hxxps://drive[.]google[.]com/drive/folders/1407LSBqKn1THmbja5IRpYiscJ7ZfESCs

Analysis

max time kernel
887s
max time network
889s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22-01-2025 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1407LSBqKn1THmbja5IRpYiscJ7ZfESCs

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
7	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
3068	msedge.exe
3068	msedge.exe
3376	msedge.exe
3376	msedge.exe
4700	identity_helper.exe
4700	identity_helper.exe
5848	msedge.exe
5848	msedge.exe
5848	msedge.exe
5848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 6092	3068	msedge.exe	77
PID 3068 wrote to memory of 6092	3068	msedge.exe	77
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1460	3068	msedge.exe	78
PID 3068 wrote to memory of 1576	3068	msedge.exe	79
PID 3068 wrote to memory of 1576	3068	msedge.exe	79
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80
PID 3068 wrote to memory of 6112	3068	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1407LSBqKn1THmbja5IRpYiscJ7ZfESCs
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff900633cb8,0x7ff900633cc8,0x7ff900633cd8
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,4855487710931456307,3844563174701842007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
24KB

MD5
2b77b2c0394bfd2a458452006e617f96

SHA1
11eff89a8e3e64401818f81a02bdc84e8ecc4325

SHA256
c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f

SHA512
21dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dd7c411c2a41d18d83351e6f95af9be3

SHA1
d11e09d326b1751db351adba567cd91274cb7a07

SHA256
af13504df14b51b19be492818f87f8bf821417f9624f53adae9a00ecd5da847a

SHA512
b00dfa1d08777a69cc96277833ad1df74a033a5ff21d05b014d4b9894033e454ee1a774ca623eb6df4e5bc1d4a9e3d0dd199b362f7e697719f75903d18c4b208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
38aec42942066f6453972d40d5f3eec9

SHA1
2be6dfc8d57bfaa44fbde9616ba768738e320e2e

SHA256
6ba57e4a5307024c9d18e500a8b9e8da01237295d2dad311508a98d6f7087d80

SHA512
950bab5216cc3ed6ec9785c1610c69e8e1ba546dede7d2df4180bbc7f8e3df54a7f7326c9e6ab84178f068e541e205611ef12c00376326dc596e16c90658de12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f43c1b23a3bbc18bbcc17d68423afb1e

SHA1
ed70a4062c3950d0b48d668ae091c5f6fef8b1ba

SHA256
29bdd3c96d659a1e2e87e199c0b6e739cb4392073c8b6da851975eaa9a44ed74

SHA512
bbe897a8aa4e779aee42482491306ca45eb002668596da7efc60d7fad5f7ce32598a94b511bf54e74771974385f514eef49757ac98bfb8730c1ca791abfcdf64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
085fd5ecb0382f40f62d707a22194048

SHA1
0a7951f7dfa66d0362619c90280d9db32b2575da

SHA256
78ca99e831f5f07934cf022d688c00074b8c0f606e92c6a72811ef34a667f51f

SHA512
78eab03e0a9780d08847c70cb00219d52baf96f45e9c631be3cd3c12896f76c7c9dbd564612f3e17d82f36f9869734ace95aa40fb9f3d21b92fb2844d38c3be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9b59c6e6f9c2633c4502ac1da43d0375

SHA1
e2fdf657662a9524c0f3f7cdd6e2d2ea1e2ab271

SHA256
773aed6d18799c20b5e32462a660e52997c6f2f23ecdee5c198452946b255e31

SHA512
fe7a8ea99a84ec12b1919e75dda97bd265f93b793c51885717de03b199c40848858ed927dfb8fc532c684da42f0094621f8c37703f3d9184083159aaca5655a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7378ae0b4bdac6b259e68310ac14b37a

SHA1
2a65a546e4812c407491e087a042abda171d55a1

SHA256
2eea4eb06b89ab607378834f86a304f0f7988a51f6976dde9a5a2f44b72357f0

SHA512
0dc1cb2d01f306d51565fdddb5bcc875324a5f6bf7a2cead0bc28d71252349ccd211240413f938a910d2c0bb2ae395d0b769ece3722c00ddfa437e9b2c913aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
760dabd0b740806501dc479be62b6f55

SHA1
907b97f72c16b0f8ea61f18db31d1506d643c055

SHA256
7aacd4601e44e1fa10db858d3002267c4112aac4f23397cbddcd6ca58c37b063

SHA512
8859e6179391febe4047e0cd5bf72d60c6984cd4460102dd70cc4a2aed1448065ceab867a260b5bdb739e35f22957ced695f7b18ede9d9a0a6cb3eb56bdd2104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2ccd48652d8e36275adc91b3134da9e

SHA1
94d4cbc8683e89e1644cbfd9d343051e41dfd5ac

SHA256
b4c9e9dcbade4111f8c08ef45f9f244639ee49d15ae0ea64b64c91eaa04be3e8

SHA512
e325a87ee7ec92bb4063fcc120d3da86fe32d1b31d59197692230e192d25804bff828010c7f458554f75b6f49fcd3d0d9a92779d4b1187a9f0f2fea51ad49de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84a816246bf004599dea430b8b1fe1e5

SHA1
06bb3990f10f21352ef1cf0d4a1f26d11c07f066

SHA256
823a772e58771a71795e96d6d8704d5ee9f6d8ac4bdf4c3bc9970b25410f8892

SHA512
41846c53dee2e1ff828aae80735cdad882be7ca843012bc4944c78599fb9f05e83605f17711902e5e38f502ea6217197d7f63047c555929138903a6446323523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
045ebba1c734d8df601f2e26dfec85e1

SHA1
0df8fcacacd80f280291058cd43d13466c16b8db

SHA256
05a0a93a030268378c314f1ac55afa8e39227360573e99c185a870a392b61284

SHA512
a86f616df1110ef7d53b9ed4488f72a18d2866784e35fc744f657f8a7eb0946f09fc23a654eafa7121b9ef9716276728cfc7cd7cf81dd5059e17a35fb3bd541e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e14999bfd537b4cd0353926d405ed938

SHA1
35b388349bddd72006256b7d8d74c41e43493f1f

SHA256
6a96681e40892e72bc12e8b1beebfdab4a5015be074bc20505ee02535ac77378

SHA512
419422d3010cda86c754be04921712103b5c2419b3e05e2bf862359394355df57a3cecd670ead45fdc947aa0144b514bf1898edc0dd99d06d3f0c1a6b5055282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fdd8.TMP

Filesize
1KB

MD5
a9cc8e20085adfa4dfc08aa41a802511

SHA1
8c8271b2895577da98f1b9c8cfc66e3f5c467a08

SHA256
2cf081da02ca683658c731b990dcc9fa67920a8d254acfcf5efaf7f45781c29b

SHA512
0bb3ec17bfea2d27dcde4ccc13e3decda37787c2ffa125a68e5924c59db41d3427f1c1bc45a77b32d60ed9c897b8095319211819877408bdd38704e11421cc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2d73391f2a00a553be7908e446bfd05a

SHA1
070b3ab862d92ccbac24d8a570329ce8893950d6

SHA256
a9905a5a3ac2b840b70a87afd47e10aff5f8874ddaf9688cf5b18854f79fd2f7

SHA512
cc5948cbedc9865feae2c8b52d73a78e6e4676f8f792a357a62240e4c1edfb75c4a3d87e355e037763a5ea6547286887194021e3d5497dfb3a951befe3c09aa6

Download Submit