40297825ede94718125368dfe2ca6ab414b128907

SHA512
b87b23432aa6a9353ec1f441342e41f5cc1458713b3fa6a7fe3803d87e7095594ada0ee752ece125ff943c5f401f9751e3b94c420c0c9e3360618d6808767179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c57ed5f6c2f3d6327306283f204a626

SHA1
53702038e821349b34993240033977fde2546846

SHA256
650b5e6c16f8ae353668a8aad5b5972bcb79c6b6036c4d757bd2e30827725dc5

SHA512
cee250ddd699d7b9ead34b6d565292b706f2a52297ad5b8998a2228a5befb9feff5c241d6a0cb621a6623ba23dbabc05e7db2555538a097d309eb7e8dfc42f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d35a30d4d1a27344806a81c78b32a49

SHA1
074f3094751bcbb8c316ba4bff1d72f6b9f9adc1

SHA256
8e791893ba8bc8e078e36c3301e754c9e1c727ff23de781d5cde3ccfd44d818a

SHA512
d6a41ada7a6dda2d86d5f86c7a72fa5563b2a02d005cdd2d999923da0db831ee0fcb5b667f826c19b8ba5cf12322a30b925cbc356b02c8f033cccb9f1cd3ff80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4506be8ac387b94a7f79c379e894aa7

SHA1
1f37e96104e2be2f21b83faca6b04ab349378f7f

SHA256
f997d34b314d54a34b11fb0893d963715a670ac855b03ea02722bf7b71b1dc17

SHA512
bf0cada51d1b9f6159b6c607b8c2f01e559462ef26847422dda342bcfeddeac54ed01c287d82177e7b2bc7d1f0dd788165f8a56d5dfcd09dc489454d3ea41d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
adfb9a86f1dff88ffee082f3f4e5ce5b

SHA1
5d9d4559fdefb4b53c604826caf37b6aad196b18

SHA256
56e73e9316f9c95e6bcf20fc97b41be3ef9d5025a4264fd102fbe67614f153b6

SHA512
afa7ce04b6456d0e89c87c26dfa462e3cc2c3b90c9230c65c77c68e30e26cc01588992ed2ba328da741aa94f744b2504acfc36e2cb8900c323ba03a548f58a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8a9e628f92060f6600f38751e9f0c4ff

SHA1
117e1be707d113fe57024cadc512497339bca0fa

SHA256
1ab244eb759a624624125200d918fafac3411353886e5a834f6d04721d968ff7

SHA512
3e981cc308f6886e3e39e6e9c12722c014aad881cae514f9898cc4b195409ac8cc9395d228d15148ef22594083d456b5809530ca3e7a3bb25b69a68026c92e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e12.TMP

Filesize
1KB

MD5
3181d7095e146d94c27a03181d6c9ef8

SHA1
fc78ff14e407fc972ee8941b788517e11370e70e

SHA256
339192d452c50bc2269fabd879fa37e43c37a43419c8a18746c3b67ec1445a52

SHA512
952fa087779d38a51c3909d193418d0fd47fda6f13f629902a1a3b32e126e37b0c02ef9150c3dcdc9c2a89a684897d464c475abc62a5552c77c345b048b03fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbd6a97ad80ab6e5dc93a8971f0cc17f

SHA1
eb409795a1e9dfbfe41f3224983e78b491957823

SHA256
a7081655540f60faa0d781a42cd2a042e7d0f980af51c9836b7fea80b7f5acb1

SHA512
4411c1686b03f453ac49ef3fdcdb33b38767ce58114dd575e16d902f0348543a044411e4fcfc806b79ddb7d8e64cbc8bcf40af7d6c66d290df393fa85a088e85

Download Submit