hxxps://www[.]dropbox[.]com/scl/fi/oc5vl3zzdqvlmf1bl81p6/wedding[.]mp4[.]rar?rlkey=gwgmj00in20xlnsafd6rs1hxh&dl=1

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2023 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/oc5vl3zzdqvlmf1bl81p6/wedding.mp4.rar?rlkey=gwgmj00in20xlnsafd6rs1hxh&dl=1

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
972	msedge.exe
972	msedge.exe
4352	identity_helper.exe
4352	identity_helper.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 2184	972	msedge.exe	80
PID 972 wrote to memory of 2184	972	msedge.exe	80
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 4456	972	msedge.exe	82
PID 972 wrote to memory of 2272	972	msedge.exe	81
PID 972 wrote to memory of 2272	972	msedge.exe	81
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83
PID 972 wrote to memory of 3976	972	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fi/oc5vl3zzdqvlmf1bl81p6/wedding.mp4.rar?rlkey=gwgmj00in20xlnsafd6rs1hxh&dl=1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8aa7b46f8,0x7ff8aa7b4708,0x7ff8aa7b4718
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14953009862296854226,18444092922644235421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
55b45240250b64f85a80617736ecb1d3

SHA1
772f13287360dff4582faf760f964b8bf038b7ff

SHA256
d3bf7cf4909c733e1023ccc0f3c21897559f8516be61a8c1825ae92eedbc2b93

SHA512
42f2ecdcf9ea9a640e5e49806c49d1a068a655a32d84bdd276b136b7f4693b1acfdd91d45fb703db9b818f5ff4f8eb76dac5dea4deb3ca6504665c7311b32c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
408B

MD5
04d9ef518b5d730937a70916268e9513

SHA1
cbeecb9ade7391cd3faafa81a9645189c11a6ce4

SHA256
60ec6795b0aacd4f5736afd664ebbb46f1c3e0cd8e968c29848846842f9c68a7

SHA512
0b79b55f2a3eb8f1c57ef101512854fcd94f57d3b39061b46605b869e1ef22901a29c80ea3f1390dca65972da0de9265e13144b4e753a4515d759826bdb6dfe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
705399df3f790b926ca9fed6cd19ec97

SHA1
b38ecf82319738ce56d6c8343a67e9c4c172ec5a

SHA256
9a15eaaa1f2c935a4659b84d9c41687775ce6b9d0261991fdd70c731fd9007de

SHA512
08e008fc9b7b7fa8a36683412975735ee196fa562784a779540765eeefe931bc4f0c1d7bb54278a0bcc3ccdf0e32965eb06f0f672ed8725c54daa89f3b37becd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a7667ec56d346d80aec2c775841011a

SHA1
6af0f2234b949a5624e803555844a28eb28720ed

SHA256
849caa64c88f106662e594ec2a5353102a96157e84eba8d1e6a6a60b9bd6fec0

SHA512
40adf5fe7fc2238f85981dfcb9659ce0935f6f5f277ad0699932fef570a75db6d15c1114dce5b7323d6c08ee60ebd76fffacd1c5534935a6963341d147aa2bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f41385b8814b82ee089a757c1c7d0b7c

SHA1
7ea81600cf402eea7dbb3e5a8d9d88d66d1c2cdd

SHA256
41e3ffc79add00511499e5880b7cd08bfd3acca8d9142c983469114455f6fcf7

SHA512
8a3c95268e5752a42756d3e26d336b0955489d30ee6c01fcc8c36785e2afa3033111926253455a5d086f8924132a3a61792a90bca195e7a558f256eb0eba2b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
716e1fd36c0af8a5aef635ec7e33f00d

SHA1
6d2e71ec5f571d7be1c1d6184c23f0a86bc2ef7f

SHA256
bd472a44cc387d67eca85c1e04e373f7f4acf292b2de1e107e359984d5bf4678

SHA512
83f8f68258290604f9f62761db6c1add4b979f6436d4c2603fc4b5f16d9b462df4ef17b80b21c52093b8aab676c846321d80e6a432eaab6aa6426f529bc76316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a1594252dcf14001430003363701bb78

SHA1
14f076933d2bfcfdfb7d8b9c5664202d1def3810

SHA256
b15aa091c7a7b17333919537e9a3c0d13bbbedfb617e6f47f6eb55057f173cd7

SHA512
f95d485ca26b67a92ca5fa7c543ec61ba26db10e805264efc6ee6f84b5864825a50252fe30ffd0929d736de4db0e52b0af412ef7e6c2f6af52d58fa3c12ffe25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3fad1012bb955911e9dc2d0aec69e60a

SHA1
d6fcb245a51a7316d0cdd23e6bafd61f61ea5f89

SHA256
ce9a641ca59e45c734c480e989e0c73f8a248df9fcf196e9d9708fbeb610a907

SHA512
eb01fb1acde084c569b4931e66fcd60dad03db61c62a94e59642f34a5784721365ccc67d8d00d4f2c4b0d1993d5d4332aa8be7e7b20ae3cf61d9d7e9a60d7798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
675e0aeb3fbf923758616fd9b4c4c679

SHA1
3a9830511c7c147b159d22cabf0060bc772edf62

SHA256
5096de75b2f74cde1086a242560bc530d0e6619a7d878362144eca88a9693516

SHA512
87566c6998d3be9bd4656e14c2e89034a551f99a5759c39953d255bcdff8f2b667fa749829e4c436fca1f146720a0ab360d6f9a32a77e68879cf93be4fac90a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
fa6259777fed98b3aa99ea2fe2ec5b4d

SHA1
673b3e205eea744fc9ee7a0e178ba7267738a329

SHA256
0305dc44d32ad13ee521572800d28068abe421f443c7c8399a1ebea7db2acb8d

SHA512
b6ed4abb9d253b2c86f6dc2b8b34217f0cc8161b66d2218c939df289b9dd09f724b9aa88fb1c06ff7b9e769fa9e1fd3eaa5040266641048092929305e7785acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a54cdfd48c128fbfb0f77422212a27cc

SHA1
2011f0172ddc6260a275401673afec71c0320abb

SHA256
359e95ffa1b8b18619162e0057da08964e80c90aebe63bf808a9eef1d36444d0

SHA512
86e9c1db9c8fb0f9876436e2f603ef532af18f84d63714691952560cd448a598e7544bb10dc2c33b42663e820d970654e8ec702ddee443e27638e2a723e377b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
9acc82c39935fd8c90c7dca47e160953

SHA1
10d5b3a73e795ad496bc4554a37f49b4c8672cb3

SHA256
d32a50c83b420f9289ab55dd01bab5b12b2717c9d8de7e8c4f8839eebb25647c

SHA512
a7f7f23d532581710d5f21c819585edfe35533d9b04d324bd32471f67dec34b4c9b6577f885d5890891a4c24bcdc72271bb8c56f37916799673aef0b70a80dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6b24c8bafa8ca395cb108bf89434b5b9

SHA1
0790c1b617fc0c5ebd5a240d9462eb28a33d5c0b

SHA256
efef547bfc3f1a3918546e5026a5f9b5f27c7b80615ece2c3ebdaaafed7f5b82

SHA512
22236b8551a11d9197c235a0324a5f4bf5d8300d9c3390d73cd219f40d3b754f6895d830e8f46a78791d417076fb25f553f6d5557f87957e6d4a26560176f3c4

Download Submit