hxxps://drive[.]filen[.]io/d/c5ce9df1-757e-4c04-bded-530f94e23a89#zqmj0xCKjaa2OJYW12GRIwqRLp0dMBND

Analysis

max time kernel
1800s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.filen.io/d/c5ce9df1-757e-4c04-bded-530f94e23a89#zqmj0xCKjaa2OJYW12GRIwqRLp0dMBND

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
2580	msedge.exe
2580	msedge.exe
1628	identity_helper.exe
1628	identity_helper.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 972	2580	msedge.exe	82
PID 2580 wrote to memory of 972	2580	msedge.exe	82
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 4836	2580	msedge.exe	83
PID 2580 wrote to memory of 808	2580	msedge.exe	84
PID 2580 wrote to memory of 808	2580	msedge.exe	84
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85
PID 2580 wrote to memory of 2216	2580	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.filen.io/d/c5ce9df1-757e-4c04-bded-530f94e23a89#zqmj0xCKjaa2OJYW12GRIwqRLp0dMBND
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17851904444034266996,6409898377139756838,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
dfc411ad8e6ae821dc3c74325fe25c48

SHA1
56f602fbf1e31ef107049ff1aee91de89fb3f1c3

SHA256
fff10d84204d16fef3a5c7318a3da3e72b45f760d86a5de48b5a16c8784c34ad

SHA512
e09d740ea583214514a460e8b6321efcc1ef20e0280e3ac5b590c47a825bf8d96056ef94fbcecdcfedc4e7d8e681df5034586271823c5ca834b9a2589a3189a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_drive.filen.io_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2bb2eb6193de37caf1f25011ebeb2099

SHA1
2d0038456495983188aa55295012464029109118

SHA256
a7484c02bff5773579a7a44a39b1aa3981c7ed7782aa16955551ef1294009247

SHA512
64816bce6cc857ad00729bfae5c99a1f189cc413df71fdf94471d6d6ab0b0e323dcf7df58da1628bcda7bd33059b62447b6bb6f19fcacefbffde681db516377a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46a10e061c3cea2d4f99716305894784

SHA1
e131f43e9c8b0b79c3f16363364bd3d9089b22d4

SHA256
8f1d776db78032f53d737b34768acbbc68f6fd33d6f4018e9f06ba8776220f20

SHA512
7585505e6b1bacc1752cb54d3fa30df0e390d6dd21b700b297640dbdefe9f17fbfa6cbfbda5cb79306a5b8774ae6ce5dd6122a944a63aee81f59f3dc596529a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
6KB

MD5
b3c61dd576dfcbb7acf3138b82bf1d55

SHA1
fe86fe2b40bc5e14b46eaf2385d8e13b2f8d1f31

SHA256
3badf967beb1c15af93c40b15196e4165536fefa9bc2a1755a56ee4f2167dab0

SHA512
14cd56535de78a5f6d16f36f0a1621f985fc3d42fa1d309bb195a2feca0d6c435d26c538bda72e9a17d8ef67f9a31495ae35dcfd5d9e037671cb1e9521607fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
3KB

MD5
99e9669c2b4fd3c5f4470c8cdca6fc3e

SHA1
646279b52e5acb262c97fa49fbaafa458c5d9a5f

SHA256
bcd94bc7739225dfd51b35577e7a7d72bd8adb16019edbc973ee0722c3d4a3e6

SHA512
b4e8292048ebd287697fb55e38c358874cbf36b941ef9fcc06b69ab13aba13d5e37ccb256bbb5452211b087da875c4274be88321e61016bb535395dc6dc97506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0b9d903de22f1f7d09f67a8a04a9cc10

SHA1
6e61b5aa279907c6dca6e130ee67a7ebe266cb16

SHA256
5365a8aad25fb7a48d196580aee09d1d7c15011006484e9614a049cb3eccfbe8

SHA512
01b2f551935691f389ca27f1d391fd0f5412da31cea34f8c218006b470803c60534274a8e23c8deb4aad434a47843ada673b6e001a84330a3ca9dafde39b88f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ac0f.TMP

