Analysis

  • max time kernel
    399s
  • max time network
    400s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-12-2024 17:51

General

  • Target

    https://drive.google.com/file/d/18Ox0SGBtPtE_fhbxL4v5hQoFkD095x4u/view?usp=drive_link

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/18Ox0SGBtPtE_fhbxL4v5hQoFkD095x4u/view?usp=drive_link
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4112
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb7d46f8,0x7ffcdb7d4708,0x7ffcdb7d4718
      2⤵
        PID:4260
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:3524
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1160
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          2⤵
            PID:2288
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
            2⤵
              PID:4628
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              2⤵
                PID:4992
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
                2⤵
                  PID:1772
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2740
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
                  2⤵
                    PID:4460
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
                    2⤵
                      PID:1688
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                      2⤵
                        PID:1516
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                        2⤵
                          PID:4836
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4632
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
                          2⤵
                            PID:4360
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
                            2⤵
                              PID:1376
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6525217101133091540,17464431179598653949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
                              2⤵
                                PID:3756
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2668
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3388

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  bffcefacce25cd03f3d5c9446ddb903d

                                  SHA1

                                  8923f84aa86db316d2f5c122fe3874bbe26f3bab

                                  SHA256

                                  23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

                                  SHA512

                                  761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  d22073dea53e79d9b824f27ac5e9813e

                                  SHA1

                                  6d8a7281241248431a1571e6ddc55798b01fa961

                                  SHA256

                                  86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

                                  SHA512

                                  97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

                                  Filesize

                                  648B

                                  MD5

                                  c74ba7f42dd1c5d7561f1ab85518a625

                                  SHA1

                                  41ed77908759b29a7e149ee66e606db7d05a6e9f

                                  SHA256

                                  0191d8627cdcca44f0aa935084e9c06946a0b0a27adc580ba7ede609c00d7f91

                                  SHA512

                                  babff2c978b71641c58328140ff886284803f23a06e1499f4253cdf8ccfae4f02e74f54f2923c63e6a4794f9f6bfd1d86207be1c9411d49db34504c7b67a557f

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  816B

                                  MD5

                                  8eec2bc09111bef00124565da6a462ad

                                  SHA1

                                  08dda87cdcc15f06d00efb12bac8b91c20e1f494

                                  SHA256

                                  5e25fb32858159abf9bdd35b64315f89c36f0214fa1621d1e2c014a9b5a3f292

                                  SHA512

                                  cad87798566faa61433aec35f1ca3315bffacd07763a52332e69f1a1e1bb7807b6f946d5cdd525679dd50211ceefc1b396c18800b60d954307766b5488a6fa18

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  864B

                                  MD5

                                  29930c9bf07df2f3f0aee188987c23ad

                                  SHA1

                                  6e65ba45ab203be87a0f94898be60dd5b578eb0b

                                  SHA256

                                  5f88fa9ec7b62dcfb3d6ac94dc2526b7ee12710afd419e7f2e9ba9f9f70dd7c9

                                  SHA512

                                  0c3032939255b9305f1f3851b488f6e609bdac95b961594e1392c42930e4eba2c07fd97d18ff938b270a66cd167391bbf77482aa9b9f54fe325779393eaf10af

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  1KB

                                  MD5

                                  2d0f28800d01cad35952638f4ae3c2c8

                                  SHA1

                                  9a0d1ed818cf1314a907f03998a856f43b47f35a

                                  SHA256

                                  ac0da8bf3d37cf18acc215527e6c09745c6b634dd3a0f773b14828e5857634db

                                  SHA512

                                  b8b281228459423b61c07ca5fe906ce8d05249a0f3d160c3a50a61b1e59211948372d95c54deb96c0cf5bd311e6382329bec87049dfd7781cb22572e82026611

