hxxps://drive[.]google[.]com/drive/u/2/folders/1C4PGySuuzknII8gRD28eSvKfL5byVVoZ

Analysis

max time kernel
389s
max time network
390s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/u/2/folders/1C4PGySuuzknII8gRD28eSvKfL5byVVoZ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
12	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4804	msedge.exe
4804	msedge.exe
4928	identity_helper.exe
4928	identity_helper.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4304	4804	msedge.exe	82
PID 4804 wrote to memory of 4304	4804	msedge.exe	82
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 1104	4804	msedge.exe	83
PID 4804 wrote to memory of 4644	4804	msedge.exe	84
PID 4804 wrote to memory of 4644	4804	msedge.exe	84
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85
PID 4804 wrote to memory of 2340	4804	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/u/2/folders/1C4PGySuuzknII8gRD28eSvKfL5byVVoZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3346f8,0x7ffbbb334708,0x7ffbbb334718
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2426160831167202959,15879471219760936180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2daffe15-adbd-4808-9cca-9c503fe11306.tmp

Filesize
6KB

MD5
04b111fed54a8b43fa7c0d81cd5191d9

SHA1
4a7d175d3e9a625e7c6ca44a1ca710862335c87c

SHA256
f8ee5851c18362ccc23076b390b88a2a888f749195375d2e19a9cdf5b170e41c

SHA512
c880a1672d0a3f8b1a29a86d35983cdcf8e1dcb2361570e3a04e5feed8ebd82df7594edf746f2f7c68c145220e16f55a222a7dd97737610a4cfb284b21e28677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
24KB

MD5
2b77b2c0394bfd2a458452006e617f96

SHA1
11eff89a8e3e64401818f81a02bdc84e8ecc4325

SHA256
c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f

SHA512
21dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9e7d497759e9299c6ed199b93faf387c

SHA1
78b5777b9cdd345a69a756f60e05c36ab457ef2a

SHA256
59ff5432a02b6f6f0ea5a41c4070bcdf72ed64348502d09ea789d21218c8552d

SHA512
fff07049d79f0ed1e812a424d254cd818cb2471723583be77678455fd38aaba879a85ed2472c61ba30506ffce015edd714039049647112708d6d5bfa816be596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0c7b98465de91df21cac68c025b07dea

SHA1
e2f147562b7a16b031534bf5e0b157494e3c3503

SHA256
3232b5f1faf451502916f52b3a75a9e855861ddcfd8a29b1b8c540ed74c0145e

SHA512
63c6b02d294b16d182d75711aacf8645136c41a9e0697af69bd0d04f44f4a2d997d4b7a23cf335c5c178dadee4b2e60be84cc84ac6f27f278958e50f23b65227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
69441bdb570e93a64c8c6db0c376882a

SHA1
7f0cd2405f78b588498e1c576fbfa5b8bbe6c92d

SHA256
4c8fbbbd6627dd9c73a2acd5ffcc94b41b1905f17b997d7214fe3493e3f18158

SHA512
42dc5233cf49582ca92ff9e7e2997acf4a1fd1f26bad39ab6c6fe23ebfa9bf26e09f91538a6fe2189429b48e5c5b3aa161090afbea708e7ac57d5f1521be7b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
014a8368d87aa79837fed949b5f67707

SHA1
201af349109729345bffa8dabebc4a0b2d53c9dd

SHA256
4656e487b4fd3a654da98f5ac884a09fd90aa5c8829f1a6ac63ffa4a8c6d7e18

SHA512
1a9c7ffade8c3bea931f1e7462728f4b269aa5f2a18d872fdfc038d56f95428f64ae7936a4fc4fdaf1ed65ac6bf2dfe13703b2ee605aae2e355601096a7630a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
296fab252a9025699a21eef0cdbb2c85

SHA1
c6e76c7d1e526b3690d04ee4f51b4fdee6c47448

SHA256
624d20207212f5aa4ebedd1600740f9b54e9951196517846313d10cffd234bc8

SHA512
5ea66aa69d8b09aa1deb8af30036e9d29c3366032b24e849277973f64e82b759c608363511d4406883f32116dcc173e9ac0489ecc15385a05fa795ee7340ee44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d5c62a9bf4f056ccdf8f5e896f320941

