hxxps://drive[.]google[.]com/drive/folders/13MtqH842HfaviwoeATHQo4_KEPy1fhuy

Analysis

max time kernel
146s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-01-2025 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/13MtqH842HfaviwoeATHQo4_KEPy1fhuy

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5444	msedge.exe
5444	msedge.exe
3844	msedge.exe
3844	msedge.exe
1640	msedge.exe
1640	msedge.exe
3656	identity_helper.exe
3656	identity_helper.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4064	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 6048	3844	msedge.exe	77
PID 3844 wrote to memory of 6048	3844	msedge.exe	77
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 4952	3844	msedge.exe	78
PID 3844 wrote to memory of 5444	3844	msedge.exe	79
PID 3844 wrote to memory of 5444	3844	msedge.exe	79
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80
PID 3844 wrote to memory of 4348	3844	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/13MtqH842HfaviwoeATHQo4_KEPy1fhuy
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff924a13cb8,0x7ff924a13cc8,0x7ff924a13cd8
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,17397744212236555610,6017306513630021083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
98038f132a41d36fbac6af0eaf9865a5

SHA1
bf783304e0b8cd1d1bf6b925b4213253014901e7

SHA256
3202e04f24f470e3d16b2ef1204d54d4c0da13dea95af6d341caa346245fc9bf

SHA512
da627228f746490121e22b6d703e343e0873f4ef66b6b6bca6dec5a4350a5a04b07629508342d0d9accac95959af2716ee957b6a667722b94e893071807d7d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c7a30bdad413c8f681778e9a1a483c46

SHA1
2ca1c5e738dbc80c45c491a52053b8bdf80ecfaa

SHA256
73854e6ca9b1edeb1ddcb9c2d3032bbc5959b1de3dd5b88c35e9974d4fb1d90d

SHA512
e1493e902747c0ad6c140cc2f05eee47f16d86c044915cb0e9c5a61bc5d6f9e6fe51defadf34c6de55dc074dd24afda24418eadf323b1aa62d8bfe18cd487adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
30b8a8386840f303acee84abc5b948a2

SHA1
97cdd31bc7766f6be1450e4877067151c9e11bc9

SHA256
1b1675f8e729b5bd9956566a83c4a3cf2d86cb7d5b27a938a9eacd5a5871f8fd

SHA512
7b290c126f289ad0faf7b93e17a76f9fe641a905dd625dd9b243c1a1dd92e9b3297cc91812db1568af0d7c22405b08cbdacb9785afd7b1e7d8c7242cbd48c204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d298f7c30487c45f02b8dffc8f21744

SHA1
991a064bf53a5fdb2da27bc13ec6368fff1d531c

SHA256
8a46ba9a241799ee7228817a0f6078f89043246d9245aaff7feb107fbd459ede

SHA512
91c89c28ea3ecd537a1b68f5e8a6f310854b72f75345074f33485c408d7fa556d36c64c32ab20bdd6f89853f485139a6c013e8a4108f5fbe2a1042982ea91248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d471ec437aa0180831063d07f2b4382

SHA1
facf7507fd46196a517e0de09b7614b386b27309

SHA256
79ade2b4f0e1b35352dcc82916b1aafea03770b995480df9787c324b7cd26dab

SHA512
bcdbc76d5c80ae29a2e0dbda060d1e1440d2707e02c2fe654753faeb34421034e5cb9fc41a0aee4d35228811d904de66a7fa7bc650932992478c20ac7fd128a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
327125bf7a0741c159c23ecd35a835c0

SHA1
ec4b362858603fce5d001a229c65e98e93048c27

SHA256
5ef5be5f981c950dbf367e45b34091c4c8bcb6f909e95e172575ead6b4c6b895

SHA512
0af6fb35f78b6e9739b7f44ddf6a2ecd4d1d21233eee36228e768c9b262c5294622e0318105950a768778965afbaadffe8bd8187d4792f11ffb080fc6b4bd0f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97cf61d577c808f2e4c36aa73c011d7a

SHA1
0c5533a7ce352c16d9a7bbc68845ca91f26d8667

SHA256
4cc50f37d3e77b3c48dd2837d374111ec02f1a45aded5891bdd5db6af069c288

SHA512
159a8a2342204a7fc4a46e8b0cc29d2afae403e4e7bad35665b68caa950b76e04d2dadf743f11ce63b966008253414bf1e48f85ff6d87b706578f80679146e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6c83142e8a072f6fb5968fec746b2e1

SHA1
3af253a4b068e16cd68998ddf22e816b137b04bb

SHA256
841b9794949c616abe08c3e1bed54de7a1e6041e1356673c4dd4fc4873ad48fd

SHA512
9c4eeb5daedc82c9f30d9d1a497a2d7f2198a553b3df6ce99baf9abc1b88e629b6909168c8294faaf544db7155e6fb0ca76ec40aa9b4ba9df09899665ea151aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0760f66c3548554d6458368863ef7286

