hxxps://pixeldrain[.]com/u/QUsCSaSD

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pixeldrain.com/u/QUsCSaSD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
532	msedge.exe
532	msedge.exe
840	msedge.exe
840	msedge.exe
4012	identity_helper.exe
4012	identity_helper.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 640	840	msedge.exe	45
PID 840 wrote to memory of 640	840	msedge.exe	45
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 4972	840	msedge.exe	91
PID 840 wrote to memory of 532	840	msedge.exe	92
PID 840 wrote to memory of 532	840	msedge.exe	92
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93
PID 840 wrote to memory of 3268	840	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pixeldrain.com/u/QUsCSaSD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbce1d46f8,0x7ffbce1d4708,0x7ffbce1d4718
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,622697623969568359,2311648400842634432,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2ffc9e24-e830-41cb-89ce-8a0ad1d108b3.tmp

Filesize
204B

MD5
a1399508c5f3a40eb3e4be20655bd11f

SHA1
4e2404a9f0431595c0f1ca3029dee48f660033ce

SHA256
217f7601bd8f739a485b5c770383f88d36430c400b1f1e2e5f6c9a7ad2d98f73

SHA512
6450f8d1e490e2fd2c09ef327e3f406f03cbcab9f6524b1a2de58d4bddacbdbd1085cd6df2dd04c3fcfa8dc8b9c2a7291315687bb9186fc872f03fc0d3a86f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4a3f9f21a14dda1d2e2592e14300d716

SHA1
1813ee8f303b61cc96d31aacd466efbe8a46596b

SHA256
74ab4f6fc3130b469289719b1158ab61e930107fad12178a0826327f65efed41

SHA512
ef62b5f85bc235bd5680a913b216474a70349d317da8b6e4b053e11757404f7084be28791f9706aa0c5067af7abe7e29652c56833e9c05833641e94344538db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d409b53d017c32f56ab8fc21eb62080

SHA1
4441ca3b7d3288e52155a2c1d6db20d84c45d440

SHA256
a50e87318b39c2fd799b2b98a3333faadabbed70632a657465c9107f1e2fc708

SHA512
d1055a4ac093e674a567071717d8ff106f9061e12d1dd265973ddd8d710c1d2467530537d3daf0deebdad1de7de0c4b8bce18fad13c33527bb702a645340a810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b083f4a0f74b1dc8cd3c910702bb11c

SHA1
3dbc8fa9bd66d356fab6a613698e43e07a4e37b7

SHA256
bba4dac3efe2eb1b6102f36b701c5fca340a4fbcadb34c97b578bc2ed2c96550

SHA512
851fc7d907be1a93214f9f5be3ba0b7780be33dc968fdd38d6cf5d9582f2977ed1bebd183cc30d1fe374878ae5a5738cd036bafeb9ac3196a2dcfcf043ef8997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff6485bbfc738304f847d26c1201df56

SHA1
e844d81590b6a8c87dc1291172a7e9ab666a10a5

SHA256
06e16a3be77a62756b0fa068c76b1e0bb7364fe2f49ac6ab4180b1a1a7018901

SHA512
a32f11920123e8e4071d9bb25cdc06a46e33c36eb07caf4edfaabd821a4c26047b0d5f257e91c576aa77b969d2486cf4809b33310bfca0a05631db2c9c5e0e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7fee2268883681e215fa5318e7001e9f

SHA1
88cdad1ecdbfb0422dec55bc807d86bf0adbdc1c

SHA256
e71bd3c926133c3e242e0fd4ac526b1a45e79eaf5cac7fb556c837c8140b849f

SHA512
300f98fccea861b12aacb854103458de3e7a1aaed17335fcf9629f3b5baafa78cbfac24806d5670583259749e12339633a09ac01202b7f1d386d7c76885ffab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
f8686f8d4acbc525531e8d891f520674

SHA1
096165c45c476a6f13f0be189d7a9481a2b9d0fd

SHA256
e41225d9ecbf447a7b772b4366b11de278219a509580117d98eff09cd87d9958

SHA512
a94a37be96a87f550846df20a5eb97d807386f56cf206c49a56ec480863ef0e33ce0a4d58e49571a9cc333d1b171ad5c33cabb008636331bc3a941c44be0c6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
bc6bf8d9cc08ea1f3060ff01a4d8be61

SHA1
e0817dda45824b609ab73386097da00664d737b7

SHA256
2995e4c77a38a9afef0bd18a9852f345e08e3af855e04e90e4f506a21787aea3

SHA512
9bd5d3e3620c276f3e24c28e42c5438f3f27342c10a1a6db4ba0751a9b56439c5dd6fd3d73b007e19e74b3fa721b2ecf6d641b9a99c87ad2b30eab6db0890da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
0792a17b7308e214cc4c992336e36a1b

SHA1
b52ab59d35d98ffe614e9f673c85b303643a16d1

SHA256
c97f10f7ddfe0fa8269193e686070763d174ff4539d08869f074ab91dbbf3479

SHA512
299690e0ce85b400e422d9e1bbbd0525b49af14015f8578a4b3f28ead2b8113544f88a6e75c334be7f82723f74a93773c51982197cd3753bee46837c76d801ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
2a217634ae8bbc5139e61d0b9d4c6549

SHA1
fb299995bd2ad5aec0d1d25bea7eff3d18a5766b

SHA256
7de1e55890e4374bf3179201fb3522ed1630ce0b71f42c8e5030675ba285ee10

SHA512
9c797caa153aa6509a9a561c5331ceb918e9a738712355b6a070f2e9bada773375a741c982411de45030ce516c90908dd06b56686d9acb641cecd91d9f885fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
a181f18244e5558b5177423900a6c97f

SHA1
711d84940e054924acb849c9000c3d0ec6b8101c

SHA256
0e142c7a97cd4aa6a3eef1f5316a3a34f4ef7d6fd10ddfb020e9b365e99b019d

SHA512
c576138070a2f10f29ea55ecb40aeb2a74d3642d08ba18c89b0c9a450e6c0abe2853e061d0c6d8b94792c3dc4d057732aa2ffa6674d08a24af13671936e2acf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57882b.TMP

Filesize
202B

MD5
7e6f081093144984d9fa58ceeac4f224

SHA1
0f03594f109649521a5eca1c6b5e089ceb967d22

SHA256
f9f4c3ce97f5e3e74484bcd9aba18129d7885caa330ae91c3777c7585f4876d5

SHA512
0ecb8a210257856ba750b7fba958b0a7490069c893cbbc6de71b3bd7482ba58a014da61b33f9acf29920867666f8d3bf37eb0e7e29543b0356829587488cd25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e9f0550834944eec286ba46de9d6931f

SHA1
77e1c0ac189f0e91967abb6cf5ff4b4bd19d6457

SHA256
71ef16d57cfc9f8965ab14cc9a2483fcab601e20b94f9a62d2e09f120988f436

SHA512
d2204c43558677a4903b3e6707e4ffc8010739105edacdc8932142eca175753a976a1a73afcf36cc79c30fc965bdd36700309ad85c0e5e62e9d55b64d3c286ca

Download Submit