Filesize
48B

MD5
7ee3c9e695d7ccf5ca3b28e7f2e13fae

SHA1
dd27383e7a3d195531a0d544d3c1182b7e3bcd63

SHA256
21e87264938ac5711e905829fb48444260d449e11298b4981e8a8d026f7fbda1

SHA512
8bca2141a62f17baac9d757103881310852fa59be4103b58ce22ed6a01905bddd84dec47ec08b063279068f2b3c8c954acdbf05c64bf1443f17778e1f4b6d3c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
96a592e2a756a780e1aa16ad13466df5

SHA1
ba336d18d4e01e1ed9a897ce0560eba121b6c99c

SHA256
e84fde95c07e2f8400099a0a583c3552535f8397bca4dabf94d71e2a297223a6

SHA512
7527975096a1d0f47a43d6079514542fa857236f1d3b46eb192a5e2b845d1f54dd97d287ed4f6353b4374d0511aeb824b524e690e286dd2aa71ac12a59f22730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
6a8c922b9884c02c28c136a192eac965

SHA1
8d222b67faff5b35347c303aa7e9b35ece92966c

SHA256
bb4ef420fb8464021ad2358b6eb1333a8d6697ed88443200bc41ab2deb1746c2

SHA512
5c35e9b6649d980ee36a962d199fcb04e4ddf5e051b141669ba7eb4c237196f259ec2145364888076e550c2cdb5023ea13196b6b7cea950fbd9a025c8201fb57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ffa47980f90420e5a9bd512d5392bfcb

SHA1
99efca0a58f9e0287abcb33d8c4af52bbc22738b

SHA256
713e778ba37eafc10dedfb6c8aea4d7598db88dd5d3fb3ce14b9e881fd94ddcb

SHA512
c85d5de1e7942634e7bd86c18a3c3ac871f9e2b6a6fa93d9e7a25c6d1fb3b650f3c1b3e954e072f91d639584bc31d9da7ecf1fa90315306ee27f455aa4f9bf92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
a310cb09b6c167fa97332b3532dd1224

SHA1
7f1ef8d6b779e1a4d7665fd7c7e9398580b94a2c

SHA256
b9b679297efc0a3c03bff25aee28ab7e5cb6a9337c54362d6eddaeb5c3e05f08

SHA512
18c895aaf4c81e2094ad58dd1467a4df8a9737a9d4266f337dcd926b38b47d83c820b7e6ee331016c957cdde4dfd65579d2725021005be393f166b1caa43ad50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
9a737c25d5c56f83bf64c1e1b352bede

SHA1
5751ba17907aae2abf0036993dc9667fb13d1eaf

SHA256
709cc55c6ed77a47b5edfa72ac07f164d8e4900ef0c61e8105d5f07704a034c1

SHA512
07e6e35dd379dc713c0592f17afa52cfb6d78003b81b5c86bf0272c143fb1ce3941027a211d91c80292ac22378a9261ffcca7f39e8202dc4d35f39cf14431369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
0b57393253a9eef16fd2d26d3137b771

SHA1
1efc8c51bddfad4aaea3d6ed679f2244b33eb97f

SHA256
7219d878ae4b7b4ada670f5f674b1655292cd5a4bdb5a005664cd1538dad3e07

SHA512
f2817d93c03e9018baad148370230d958e13ad7a1459eaba4900a17a5a45fd24a22d4096410c41acd0cbe350d2e681eed262b5d23bf852c2c3eb176d93956097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8e0dce0499cdd1084d6795954826b67a

SHA1
80fc2d09d5051bb510b183949ffdfe4881ab5847

SHA256
5c9102704aa423e80caf25242bfe270ac0bcb2c3dd3fa4104ca20834a2266c10

SHA512
ae2d3bfc410526754f4e3466e561fa53392d8f802fbb82a57fbc20d9d42e04b3d722ffc3891f1b8ccd112ebf2d66726be7385bd54eba2cc5b65a4df7cf93d9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
4ecf357588def3a8be612cd753567121