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  1KB

                                  MD5

                                  c473cb6ef23f57f8c0532d2bda22b8a7

                                  SHA1

                                  66fd950c11eae35bc9408aff02ff8621f6b33c06

                                  SHA256

                                  0c6ca3de933c7fd60303b12dff2aaad99d03997417d437ccc38c61d99af7cce2

                                  SHA512

                                  7f1d22375fc7409c7399ba2113e5b98640563f13d209fd4a6e68336a9417cf35c07cf648f15f92afc8012fd685eee24f432d1e546b0bcc9a5d29fdcf7bdbfa9b

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  c315dfedb36bda02419939010eb3d9c2

                                  SHA1

                                  6f9ae2dc0b71e41c951f65b732ce4aa228d67ca5

                                  SHA256

                                  011e19842002e7d300513b85a4e8f356fb263fb8dc47ce1396862e02476fd405

                                  SHA512

                                  4f8de3d690753e86fd77889825daae7d74c773f297b46853804eb46aec019921595346ecf2fd941f6caa61f2caea108b3d65314a8bc545d06a149be6d40f2cfa

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  e8b96af2f58554cf86dbfe0803350112

                                  SHA1

                                  1aea75e93c911f4c6313b1977ad29a33a0d5324b

                                  SHA256

                                  d80cc6ed2229d1fa5f1acdddc89ab76174c8c3e553b03c0447d58c812641e537

                                  SHA512

                                  49093df27965feaf54a57ed0060022957b2e5ee026d97fbbc0562e88dbe00b00e4e0f8acad19cafb2835dc4ce65b974c3c6ded9853912a82cdd6a9da755ed9ff

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  5b4f4a8e8e5cae9c0ffc174cdd71af64

                                  SHA1

                                  c07751526b25bf4ce9249bdcbe221e75bc9348b6

                                  SHA256

                                  2cb0a594658255c4b3af3fc8e3d747781f93f6b96851df80cb188ae5749583fb

                                  SHA512

                                  1cc534ee48ae05788ecba66ceedbd98ca912021d84de678106571592829d9235339532f0d077b6950c564bf6c92651d618849491cc88a20600f7b18d3f7b05f3

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  248602a3113eb47ce62a6d640d480d00

                                  SHA1

                                  0a1a7995fbc3c9f1611fab6e0b8c6a258302a9da

                                  SHA256

                                  71a1fcb8842031ec77866fc784d3fa8e3ea45e7fa6f11c3f59a690c4f20893e4

                                  SHA512

                                  449b9c49224c91d8dbe68c0bfb96f1ab7683b66d6244ac0b67f8992d5353810be833aac9bcb019288d61d46e279ffd68da1eaa75064c9eb06553bc1acda68e59

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  4c93011a4f3f68086ccbd00b2f98525a

                                  SHA1

                                  887aac5c29e75d76765f435ea3de63ba52b9bd45

                                  SHA256

                                  d5c0e0fd4076264232519cd1b2413ab08a849f39cbff65bd693d38cb59946309

                                  SHA512

                                  7fbc5fa1739026744faa7fa9ff01cd799f3390c98887601e3a71abaf6a7eec27253d9a26284fa66119af4a241230bd5c3edb94b288de6731ef59ab26575842ee

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  a8711d197d323aad34a2c68d122cf7ca

                                  SHA1

                                  85dd216168d78869ead1f71d42066eef6d3a13c8

                                  SHA256

                                  2660f2689d96e289f57e757bb17c1e54dccd95f567353eef12d6da490dd208a9

                                  SHA512

                                  ef9dbc6a34fa50e0102ca167181e820fc34d71af3b9691ee0c1a98468df8ca5c3b4ce24d713f0a6e7616dd5c4cb1ac3cd43963f2085f88d31b37a879c40672b3

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  7f414999ceeea153a23aa9ff08747c55