SHA1
58b43b5c271d68abcdf99743ab711b3be42f5872

SHA256
0a28de0199341a1b75cf5fef7acfd227fdbe52a7804793b1bcecc8b1b073bba5

SHA512
1f566b7c68b03bdc1c52c5d1b7d03ea1789f967cd2f539fcccb2330542a3d6116fb525333735a0f4d354069c8a27f9c5fd5d2e42c9e2b320f7191cdc9a71aeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b63006b160fde07a1538e1a2dacd4ca

SHA1
de61fd4a3df762db51db7df4d7f6b683d1d18964

SHA256
78615e20097c159ada633c58fd1b51d822a68a91bdbc9e2d8198d04331508097

SHA512
db0c9095836a567e0f681c3a0c773c885337abde36362c0c939740baa2ea503cf13896a9bb963ce107030d2c6ec66d92bdebba37fa574d55f2ed0626d95b03f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d8f1a2ed80297a082de105c667376bc

SHA1
58e6c1c2f1fcd91a09e3ecb2e1282dc10f6f396b

SHA256
acd8e8fd8e15025335a6791fff31d56470dbd3bafe47fda4c8bf0d5cef51f2aa

SHA512
d0c37379df9ea704db804c12fe46ff98fb7e050eb962765e7151a3b0f7f7fa3f0ece2beb6a9b3d7d99d5d7e5d2e69d467811020db4cbeead54900482ef4f02eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
198fcf33d367d2edf968f7ed16104c11

SHA1
6becbefb446f1e55c79bf817fd624dd089363264

SHA256
aa779d84d00518d875ff36dec7fa6e9080eb9f6b2883daa45c86b5339a3fe2d2

SHA512
cf6f48ca290ebb2df1acb162a7cdde6abceecbb977d04f9d6493ca2b135a29fc65a6b812f658516a771ca14318f1c6d9ce48e052e5d66e7bd357ec858c6be5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
94f70ee769ebb54b7a630c6087298aaa

SHA1
f6c35caa0892ec7196c87eb65a2c4dce43d46a66

SHA256
f58660727c85eb578b5fc8b7443245c3df8e3f9ee2aede261a5f07aa3ed823c0

SHA512
9f950e5e90c19a1eb712dbaa0930f57ccb9e6291ab9d21eca4bec0b2a4fb3f366579ea0499528e6472714f06de37ecd1d97765e3824c650001500c000648d655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
816b3b6b943004469495e0749afeffd8

SHA1
a53d7bab9812ae769a6086fdaa9de38fa60cf170

SHA256
5d03cd10d2494c56c6ba6097b3dbcc7b16a7b742b165d59fe6afd212727bf236

SHA512
053c62a93fd3ea0caa9a248921e6ac4301a86bb1c45cf43207d507a633d1f9a90f862c84864eceb5e056436a60bc08d15d5562a13d823c6c654272f1e791de71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42b0bb5bffcf9c44cc420650bb87a57c

SHA1
00e128f4d377b32cf6dceaf31e0084fe2ca52a6e

SHA256
6a9c3211f52a2d8ef0be1710a9ba9cfeef9b78262daedb91df47c0a6d4cd1ab3

SHA512
bc8fd5449c0dcdf989ba701e1b5235025fc72dfc29e7075a540226343b98528d9800cacc74b8efba805144fd0fdfe582c2af901e26c8ea0fdffa1d74e714209d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80a7b60bf358d37ac512b09f56806810

SHA1
00ec3a8ae1dfb2e15e1f7ce3258757319d779640

SHA256
d077c20946a0437b9cd18120cf26e2892a20c228f53f23d96566d26d6850e81d

SHA512
948d2ab4792a4d169eeb7719e5a9d7c4a276c391ae9c240687ef6e64521b284a972a1a8342bc5567e68e00eba65ed83e88252357531c05760c144ca42cdbc89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
040d96785f6c8da3ecca7e554db48565

SHA1
e9cce96cb02cc641c4315cd42fe30e410f111ec8

SHA256
89b5704c8237fede3a5f9e0b2542c758148c38d841a36ce69b6b815d42edbe19

SHA512
8cbfeac70b75f39ab5ad2c6db45cb41b637e2fdebdd4ec93018ee3b7b3f70ca64d985cc562bf24677fabf7e8c9f109034db4a7adf069cabc31f7438dc3af5461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580366.TMP

Filesize
1KB

MD5
38bacea7567865ea904a7ade4bd4f9c3

SHA1
43c896e5fefeedfea25411fdcc4c6927fe0dd4c8

SHA256
6a5b09e72d0c18ab62eee841facc3f9b7de17ef672e745a03b9a5a4caed86d08

SHA512
87166e09fd0f601294b78a59812c6f37d3f25b1bae4ca9c1f9b7fa4c5936a7c8bb7aab6a0d1826f1f0c87836dcd8bcdd8716aa3c101ce86d3781031f720c26d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b5e356497dae570ebe5680ae3fa10d6

SHA1
ecf3b16466a5855b7e956b698645b3d532f9b4f0

SHA256
5169a4df9e9fa69b434b0ba69159cba4dd619fd7034828a0539d5040b0073234

SHA512
22393c481dbb293c2b18a63e70a2625a6e7ef82379403934787db4f95bdadd18214aaa9b4525b3299a9dc965cf310f0e108b17cc4c3466dfd40af45d65d46b9e

Download Submit