SHA1
83335c216153c5d903d1f151e8244f90df194edd

SHA256
70fa8f15d0dd4544c98b9b509ad9962f7560538fd8e4d234710e280176a2b67d

SHA512
1f8fff8c1b412f542147b27df2112cf06f5c3450d1dd6b11d53e20cb65216cc8cc6ff56c66812b8842d459430cabf225140abea20756707f2780b0fc41db21d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
2f600c0b4cd47c0a7353607ae45af73c

SHA1
b84a475ddf67de0dfabdfd05a96d033315fe926a

SHA256
f0b87644e16cdd374e6fa616650a2b0173836f44df7c3390644f552680efc115

SHA512
3a3f5e96ff8c375df4a60090faf5b0f98a5f318f96b4bc9bbe9972fe5cbe1ca44767fd5f17056ad49d13c7e3841d3abfe3fb7c7f97f4b3653205ab0bca5eb117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
728aa52aee74a9e9954a87df18ec95da

SHA1
e9802067a6dfef2c1fe93258a5c127d9b4a1a263

SHA256
9ee3c056e0dfe68df1130b46871179fb3ffcaa46db4813b7ba3e6d403cd901c6

SHA512
4907c00bb953e1af2a4ea0f49b00e97282247cc7ae70ecbc68e75dad1e987b5c3de3e91b57a963753ca08e4097a0c50680f3cb4014668d0351b668291b226c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
c2e3e4f503dd0ba427c2b7be2be6765e

SHA1
ba025b3cc62629bfe49ea8ca4c997b58d6df7153

SHA256
5f4347cf9d384f9c4eb08996d0827f24b0d265d31a57ee283a652125917170de

SHA512
eb4a82f15a537741f09daabb82fd12b0a0a3e7982665b0d8aa1cce9c1cb4b05b398f1316bd22ee9698b1ba953f05feec33dd2f55a33c11297fb8a77d572c3489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
fdd8083e928dc7301339dbf66e1266d2

SHA1
d97e92e757d999917454cade2356daed175a4193

SHA256
32eb03e611d4ac3f2c5bc174e2bc337b543c8c7c98b54c41c81f0e3a94f65e0f

SHA512
e047ad5f8e512731c4dadedefcba12c18698fa1107a07a1fb0a76cc59b11dacb94718d75c34124174779c4084a3d57f68420c5f2c1c0cd07e2b6ffffe8331e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
977457c5eee5273e2849e9e524535273

SHA1
428dad3bf929aa522cc8b9a880a9630fb23d13c5

SHA256
04a4431c1ab5696f84c4063f29818b80d7e7732b169b83fd9c8e1b632db4f906

SHA512
5aa8ba0112eaffeeafd1c2d46413f2a2256bc1a73bbc0e754a0a22975dc646f28ffba7890f73da6ff72b8610b07de0bd05792d8973f2926c99ae3496e2e18ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
02cb222f66f63b941e3901c11d4fe4f9

SHA1
d706a6f48e30478306e97bd7e0bbe778ad7808b3

SHA256
5cf542860311aa5558f00476fa472ded3466042fd506b8d8e6d2d51b629ac8c9

SHA512
3fd92a720fbce73db16ae053bd85aad6edb37c80defa8bc4973a1b635bea468530067ee0d09440546e7a3eff46b64c1188ffc14cf5faf02ee20c4a4a9ee9376e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
85f1a3f742f0216141d885f0ceb16356

SHA1
5b83f1ab8af2ecb2d667ad266f3b1c884c21caa9

SHA256
7ab2ef74b2482a083b175fc55b3e3029ed8e3f07a89761826b4518e7b564b625

SHA512
650ca1ae4966722c1d74116cf6740c8ff54b02aafc3d64f924a6ba4b36c678501221b9d5fe51372cfbf1c7175d9007251198371dfafa38b663fa630c9b9cc066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
e8566f72a6d4d5f900c4f2898e311a2e