                                  SHA1

                                  80fe6497bf4099461c9a8b1f0dc0bb73c14977dd

                                  SHA256

                                  a52a69e052886f22555932d4b400b33343a0c9fc8fdcb1c7cc0d1361095e5db6

                                  SHA512

                                  228d9fb767f8ebe847670d28fbf15328286a637578a25c59fd5e0f15904cac1d3e6550041ee67c66d2e0cdbc308055b5bd7e6c66b4f96082fadab2b0ba535557

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  ec66b6e8ba4f5ed8ad65e2d50f93779a

                                  SHA1

                                  788494819df1606876ac08178f5866b4eb1b3742

                                  SHA256

                                  47e28fd3f320b7a59e536c7154cfb6a80227f368dbe4d9efaca0d5a03aec4a97

                                  SHA512

                                  6ed8c695924ceb1317f70c0dd535cb1a38db5cf793518627b19993781be41c074df9c1397718e6aba6684181daf1be4b1351b983bf4450f801a4825814ceda64

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  0b636856c585d4ee2efb83a7cc261514

                                  SHA1

                                  7dc47d50bec065cd7a430f84457d43bb20ca2e58

                                  SHA256

                                  b053da610b6a03341c1ab9fc5fe474aadd735ce3dcb3c9de95022bad6eb16c51

                                  SHA512

                                  8586c24cc47b0d7acb053be0679bc54871e7db32e78b47ddf392e79b99d911351700f161ac194feac5896d1111e3bee84a13508a44043e47eaafaed9b49a768a

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  8dc380acea8a76bf500511d8917ff242

                                  SHA1

                                  e9dea284d9c17fb7f4069344a8810d4cd696e96d

                                  SHA256

                                  366b589787d054ef0ad28d249fdca3fd08524c84ef477fa129766ddb206ad9b9

                                  SHA512

                                  ec14773c51d9b89951b423b27997296dce9d79eb201ea49bef6b6acd152d498e3264028485304922428ea74797600a490454cf9a6c38624db051fe7a75183731

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  740ea9a9dfde55dd7510ff4cd52d7b54

                                  SHA1

                                  86ff6ba894c1cd17bef9962d197f75409b7e0280

                                  SHA256

                                  0c7a5004dbbe376011834b922cbf145cb55eaf425b6b5e63aa3b8d8209b586f6

                                  SHA512

                                  01fbaed646f5e8c94970df0c6291821184bbceb4f645534468b54ef4cc74fad9f918ee08dc01c94b86d81b1f02a76a2a00d6c6786f35014f6575a331ce6e4053

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  203B

                                  MD5

                                  3fc65cbfbff73af9c79fe82869677310

                                  SHA1

                                  5a43b1edee211e4aa0083525cc985e5115a36aa3

                                  SHA256

                                  c56cd5ffc230e788e5bba8eb0865ac80c57a7dff7cecd17be32139922f269000

                                  SHA512

                                  b68edbf11d18c5e2a02bcf776d007110a2fd0ae84bea66b1a67d16e68209d92e90b720272f5b176a6fd182e8c43c476a6a8b8a658e1e2ef386c9dd092b43f2b3

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  203B

                                  MD5

                                  dd3af6dd87a5cd13eb5fd0e74496f622

                                  SHA1

                                  3c9c7786fb2d39f575d96f58a9c29afe5d93a04a

                                  SHA256

                                  0f54bc38e811b2bfd7020fe364e760bcdc834db426089aa47b6c5e8bd9f6b2aa

                                  SHA512

                                  336a804b78354f0cc0b1f01321a09b43325425b6016da7acc8a1a2f3b59b3587c0eee895b9ba086a5fa37699d022f0163bf0ac1f2b0a87829bb6c3a23ef85233

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  203B

                                  MD5

                                  27f20ccc9fb049b9d75f67153a9d69d2

                                  SHA1

                                  17157cb6f9e4e7cd2f997228290cd06105efcb37

                                  SHA256

                                  dd36a4555fc98a1bb43c75a61cd32646f1536e5b9a7ba0bf3d0240e65623d3f8

                                  SHA512

                                  35253fa1a317df760f54a95898fbe6f84a01b57a885b9642f0a1f1ec31b7318c531685b3bb7031004310724a64a6cd07643a1863674c01a1a68102e095e62ccf