SHA1
4dc139ec9f7e3774bfeb3f9a4db4872ce8d01d88

SHA256
9800a976f2ef9d3a0f7c750d6d9375a6bb858a76286dc5694503399b31cab4bc

SHA512
d830180a58e386f0c6d3a583687d51de80700c813126bc23f14bbae35547447e9fe26ea444281bf0296885295c046316f9d18165d1350a13b47320dee65688cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
05fd0204a81935abbe9dee4cf309ee96

SHA1
f5130043d02718a227cd21fd7097dd2f2152a471

SHA256
eee6d13944472f0e6b7d204803f4b9d2b34e8462746f070a3d60eebc5ade6ae9

SHA512
7a03e892f766ba8990b213551af5bdbd480888d80183c127b378529e18264100a0dafba6c303b110c27a8f46c06bea7c32c4c9d567ae990cddfacc450a6f8372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6822313476102243395a7fa690006574

SHA1
b6d2c91fda4b292aa8db66c75101cb8858426f33

SHA256
5eaed199bade715fee489942f13ae9d166e2026956fdf04f3325e5a21c4cca3d

SHA512
a327a7872fd8adaadb705e7be8dd9fcf827e5cef9ad5a47c885b485af7870369f9d5d78544198cadff7d15a9767289b49cb129a7b5507dbc5348f2271f207942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1093d01c20363f704d951b52c7f35139

SHA1
30279736259e6965c1bada36ac5da0bc67a82606

SHA256
b0d2eaf4e39e013d3aa635b7934a0e04df6d9c52c3e684c5ca01909d9e3d2ee1

SHA512
9c2dfcfc3a29a5bf29400f06e6474c180d76d51c53e81d8d1b3992f4d2013bd074c594b4738e62aca5096ae5c54b21ccb25d2fa0ce04f7182a5f14c1e420f150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
669e9280f06b46f1d77803ae5797f5bd

SHA1
d1824ccfec580e1c3be340b97386c715772d74ce

SHA256
5ed2bdc1c9eacadfab09de1b932ff936137f0b1a8a84e9a9b0866dccded0c8c6

SHA512
a21253ebcc6d1c6fd8ace7fd5183b171a1e836fe5396576e78a67c80fd12efc8bb402a4a0ce8e968c8e4a80ff22f1f19f4919d5162bc21be09b143765a6f4735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2cb5d6d301dad112ce605c9b9af9f926

SHA1
f3d4236091e3818332c909ab32920fa158f68b97

SHA256
8302381fc408df215edb9d346e8b202065801bec22a27faf7a65677f85c29436

SHA512
835dfc28d9f7cb703f6fd2ec5f365fc4ad79800cfcf283ae46f160cdd67503ba2498b325cc1e77de338463073121fe4bbb1d449333e3d7ed7cfe358ab9488e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a001e9eaf481bbf71a5592d49b6da3a

SHA1
d63f4115e619a7963266f645956f3089cdc280df

SHA256
4d966e74e6bc717727e5a2f39ae286dde40f0143ffd0047c61f99ce2ba0db6cc

SHA512
15b03948d04d0ed4f80a1a95933adf3a8a02a4be63c68c486d845fd1c6ab32e8412f084ad7538f68db9cc4adc256d7b598bb93949a13f715341bfadaa20fa7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
851dede48194fc50732b19fbbcf2bb30

SHA1
d1d60d1e1b2f4a1217da8c94651b033d8d6f4d7f

SHA256
1b2815aa08c999ff9c3481035314483ccab271c066ef597c9b4574f597ec44a9

SHA512
150fcc8c04f25bda94efb6100f94ecff1556496e39f302f8269b18eef1a0061b06759f865f2c08adf2833a48c8d38481e2705bd249a077d3d30b966f9035405c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93f06a9e99c33efc9e2a71e2eb940daa