SHA1
bf9d8592fbbe5589353f1d173c71fbdfe1af8aa2

SHA256
6b32306fd5d5ac0c03cee74b64265c633620ed9cb900c3362324605baf6758dc

SHA512
09cae569e2e168c2e29c3b5265ea9d0b57ca5c51424787eb17ecb46556a271ecd643fca9f458f44303444bf3d880f9a3af666a6760cedefca14d2d5b9ee6d831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8305be35d0a9a7408f3b5d25219fecb3

SHA1
07cbd19284ba09fa3a133cf81b3cf7e1b8bf355a

SHA256
a8efa2c7b6a5a76aee74b12ac1debe2b709addb2d68b053be6b29c9bc7fb3519

SHA512
f1889134d6e4aedab6a23bab0be2e64f97bee6164c59f77c24a65fa9c6217d79824f604776ee565e17f13f950f7ebba26733185765146cff6d3e30369b69989f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
49d37f7f0382ab4de088ed38f7864ce0

SHA1
c52ba833a1cbc8fa4c2c6f0062fbe2ec15890334

SHA256
4e3defecba6a14b795e6425799a384847627271bfdafd94a82ab75d937c27e99

SHA512
ca45274d3caaff562f769b1bf3727086b5de157494ea41c9091d7ed38a7a47ef23dfa00fbad358680e1624134b0d63857ecd5c051d2c55fbe9753cac89a4e102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
0d93c3ee62b5f101a009bc6ec85312d4

SHA1
e03ad2c920e2e8e2edf77f8585cc6f2518d64e7f

SHA256
d5980af5e44b823360c4bf1540eb5a95df4dcfcd46c6cdb36fb7b11f11bc8357

SHA512
997b050fc8fe70b109abbfc6fb84a9890b48a5e48d9a4be2ce4e028a0f2631af37e186d23995931d1ba1ea4af9ae2864a015a7eea1a3235a1f07190a63b0aec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
48c0acd296a126b65040c467c97e80aa

SHA1
a0505362d725916c065dd89bb1ca76de53d34ba6

SHA256
b321bb2a1cf0f887266da0083c4ad8dabe0b583b04ee10889f7694b10e431173

SHA512
6eb4a10e4fb3ea92e78dc6ed2cd877250c69a63a5d70f9e56f271b567fd1c772380541520cbf8770dd35594ac806d7bbb96e9c096c7a21a36d355e065e8fddea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
4cc49acac5091323ad9aa1e52e5c7998

SHA1
6a248a3fa2852991b63a61762c6d1bbbb8f99443

SHA256
697d366ac75887c4803320048e555c1fba25ade067ab01d31ec22f2ae21b8710

SHA512
cf367898cd44de7448a07c0b4ffdd4e80d64899f87bc97634cde70c0e715245e5e4a0e67c64525ae5f8a60654c390bdcb75dc7decec8b179a5748cf1598b3f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
069abfc74d99ef018d2eb5c477f96206

SHA1
2b7a3a0264d82c668d56d3e3602ed994738a6cdf

SHA256
6c1d6636a3d28b69e87d3616f3a7c16a519be1f6044f649b4af746d46b9801a8

SHA512
2ab60aa2ceb70066a8bd10e99aba86352c691f73dff12edd78d820552023c4a52135e7c21b7168b1c6e5964f6fad02d2a31a4f22e6bc8d57f29b320d8c90ab95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
2acc03f59cfaf151c1054148bfe75895

SHA1
384265ad652bd0eaa161df1bbd43217b6e5c8155

SHA256
ff67d87515a7cfffd098abc6d1d2b6931b9e17ea798054c7b0490431c57ce46e

SHA512
5ba1f28f86a276dc10700ea78ae2367cb3251b0723cab3142280a42329a10f7014f998055edda56ef8ea92d8f44daaa8de3eeb6a3393f0559cf1ed516c725191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
70ffe1d6a65689da954d172e04a756c0

