hxxp://dropbox[.]com

Analysis

max time kernel
291s
max time network
285s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 16:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://dropbox.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1114462139-3090196418-29517368-1000\{708FED64-9241-4B18-867B-7F8B558F64D3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
1368	msedge.exe
1368	msedge.exe
2228	msedge.exe
2228	msedge.exe
3160	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2936	1368	msedge.exe	46
PID 1368 wrote to memory of 2936	1368	msedge.exe	46
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4888	1368	msedge.exe	87
PID 1368 wrote to memory of 4108	1368	msedge.exe	88
PID 1368 wrote to memory of 4108	1368	msedge.exe	88
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89
PID 1368 wrote to memory of 2240	1368	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://dropbox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab41546f8,0x7ffab4154708,0x7ffab4154718
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,4800861755825614,13853866548060384402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
03ad7580da2690753722c50d2b9c762c

SHA1
6223714deab75e5b0a691e68f3a5ef36cffb9879

SHA256
b257b739bfe30c3693f529fe341e54de8d752034e917f79c0493f6f347c497cb

SHA512
7ea20e8e596116090366916c6726beaff3d9740993201c32e17a85ee9f81b856d2b7a771a700e74640cccff6dee82a99ed1ec9377edf8ac47a8ae588d9ddc9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
923B

MD5
0d269346fb8eb8802dce268dbb481d3e

SHA1
a2bf761ac494d7c742beffadd80fd0657bdce967

SHA256
9e549851ea4cff81bd64051764771d34598c377d60ebc320ce2d8162ea9bebce

SHA512
d258d2c96a644780979535e4e530fd4696540acf60c2c6dfe0f0c09d07e07f3ba33cd34eba46db2693219c8913f097fc2e605be9cc7d6b937ee563fa5eee24a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d9e48a4d83711ae3e8a13652d41b4c2

SHA1
e457f868428bde774cc85acbef1a304889040e60

SHA256
639c362406d5ff13dfef2038a40c9b0eeb7510c3eb7f0d62e289b503a5826208

SHA512
59fa6990c660570133455be48af73b2b9c6c31229ced7fada72079dd3a8a2147a2e9ae11dd859a71735315af630b19bc0fa7f44a41d93ab523983ea47b1bc45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
835eb4648fae6204be702e0e8961c8ea

SHA1
de02b76b0ef99df14fb1b589a9b305301190ada7

SHA256
47623cb2f9ba5ac185db8d1ae6d847cbef6289ff6ab19a3064ec779931b0c0fc

SHA512
cd5dbb8c8b351861eceb8f85304f53a53518ed41dbc2aaedd7401fcd292dd7a1d9c5dda350e39531af8a366f07113f63579d7fc05253592224161a267da55ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3c576a9a153879343304f384a459f26

SHA1
ee02327a7f3428399496ca88d35130186fb7a21d

SHA256
8b6f59d39a376ca085f0c1a118537d1f3d3387b2bded9ed0ffbf1b6230c76bea

SHA512
1fa664d70cbd801b608d2dd4dbf05814abee8f98dbc3299efdbbf6cbe7d37176a3ea17aa3e93afd94194b6c61a0f88bd18c9c6a054fed51a965c0583f8033176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93859787713af1d603a15d723c66fb89

SHA1
6e736e9712e7dd3c96e44cc4fcc22ed39ce79698

SHA256
7db0b871f2a81308f467f8ab1322aca03e9ba2ca1e81ff6950a59b381230c8a8

SHA512
a211285984d9162ad6ef50f978133c42cce10e91bd27fd9358a7147796bdf488498c8997e1112c198e8987b4a179e41845ebcf0ce33653d798c26130d2a66a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
6b93487fcbfa2d654cdff589ba8da564

SHA1
2a1443a55c304bc225977968a5fc5511c8dcb641

SHA256
5a7b04534bfaf86c7f50bc578e3e0a853e99c5d490c1e8bb77cc866fb911d249

SHA512
58132a067bd9560065d4738614f5834dc5d1a096e696e12f33539e43dd8af485ee8733296436a986e6b9a436e1ff8393b64c0ecf4eab0e5e2a5429e3dba341a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
b6383a5204e5b812bf159921dec0daae

SHA1
2d9bd0a3b2384de2ad2c0bdce0cdacc69466717f

SHA256
524050d98a31596098a053d3c9df81135a6f09ca7790314470e81621c8526c86

SHA512
d45dc0ea438a1349c3b4fddbd7f9d533ddba5155458fb6ec9cdb4b036c89fd0b2bd64bbaaee52d8bc64b4b7558d879f426520da91dc4f889637db48af3b691ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
85a7cd443eb3b0e485acc3b42d43aaf7

SHA1
facc603aec6ae8460b60a48618873f99281c8874

SHA256
df573f99cc6fe0cd092a785121788d7efb702ade9caf295c6e876a7ef9d44402

SHA512
eab4dbcdff968a8ae8f8870f7fc1f78ae08998a9cea12160cd44f0ab6e86df075d2ff863657d850322f46cbe1800fb2acefdbcabe46cfeb8d875c55c6fede608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
91d4f61fcb6c68d6861349bf18439e8e