SHA1
bf1366b1d44eae3c9e31348043fa60b452c9c395

SHA256
a0e5535a64808aa0e7a0c24278947b07cbc1cfb1b70258e2bc0e2aa7f7d54b35

SHA512
0f6db504d6c547dc3237f3fba61aecf542da0134d8a8755d9331b04d885ac94bbaf231e27e4d5cd2fb16a5c284b036b84ea56a35e29b8cba03dd1a2580350a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd553a1e37eb911a800e4666eb72d7b6

SHA1
7152b2d94d83059e42713e36094c4183e9a19ab1

SHA256
c0a581a72d05cc79a22c46a24516d67f0e73281d2bd20ce40c41f231b513c145

SHA512
904a4e7d03cf2cf34c064031aa9ef0196aad4f9bf3e21a684167d2b2dc7ed28a405d0bee01498eb7d386faf9fd1d52a2b07d31447541b5e647f7e20577efef62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5a6f930e2c9c346b3e214992715826a

SHA1
28767bc51b314df576dc890bc63ef12832b09b79

SHA256
0bc31d627b72f2e4e87476f9cc7d5c8a0ae4020228f7d1690c62c3d24c27320b

SHA512
bc100227321ef48c0d398ad721702bfcf61564b75d407e4b42075042ca83ee06cb5dec4a4b812a075424d66cef78d3d991498920243bbd7094117860635e21e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0b39b04deb3ca86a65ed3bd316164ea

SHA1
abd8063ed5e645a969cceea56e5163aa3236fc27

SHA256
fc1d541870d8cd44430bf2af37c4a222fc6e20e3a8456ac8f9df27cee2298ddd

SHA512
18d1f5b2ee9047137b699f7d56c973901f35cc7c4220bd074c740bfa16b3575066f7b2db739e38c01e5ad204a1e27cc0cff4a79eb770e508db54fd2d8ee5f13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6b8e1d08fdb9c4e57fbb3072b603a226

SHA1
0fe8d21e118bd74797b36a28d275a8bf975fab73

SHA256
6d057943cbc70e01f75869b5d9483a5d90e185209990d7456f34407c7b6fb741

SHA512
3a5ade012c1e7bf3c2b960fd60989e0d1d182b0dba4ec35a701b34d085232c905273a5d5cd8041fcf548c6f61926f0d5b177f3e133d848df4239e18f76c0579e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9395d94b1f8385c3849df9dc58f0a8ec

SHA1
b9028e7d809e978b01250d1217cfe1f8bb255a14

SHA256
c799d9f511eb2a7e013dea96447ff74c4537bd415bbf9f6fa2273548547c13a6

SHA512
12e8902cfbb947abb0d44cee27c97ae57846d89936ab839bb1ffcd17742bff5b63495c7751d0bc1b0fb97e8fa63e0763b5e037004b1fa24b06180d6a136394ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
607c4ea870e5d5ae4bfce9e77de5ec6f

SHA1
39dc0378db7cf9e44064616b547deb7363db1985

SHA256
64e716ddecc50a795a821e7230f6283587d646279f4484903bb075f558b54959

SHA512
51e446bfd32aeddc2a86fed1698ab14d5676cc5ea8250840c156be851adc5afdae0c0140d1b19cb88a121baa44ce1090b342af144e391155334a4428a23af328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe693ba7b212a875714df685ad2b15a1

SHA1
7bf8c0678b7ba12ee89fda6b59117447698c30a4

SHA256
85d5152ca22f1c0ffae722b759ea951c06a195fb92f177d1727b0b41b8195845

SHA512
79ebe9678f08b956de08aed1c8f1a94785e5801cfb1a23b5cbaddc4b364e7dfb000a8e36bea7006eaded6dfd752640c7fe8636b885a5e0d1e763ab207f8bd42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b23dfa3f48427f6e15df8ed9d35b1fb4