SHA1
9ee4add7df0a1b7bc77c4608287a0e18e7193793

SHA256
e5508c4eef8d356ab5c231e8df8effc97c5bbbc373c2129f3ac147893018ad7e

SHA512
74a9afe9eefe1340a850cbd35946641d6ad0cf5f2af04bf864719dae02db46e68d75c0535122c52d353223e1916382adb9461b82bff841c7d9d940c8d6b54915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8fbe51e057fbb19587f8f1563873a98e

SHA1
23174d377a84d37b38d3227f7344cc7fd7f3df1f

SHA256
90021328cec24aa8eb78993ba32cd60f0c1f884422bae53eeb7fa513bb938a69

SHA512
d2dbb8566cddc9ec6dbbe007d95560965b6ad3cef5e046b28aaa1e02bfbce1a7a393e20f54206b6b5f474b6675637b94e139bf2262ffb0fa656200fc8aef5592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
b8084bbaaaed80fec8ef3db43c622f22

SHA1
c2a742436618e4b53276fe3b3f67aa3991d56391

SHA256
bd5114750a15ad8a063afe8c8d0a28e6bf9f7298f5d5813a13182942533cacae

SHA512
fb5fa6e90fcd112cf06a6d2d5581cac3a11c34e11627fb613cc651a5a85706aa226f227ab0ec2a2975fbbbb7ef3a66acfbc196f9e59818cef36b4ad3396be3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
a573b16ffbb599452515248c83c773de

SHA1
99403fa44b592ee5f7df1b2dc2720adf42bfca41

SHA256
3f709ee28e894d2847beed5ca13fd040fb0c30b26ab635d8e45311a2ee0129dc

SHA512
4955022b07a657ced68229062aa7388ec0b2f13876e3721d097100c4d65d9a8833d3670f6c61a4250c1595ee52e19e5bf85dbf2577763319c6c3db9dcd3ab33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
bedfbfcdca270378620dd10eca990ccc

SHA1
cc8bdbc80a71f1b98cb0dd92b70b73c13a2d8518

SHA256
12c0f39aeb660598d86ed5e96a808aff4ee616685cc8ea28aa656c14225cc642

SHA512
27a51851ce90fcd244aacc702d6a307c4aa4aa9809bee9c1aabec841dd089d718b72906d3e6f54754cc43fb780b1de5d328fa1861110a46141618eb54bfd8c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
f08dcf9efc5340f1037a93a82ff30e6b

SHA1
cfdfbb5d9035c06b0fc14c6cf6ab59eca0d33856

SHA256
3397b28544600e384a1d789536dbb0e77ad21be9971a00a7698553b0c8551d65

SHA512
5ac8ed5b28b602ede301a24862a114c16c50390b4b84d2a7d80143d226c7925b80065584aded313d89eb081da11d39bc390616ea4adf3c48b74ad826fe3d5403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f8e.TMP

Filesize
704B

MD5
1c397116a2afb45743f79a8c5a59b3c6

SHA1
92a360aa612523b4f9ed43d4ee1eb85f3d7ad275

SHA256
5fed86c1a97e7a998a1294b3ceb1bbacfda7051f04be770d416a5db45d9ea676

SHA512
99035f0eb7b66dc01f781c15b43ec58912ec6bdc28d70b0c999a4e01fb83825f80f61d74c7cc2931b10d1a0429417ee8395207e72152948947595ca3c494e0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
57081edd28f30ac37289c0e8f4758fba

SHA1
d9d1c6908404e4e5070dd673a40aeb971adf4334

SHA256
a37a328e29bda6b9fc0818391c16fca1b25707d4d18a64e84619b0db43e1782e

SHA512
190e85b4bbecacfbf8bd0cba3492f5930000c16ff11fa06d51e4f73813e3523b0f4a293d990be205171109ecc6ad0bb0704742698fef61917fa831ceea10f30b

Download Submit