hxxps://drive[.]google[.]com/drive/folders/140tdTQWlR32vaIn4exsRDKGFD7lKwbQa

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2025 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/140tdTQWlR32vaIn4exsRDKGFD7lKwbQa

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3724	msedge.exe
3724	msedge.exe
3476	msedge.exe
3476	msedge.exe
3092	identity_helper.exe
3092	identity_helper.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 2592	3476	msedge.exe	83
PID 3476 wrote to memory of 2592	3476	msedge.exe	83
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3724	3476	msedge.exe	85
PID 3476 wrote to memory of 3724	3476	msedge.exe	85
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86
PID 3476 wrote to memory of 3540	3476	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/140tdTQWlR32vaIn4exsRDKGFD7lKwbQa
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4bdc46f8,0x7ffa4bdc4708,0x7ffa4bdc4718
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,17620758193205181662,13722828825516046001,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
796941714bd9cad9b3dbd35523fa4e45

SHA1
c8a45220e38a1d3eadc4891ef49bade8581722bd

SHA256
0b3907c2ab433c504d1ec76fb1afcb768be8b7df3c8162eb32aaebae904e8189

SHA512
2182aa29168e41627a899fe47975acec9f7c4ec7840c8827699311d9eeeddb125e39f4279c7ad509caf8573491ea23b5c23d412e884e2689070b535447f5fde1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4d1ef92b7ee05a31ba2717bb1588d5be

SHA1
eaead8ec0f25430161ec8ec5dd52bc7e9b0853d9

SHA256
7bdec3df19b4c9829ed495a0172602089f96f057b93ba830878a5971055aba53

SHA512
e38370b1b21c0ac6daaa09e8ed94f5415ccd479eb680f150b263398472920cfda300f5ad1d0a68ad7d7ea4474ee579c3aff0a77966798b268ceb5fd81349471e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a1404d1200f978bbde50ca7c055c700

SHA1
675c2454b6c5d3b39268199440255cadb121ca22

SHA256
013be0e192106ddcaa05f9e98b81ba4f77aa95e998547f6481bf760c34332e7f

SHA512
af0c09b4b04ac7589b75591e87d45d7380674663a09bbbfaea9819bfe16905f046ce6c2ef6f96de899d12dd29c2bfc117cd02ff5f5194d43459b17f49c2d42ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9faeedc6c610ad3d788e42c16bcb124a

SHA1
6073fb7664a7c7298f6c697bc135a4547ed0c4a8

SHA256
551290644c6f43a1ced8aa00f3d09ea379c355c98cc923cd70c32d1f1e876609

SHA512
4d0e7c32a734309841075e91146d8a42873964640d685644d4a80d74ccf8043be7dad79db066e5b7e3dc4ad151ffc5c659eeae413734e1a1b8a5136306e75383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
856253d11a2eef90c19a9a5731eb504d

SHA1
ab4929ca14d183f1c5f6ffac8b46bbe1ea366ea6

SHA256
ca4e5385db351e47a9e7d36149aac090c32738034aaaf65e8a072d888db2fa19

SHA512
ac23a8f857770162977104444de601569a344e0d4278cf234cfde874b15dedb297e070bad035bf6fedddfc9600fa3daf9777d0ab1d2d2d424ccfc5fd7f7f6d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8422a46e7d1f5c2337b4cb0f70a96a6f

SHA1
27d28d64625c380d2f1a12000531d3a15f862238

SHA256
47bb5764dc14e8a418f472f8ff07804674358f8bace6be0efdac24233d036181

SHA512
81bbfcb680e2fc7d23896b66225f291cebddb3531242dec63fb935833f6aa0951a0d7263207120f416568fbef75ab252de349c2a601346c2583b84dcc76ed711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64b29c7d312c72c89f1e80cf91d154ab

SHA1
2eaf2d98ef63f96bbc2715b3ae556679c35d63d7

SHA256
b9e4d98c90e1a54c1c1fb8f85d7ec67dbe8145d3ff80a15adc7365fb47cf13f8

SHA512
7c05edbbc8bf6538c3473289a5d37b15c6ee7703feff9910164f067b622ce6cfc4dd936abceedcf7548c930292ac113d1f2e2e4e7fdfc0af1436e4333d7c597b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7a7ad0252b0095ed65158db36ae4b96

SHA1
972369859c2f959fafcdaf1284e5c1f09310d032

SHA256
0e1d5e12698e712e7de178c40a32197c3390eea2d726a839c7b361e66e05eca2

SHA512
57272129f311ffe226c4e90f187f47c17c08cc6e72e6d9bed2f33a3164717d4a72d981bf6937481689fd839b6eb669f89c16d1afe95b29a6e31ac87b0d432f9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0fd9bb3d4caa241ee2dac9a66109298

SHA1
1e0bd286dcb5b903f5561d20f7f10abe4aafbe0c

SHA256
4b068dd5af695a023cd6c43ec980a95140616e4f17ff22f8555e91ff919ce497

SHA512
fa985505ad0414d8b60d228acf27a6a2529f0df4dae4362c070051bc5f18b823d8392bbb38f2a6a262c9f9830eee6868b6b2ec8635bebf73061c17459cfc35e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e92601a7f0b627878b5022827adec3c

SHA1
6aa8ea05e32630b8413b4b97a8480049d89f7ca8

SHA256
7bc9baf0018c6b7e0955c3d552aa598da577d336ce678a1846917f69ab1e1ee8

SHA512
6b4223a067ded7052321fa4b2af3430793058222548c963d40cb28e3926b723e1dca3776e33130f912de0f2c6fe2177b7ef921dc21792cc41cfee2c131e386ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3403f3f4c38fde14d7772156eea6f0d7