SHA1
3f06a8c0b165060c8bb4ec93e07cd1256d80aba4

SHA256
877211e55a1f2fbd5aba1b72e60c2f47918b81a173f42ae2f54fef57947ef3bb

SHA512
c879577b768fcf4865f47094318c8559b52e2f93e4a3b152d4bc8c9751446ceb3843af74ce367aa6fb84b496c3295e75af8f97bb1129d16e856ea385405d6f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5e7f6a7ac8c4028b9ac7a18d3b5fb058

SHA1
a6072147b1224433c5db30fef758e989c724b947

SHA256
708be86273f543fe5a32224220423c6aa9a57bb392ddf01a8f2c3ab1af9613dd

SHA512
a5acdcf6f4bb19117baa25357992e5f52e0b1e2a1502c509c427029fd4d6c3c754b89673729604234e91bc86da309796e44749fe656456cde939ddbeb684144e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11a0bcc12b7b157934ab4e7b51fae56e

SHA1
97a6be688646c49ce5aabcbdbd7370c3ed24c819

SHA256
8e8cc1e6531bcbd1b63cff04d1a5060d8a49da4ff6a6cff7ed802225b38afc79

SHA512
2ffe4b87205d281e13c90fdc25aae8374ae45a398004eaae3450395e85dbde500824fd85e4dc450b09610fae570f4cb163c4f9f607dd56cbaa797c5244305610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2ae204bad7a6a1d15465a7065462941

SHA1
92cb2583658171ddfe357e6865be145a7d188e4f

SHA256
49b840d4fb7e5a0325020fcc078fbdd9033b389394205b5eed9e79ea7f75383f

SHA512
10447bab8bd4aa263d77bf6d80c3c31f8db975470d2a635f01422f4391fdc99c672344d4dce21ebf4df2f797d2f162a2292542fe4747a8a4e2445d0976ec20ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f518ee671179e1b5bf2950472d322d86

SHA1
4dca039f28e0417960fc10cfd5f078689b5de245

SHA256
2bb5f8e52a5bbf4a0b85f476de34314b5cfbc880ce320e609cc72d5a524fe910

SHA512
45fca5c6dfd4ee110a103850d98e7d57f24ed7f5f5d933fbc9df5efb19747b8aa5d3012a916427af12aaad1abc7ac1c83c7aa9736930c08d15ccac18e4d93379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83455a88a2f8e6b5c47c15c59ae46fc3

SHA1
ece48de405f22e82ee21b37360fe5e5461445e08

SHA256
b429f6ec2bcc2ff598279aa87fc28ddb479b6dabb3887d19006d0681693c3249

SHA512
85ba0fe865880e24c31ecc19fa19aaab7d43d259b0b51ca2d8912a3b0e7087d5b3dd54035c843a4c7aadc5d5781008c1258c7a036d0a1093012fa35198d87fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54353fbe3f1c263286c0aa48e4c38dd2

SHA1
aed2b5e7a7cd4aeddfe2a81c3f9183171e9d5270

SHA256
ac73d0c6ecf5c6834910812527a82578c162e26de7df295cfea64219912b2be2

SHA512
13e6917f287a792baa4093f4186eac2cb1d1f1c69567860a63a666689292a807f78d773306da0774d9317f02a81ab33df749dc092fc885cacd8351854497920b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eaf71b1e7c99c09a026f2d87e380f9ae

SHA1
867bceb20c7c5c07fe94a714b5a610c831dbe14c

SHA256
cb37b77f8cb764a576ef43d7aaeddfd9f83a8acd2174954602bb519952cd983d

SHA512
735d9ad0a4caac556589692dd83ddca575d70fc863ebdb2fbeda09fa2760c5f72247a5f14ffc5481dd4edd3bdc1c5354fdebfa644d98f9bf73a4b4ab165c80e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92ea8fa7aeaa5a66cfd8d850aa08c663

SHA1
9d01a13353127197c58c9e8ebafaa20e46cb57af

SHA256
dd45d7f6123c2c55ded225008962060db12fee3496f4998eae014105335a6c1b

SHA512
f9eec8b19cf1c2156b775ccb046e927e9b076082440c0d4c9c97e5ca4a6c6de34e3c5f422e1263198312730c4eb23946060477d1482e12868d59cdd391a182d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
727be1d44f5fdc1b0a6ad61717a74af3