SHA1
227c360cae97a91b5732879a0c39d0ce31e7db72

SHA256
e62bc44c509efac6519d71f6c5ec0ebe57a46d117f037d04b99e693f90b6a23a

SHA512
3b00ce15e119fc9d5c6f66680ccc0459ca9965241696368fae0a775c43cfb18ddaad4b6eefd0799864c06f47466304ddb5bf3cc098db61fc289a2259175578a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
bf8f607bee61600f4c8bfc9a445836a1

SHA1
078a0122b01f825c5686118f82e4c284b345a36d

SHA256
d6ce8a438cc978560c26ea377cb47939b9dfcca281b196590cc50ead4747f73e

SHA512
572e86489f5eea90dfc414f1fffd91dbbc8f01ea7a278b63b1668f67553509f756609d765cef10a9417991d188d873c1b1e0e8341ecf0a827746933104806433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ce2c7ce0b027e7e0c6722951192218d7

SHA1
9992b461ba50bd16ed37c317364ce3627faa106c

SHA256
3adcda0d75d42db40e0ca69964e2224d5810213ef2199ddf63f44bfce539ec17

SHA512
d77290e1bd45ccd2aee7d8291312aad83ff7866a385170e8205e043724dc81d412f06e38d23d15a543204761a15eab1a71ef774b8e93a9dc6ecd03a7e1553f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ce6bbf1fea02820d3a630f938bd209f2

SHA1
08478572cc1d30f5c5a1cf628a3fe18292112976

SHA256
8ed253baae964c49239046eac24e0a730f227cd9621e81ece44545d9f2c79651

SHA512
d2508ea3521d01dd79676ffbac674a2109fe5f3065c3620940bf1bd92abcdde902913a225e8794c4a5313e1fd3cca4a75152374421debc263d95c602dd83f945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
c31e1e5fd6ba0980da8a03ba465eb0c9

SHA1
dd7c0c74b206f4a2a3e304e016b28305571cbd12

SHA256
95e45fc7d53b023415026a898fee67b3b13b39bfa9e615117e292ad189a5daa6

SHA512
aae1609cce7609a1fd9226bcc3e89d756b46182d731fdd904d5c89a40b605998f4e84dfecc0186b6da078bb404d5c3565e7bc822798a742a8bb76dfaddb77bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
53268794eaac53f3e21ce1a5eb8f8912

SHA1
e6780848e1d086b99f65a562d293d0e86641c637

SHA256
e6432df443f41bc147c9274483d66dda9dee28b70735c115160074d395f7d5bb

SHA512
2f3a5406ddf8eb040a4faa7968a76e8f892867c597056f61b43de6d0f48094531448c9728527994913dee8ec5dedfafa297663c1d0190d6bdeb0f51be25a3c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
7607a5ecfc3cefe5f36b2e9c9578fa0d

SHA1
148aed99c0a7b50ed10f05bd86342b17816b6f72

SHA256
6743376ff3ded4b50a4ffe7820a490351cdb638288506d39f809578254dbd3d1

SHA512
9e3b547d115b68e0fc603652ac2813f21d6f4d4ed9f97bab415f8ce49be87531f575a3aaed6a09ce6d4b9fa8b19dc6adc6be9d592c4fad77f4d7330dbc35bf58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
fe9d31e5999c38e8e5534268fb70965b

SHA1
3b211e24b122a219de3d9c1c39d5683debbacbc4

SHA256
8516175a2d5f378ed9c10732f0a4f1e79cb8fe1c71547d2c11b588b61f496047

SHA512
3f0fbd17a9a249ed5638cc3895ffa4e3585968acb97cfa09a22f9146f91e5bb1a90f4a1ce75b6db6e38769342cb33018aa10a619b61d58a3ed548d8a11bd69fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dafe.TMP

Filesize
704B

MD5
dd1e5ef86903087ad8c72eb2460f4819

SHA1
c8d663405b74c4a4d7e73f5f53d43707bd78afa8

SHA256
86160f6c1346f03835ac333673399329a3b0b2695529d227b105249d3a4fe55d

SHA512
c12db92192dbf4010b5e17a3bcc435a3a96371f1e8243f4f9cd121d4f7f65ae41b460cb5e8f437d4c904bead79a2f54f3bd1a08a41bb175dacae2ef00585b8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9198f3ea64ddf015427d1c74e3498d99

SHA1
497d2f13dea45bb13ba6052388957b6064b81321

SHA256
ca351968505942a891b9d3968ec860f3a7181c0ee65865e04588e3b5a6ac240c

SHA512
cdb1bd25b9178c308f62b9e321ee24b46d38d33c802289a1d5527ac884f1c3d688ea22a2278db1ba22ff7e3401df740ce0a19725b7c136db9980427cb9bbf60c

Download Submit