SHA1
7fc47d3d2b9140adc78aa1d16b07ddd76723fbae

SHA256
7c786e05732ea939950413d85c7e053a3c08941c37ebb301e3438434be3168ed

SHA512
8c67c05d4d5548ad6b1b0e21fa2ebbad349371b6b5a7dbaea3db75b0f69674110fc8f621a8a42efec5e75e59e447116d1ef9de58489cd214a6d30db10b0fcd69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e21f137170c535fe86bd0944f2def479

SHA1
cfc6c936b79e8851bf164e64546730c1827cfb95

SHA256
a1e76bcd7c2c4cda373de182afadfac5b11cdbb446e95af9505bcb7e40fee412

SHA512
785ecd07b7fc2283cee167c18780ef2715fb4a32f4429a2abd564c48dd86be25b24d800ab0a86a80a805d8f85e730f872139aa9d707d322a2606a55c9c590a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3bee8cb421e0b0722bbe614526f06d82

SHA1
68fe5b7ee4746813e79147d0f68cb47771a1b19d

SHA256
01d21c29e19b6ce53eb454e9fc04af23549f63793bf0ab466a547fdc26a6015d

SHA512
5f3f8d99f3e92f62b0c86fa91d2d68b073f3218ae8c88a22dfcb8ea5c9d966abd8cb4c191fd13cf9fc503c17916f4536a5174849a59a79b054b927ed48e14252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71e582f61b1d2545d9ad74fc191b423b

SHA1
75f94d844fdc9d8467322d66e9f98e49f3f8f773

SHA256
fc35c4cde91e0ead7ffc28963032169d94b07900857ccde5034a9634120cc760

SHA512
c77ecd8e669efa72ddc40634ddd2f5ee4df0730266edff6add9771eed1bfa3df3dea3375f5981d5c17fdd714519bbb8009f01f0ccb7fc179b118a902b7a8bcb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b35979756f8dd43da464eced8e13fbb8

SHA1
429851e3c58e6bca004241a9bdcdb5f794997c90

SHA256
04cc02554c37d4aacbe346485d53f7615c139780419a118b92e4efffa0e2df5f

SHA512
4ae8697917fa52f27621d73cef7d04926f27a3f62b1e496358a7874c1389469554173d18bfc7361d84922dba5a79201d01e4eb79cc5bdf857d40bc6c374903bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5e6fd70924c80ed03ea3d3cf521b2e9c

SHA1
1b74cfc0cd37eac3a960d456e97a4c0e441fd4c2

SHA256
59a6bf12c5867eb9f520ee5ffb7c3cdfd370156aec5c55d505d8b198262e7d42

SHA512
17d12d62a8d925972ca9c1f694f4be29d4655300fc0bd60502b549d9105b955c03afda143b0c150975e820f761e1e215d394505960f835514f8ac3196cfa86b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea4dfeef701cfbade3a11e493adf3064

SHA1
1108c951e2b7f53ef95099b110670e8ddddf8d58

SHA256
ace9509f8c9b4b626b5db120e13c74ff96b0808b750e2114fd238440046b68e6

SHA512
4921daf73cbd96ae2681645509534c0a7daee50aa6ad9fa642db531998b1a8d5562ff69868118ed6993ae59fca986c10f7564dfafc28cbf89db8e758ef77c509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
128e733db0fc2e2b36e065f7b456a079

SHA1
ead3077898dbc464bbe516d5d419dbadbc342e11

SHA256
cc5eb4c683b2b4ca502f57cbbe895ffed4aa9bbf45923fd21d47facaba26bbc9

SHA512
7a7c9ca04f1afe22f672488e1147b803e0a616c0ad387e1e74efadc9f802278ede1cdd12e7b985cfba3e8233369fdc52ab3f1c5cf7524a3cb9997ec50844e7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d30275d91a85c1f23462ff917f02305

SHA1
5ce832912f6940895612c9cf85939377e0d2febb

SHA256
71a33c52e2365da4f24300844fa0feec1e19582b0af329cb4684cb128abccad6

SHA512
3388b10b4c1905dedb65266af45fd1abee11b639ffb48f827c72890b982157671b2c45069e6ee7803b20a541a82ad6ee9eede5b9b0da1010c4d1a618a3980b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f935.TMP

Filesize
1KB

MD5
45478a1ce846b53d1743a62799fae6fd

SHA1
b89515ef5cc5607b4989266a37ef6c8bf602026b

SHA256
370ee74bc78ea74326f7e42a35cb216cc87ffd1593f9962c1ff6c2f7413220ef

SHA512
ae67ab5578c04d852cb93baaf9cd8e29b476b3eda3e871c2d7e1486a839d6aba593db1a2ba3f077d7878ac1eacdb3af5ccf14f405e1e5d73d1d94ecdcaa28f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a013ce1e63f353e4e3f2f34a0039c671

SHA1
85edf620872684454b7382996fdfe018039315c3

SHA256
2d90dd47bc97d9fb05fdd252444a9fc5ad0b8bd0a13a936928c0dfa1aa62fdfe

SHA512
9474bba97c6d5715b99670fa924de4b1c3698e320b97cb1d9c8b7fe09d612a384b5f36ce344d9df1630f2a116eff38b5806ef4e75cfb55359bb8ba40b7645900

Download Submit