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  203B

                                  MD5

                                  024f22e77743b607f691e0bd7b3c7a68

                                  SHA1

                                  9558a80a535aee46ba1034b678d344f6be9d8f2b

                                  SHA256

                                  7b609e300ea0e7dc0d397c2b66db9182fe6b13d2bef504129a29acd5ec2e4d0e

                                  SHA512

                                  6f4199687739e6d9603e2c1666f1579a5dcbf9c353503f8e8d16ec8f5db07400cec3665457c9bfaa83b28069f7827f7f3ac3177ec49b1e83499e5f7f334f6623

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  369B

                                  MD5

                                  21d2eb416da0111214611a05fc747e53

                                  SHA1

                                  9bb8d02cdce2eba4e4b1879145aa8ebf4faa33c7

                                  SHA256

                                  fb9c3d94827b8723d2a7b0ffadc7531d403a1f625c2851e240fb912ca8a89f5a

                                  SHA512

                                  9a515060fab3f7aefd016700388cab8d942bfb2350d8d632d5ecb00c2c7f25f9842c1ea09a548b9303ce2be5590f0ae114648cff875d10708904730327722863

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  369B

                                  MD5

                                  85e9112db3e9dc019ceda8cc630f7229

                                  SHA1

                                  0c3001e31c2867f6a24dfd35bb4021477381deda

                                  SHA256

                                  ae575899e157b13d397482a7c5c34c2c2ba11ef76524575171a8cdd3faad58fd

                                  SHA512

                                  c29735d3a7dfedb6ea12871c4ba5683b19132ff995d018b3ce3213c077eee01d80689cdd9ba3633f545820d88b01aa663d09c3bdd0ba7009e57d3236646d1bd8

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  203B

                                  MD5

                                  7910c724f735859075c23867db5cca35

                                  SHA1

                                  f9cd646e858f55284a5149e692b8c5270811df5e

                                  SHA256

                                  c5903bed3c2a0aa015867ea31dd64ddc517b18da64ad8599241f9cd2bc90f864

                                  SHA512

                                  4b48fa5a2b00c0ac17f71c71f9fcc6ce893140a646655efb9eac88a1fb4c3b02a8ea89b653e5b52994d3765312de861923a61cffae369956ba646844a8f5b2ec

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  369B

                                  MD5

                                  0973e41e60305cc0411acb87f5d9ee6d

                                  SHA1

                                  11eb4006b09d0aaf23af11b91d1b7d7763ccd41c

                                  SHA256

                                  0e0f53b04ab5b0d7c67f621f8b24ef90029e9ede34087453d829e04949c5d8fa

                                  SHA512

                                  ca9981ef3d65620464c7ab685d0de94b75c8565b9030b996088ae30de626ae683f7800bd1e9b22eac6fd2a8a0a1b4e9b435c5ef56d578f8c66e002c970ec2631

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  203B

                                  MD5

                                  27c2f2fc03e37f42590c0f973218095b

                                  SHA1

                                  0a62af714fb51e610916ec67dba9c3e69c6f57bd

                                  SHA256

                                  caa7ab851405891a327cf08a5eeabf6e8e6ce01fe2639a477e1c03df435d1c3e

                                  SHA512

                                  2768cf90bd67e35f6162319b0ce5e16a34f1e23931db171414f8c98cfb0e8aa5d4d3960262780e905744f3b7e4a2524dcbaf1ceaef598aa9e23a07c26fe3cf92