SHA1
c9727e0309834b0dbe1c2e7be0be10ba08b88c74

SHA256
4c0d0f37d58ac2af05aea3bf748588bf1f66559d92047f6b6af771485a1a4226

SHA512
323e3810bcd4515fde300bfee5961490b7a2abfe66de8ab94f4ba1f8efbfd81a9600cf88e7f31ccdc1f37509d00ba47c0584c7fefbe01f1699f5ebd1e264160e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b89429ce42a7361f4c93808df66eeb76

SHA1
c522f68f5445a92c6fa879fdf70f6f191e72ee19

SHA256
6e8918a63004f2112245a981b670c6150797029c002a035cc8ad5da9055672e8

SHA512
cb3fe31f3c7564100e2c7cf3f3c0d9d737721160ec39198484d0e34362dad683d1cdbc86acfac125edb930992bfcf14cd429888b9f7987565306a1c749f03022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c775dafbbeaa25cac5763851ca6ac2f

SHA1
a987c84719fdbe2b9a1e0d89725f4822b7d539d8

SHA256
5a7c6e407df578baed91d9cd825736dfdfaa4a5704577f1c4f5dc3df7b2c43dc

SHA512
2e6610c61efe26ebc6a5c7883e9cb9c16a86eb537220afae0907f41bac1bb616b1c35c12bf09664e9d54e06e664b72196bd185b91e2a385867726cbb12c23581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
707847ce6b2362cd9177347b68916b5e

SHA1
2325b6e46e76a0b17eacd14fdccd59cd5e7afc94

SHA256
53ded0ad746617203eb2b3be1d4684627cfd3db752a54f71440934472cbe6491

SHA512
432e3fba2a422ad1f7710e725053490358adc581a2398227fdbb46d51287dafbc3801a518b1f41591990c85a18da9aafabf65754dc33a01554370ba01e007cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e8aaeeca513a031f014cdda963d9161

SHA1
5329cfb868b2c9a6c399a401e4ed25aa4f58f484

SHA256
58e4e0eb1f45bdfe2ae7c4cb828c059759bee3a0fa22dbd3803779d181f6e7c4

SHA512
c49f9cc0a1f2e4cc415f766c064af2c4cd5b86c948b01dab65cb28fe5cc9bcdea1f815780db4fe23f2a28951ce533b61bf0616ca055df697bcdddc4fb5cd82d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9a55aa2797ee48a543b020a8322db88f

SHA1
9ec85e2af9715bdc767842e14649ec67e8280a4d

SHA256
b463ad5c3e673c7783a9b35783ba943420d694ad99e8acbdfb230023cc6407fe

SHA512
319dd2d21e3ac144d0d8a9bdef536339f094c3a6caf19c3d7b59ac57e4b84bbe3e1b76ba8b4beb9654afe3c88b0cd7a36a4a54a76e2bfac2cbb36b0d32bbb2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58db28.TMP

Filesize
1KB

MD5
8c10f12a31abd64aa4789895933f2f24

SHA1
bd41d9caa0b5db95cc41bd65df4507d4741c4caa

SHA256
3ce2413a5f82374476bab797589fea63100ba13d2cd04cbe482ae015b87f2e37

SHA512
f52d3c2d19c68e1acdcce5b7ade8904b987c275f7f8c9892473d4f794575c9ba92ceb867b8996be0a15e0023421f84aa67a9fc2f77c0297d13d52c40e56eee4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
655eb3260b7936cb64c6f0c1b909b669

SHA1
c5b0e7f1375ca4109b06e8bb24968b45b9f6c67a

SHA256
ca3cf031820ff3788898d3fee5138bef1e72dc8dadd82ca19b25cca337659841

SHA512
df41b704bcf8c6548f09c635d0703c07e13b32aa28016bdd97e0728669ce419f0e5cc769527a85b94930bd0670d950ac4e91ff7b0e45c1b102c0de7f82cc273f

Download Submit