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  369B

                                  MD5

                                  75a0bc69528a13637e71da2f1c82cbae

                                  SHA1

                                  9fab5ebed86cbf79e1bb01581a93d4f49b8b0063

                                  SHA256

                                  aeae405b51a976accdee56cbb256200affbcbb72f05593a448be720d5cf54139

                                  SHA512

                                  50acaee4aa9d6bf34b52a22e740e8cd459cc38fc96a6374291a9a87476388474d08a5014ef8ba82c7be73c64c791d7b85aa0911f3705408538b2717a2b1c224c

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  201B

                                  MD5

                                  2de504e23d931de65ac51ba590684200

                                  SHA1

                                  0f6e20c2babc1c382bc5cfabb5941ae2d761541a

                                  SHA256

                                  b375297086147b2813234405572e569510c59fcfc0408899c2e76614697754d8

                                  SHA512

                                  fdab77915b151f41e7a576f8b857b4fd33ffb8963db14af21a1ea3fff178eac8e75099dedee8ba847948434d8de874001853cf5f638204c8319fcb29516b0ae5

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  367B

                                  MD5

                                  f7fcb464c9561355916be961577573fe

                                  SHA1

                                  3fd3aa7165b7a7bb07e216d5c7cb68ef020a914d

                                  SHA256

                                  b7abe0396448cf2a09bfe6c891001fa043293ed00d66bf42833f95059f71e39e

                                  SHA512

                                  46e002ab43f3c681212e7e68c8192d44057223535bec3ed5fccb44d25590a5c9eb5f835c352de77e44a1caf9e715c26a3e3620e6ad3565f8ad97dac28736e7a7

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  369B

                                  MD5

                                  1f45d3352b2da8ebbaede0462b5e1ec9

                                  SHA1

                                  d333123071579ceee79cf5fefc0db4da21569510

                                  SHA256

                                  d4b35ac6d496b5b2628db489180d30b3da96d158f4ae00e94f5edbdbec93dea1

                                  SHA512

                                  67bf2dfc53f89c386e38441c895eaf8c4b3d2e46c9f1ceb4594537246390730d1d121775e136f8ca19192277e4c9c2fc9ccfbcadcd5e3e7220c7fef6ea6f3d52

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd6b.TMP

                                  Filesize

                                  203B

                                  MD5

                                  ded16c1a90bac545bbefb87fd779228b

                                  SHA1

                                  9c8c67a4b1af7794944cc8c63ace444dd25d3c3b

                                  SHA256

                                  cb2c01410cc024337a09883468fec3181d31f8b88eefd29a9d78e86c318f88ec

                                  SHA512

                                  f7783c3846a95d14d75f3b7de03719aa32bbc86a28cf824962c07046110fe2e9abbb6d348dd8792019d877f8a63111ba0623186e61dd1e7d186cafce89ae2446

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  10KB

                                  MD5

                                  788711fb0efadc34bac481496a29f220

                                  SHA1

                                  4fd54e330dd4d8eb89752ef42b5ea3bd46b7146a

                                  SHA256

                                  fc3b5f1dfa2a8371ac115639eee65f4322d009fa5f42ea629fa01b031c263e9a

                                  SHA512

                                  59c82062067f677fab5874e4401d75388e2f561e460ea4f6c292cd51a1692d8496c3566284b0bbb84f340fa7d1f016ef1e578c047e4a0211be81a93d10c20479

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  11KB

                                  MD5

                                  0fb22106132f6f2d02573c0842659c97

                                  SHA1

                                  02694bcbb53db88c97c95be2f60b2071f1d31702

                                  SHA256

                                  7238006a0fc6bfc539a653e1958b0665a0b8966b7d4053876c162edf5653c7c4

                                  SHA512

                                  87a7980676bcec55bb2b75ade663052fc4eaf4420fd58bf2d7c28c25b35014416736e733417763b7452e4c52060216449be6f9e732c03c623f3b8bf155bab798

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                  Filesize

                                  2B

                                  MD5

                                  f3b25701fe362ec84616a93a45ce9998

                                  SHA1

                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                  SHA256

                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                  SHA512

                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84