hxxps://protect-us[.]mimecast[.]com/s/WSCgCG6KVmu0nxK0sQrt4B?domain=dropbox[.]com

Analysis

max time kernel
157s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://protect-us.mimecast.com/s/WSCgCG6KVmu0nxK0sQrt4B?domain=dropbox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-996941297-2279405024-2328152752-1000\{008030D0-C272-420F-A83A-C70A34F2E8AD}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
5044	msedge.exe
5044	msedge.exe
1696	identity_helper.exe
1696	identity_helper.exe
4908	msedge.exe
4908	msedge.exe
588	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 1196	5044	msedge.exe	16
PID 5044 wrote to memory of 1196	5044	msedge.exe	16
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 552	5044	msedge.exe	93
PID 5044 wrote to memory of 1456	5044	msedge.exe	90
PID 5044 wrote to memory of 1456	5044	msedge.exe	90
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89
PID 5044 wrote to memory of 1708	5044	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb46b146f8,0x7ffb46b14708,0x7ffb46b14718
1⤵
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://protect-us.mimecast.com/s/WSCgCG6KVmu0nxK0sQrt4B?domain=dropbox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16984478625063115914,17577814803084384278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4051273d-38dd-472f-859f-2f4054052154.tmp

Filesize
6KB

MD5
f49b74d500944410654eea4d79789303

SHA1
ced3e32a912ee59b2e7d07ff1b86a27608f72637

SHA256
1665e42af0b56a48034c1a7397e7d68701d09b8dd411754000ebc93bcc75dfaa

SHA512
af2da948bd7e0ff928ba332505077c7300557af2f8b294f540992610d6c53c9498d68bbb8748de5d871faff7df64d02381c625392c0d79aee34122818704e148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
7015848c5d9ba15352d3ebd798710ccb

SHA1
e9e9436e2479d13170ba7dc9bedd398641884437

SHA256
62c1b98aca6890a417980e88f40afeb8dfe115b52cb25739a654753221b577bf

SHA512
2f9755453d6eb95749524c6661ae74c3bd4ff36150ee0109ee5d7520f86c5f48aa401513d10b88928bdebd441a4f2f670978c989c3b9b13e3cc9ca1199e0cbcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7ea8c64ca351726069be5c7c671c68a7

SHA1
e3e6f68acdb8730b055f8ee27bccbf368c1c9291

SHA256
47f96307e7574b5a2bb4aa5e60743348d2f12af707ceff37dd7f69485915a344

SHA512
162cd9b7e457319d6122d50f6c96779dc74b42a3091f57c8c259ac32df482661ed029f5c865a56e31529b9939b56ad827e7186dd51db01e03625362bde04d8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f8e63e44259fbcf9e4c45e59ebe6e75

SHA1
a57496ac751500e4455a2aa304bd50bd215db817

SHA256
f3949a61ff9a96311d1a01620c06fd5749c3a665a709ddd68b730b1fb2b26153

SHA512
4688f1d1aef14047ba09aa1211e03d5003fcd03c5081e4b81badc7b123897a73ecbda8cd9b158e00beec45afc8b3a52d05be685d6140f240e6742f4ddd16dc40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
958f7cf9f25fa09013776f4ea1eda527

SHA1
fd5b367af9e67cf8422c1986332272f7cbc71dc6

SHA256
1ad19b6f806891f900ee8cd8d27f9324c5bb68fd3a0e7d17a9770d17e648ac15

SHA512
44f372f2e20f27fb9f96faa0135c590d062916de76ae144a25e2b582ae349fc4e1e34606c36339d924cd43d932992a0862e351494cd3d62a6b53cfdcdfcec94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f1cc588cded4e1e7c2873ea3e565a5c

SHA1
4946a7c8ec63d5f8373863f52b6bc68325ab5287

SHA256
442676fadbd2c10f97ea3184bb784d423a5df32e8153e1de82a31a3b24769d0b

SHA512
59b08a73ea3e4aeab46d6d92b08c4f5f19cb69484e1c1d596fd35bc00f0086888f8f809954e201ce7a5c7311c5e5c26819cf156cecc75314bbaf99128f249d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
031bc01e7f09b242cf0694f3831afcd6

SHA1
228a611dc9f1d4a176d7996a74b0426cb749ede9

SHA256
b3880ac8a5d32bfbc8dd7fb7d4d4aa023bc02464a99c389c0a71f7f14a67a9d3

SHA512
76189b793cdf39496349623577eb110bc405cd66c229f90b4aa1aef57c337aa50cec51ddea9e69574f0e2515076a3107138d6ede45e34a54f381c08206edd43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
25d8f17195da39732db6383ed6c37a37

SHA1
eb6c0e943183714be36500bc144ba494d181be32

SHA256
fc66d6cdf38cf043084658df9f5f7a0ad2e8f390df9584323dbf539582717cc7

SHA512
7715569f9a260f62c7b2b066262b682c139d21cd271d8a03c0aecc9a7831ff9eb749c52b499028cc9cb0a51f7283f328f5494c419c460e3368d23c773a90010a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
a22e5ff170e2363ca25d943cd7449b6d

SHA1
76ef67be9e66d200eb8dee25a3387628bfd44b99

SHA256
6fcd624c27061ab85a4f5f0200cad4a3c4eff4e1860d43a89e619be2d1f9332b

SHA512
f5f940bd85181be0452759f80eafc9837dee288e74f7f36c6104a1b8f937352fc97f0838c69f97048889146f324169543b7ebaaba93ffda77fb785779c3023b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
a820f787e8e95ac0a8bf26af09fb63ab

SHA1
26d1f3b38c9b958df8c5b8317b0b05fe501dd06f

SHA256
c58506e0751e275b60e85e9ae582736a0ba2eaab9570a0060bb30dcc8b621dd8

SHA512
4248ce50e759a3594537cc395502eeb91be85b0d274f42f27a4422b7a898d7e714ec154211ad40b47e811e662114f025c7bce82d77caf8dd66c376228444ceeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
0b79f90b430bbd1d747fd3c6424aa2c0

SHA1
e96287b261167a4362dc64f590734ccf90a96aaf

SHA256
3e7f3b920b4aa4e1a305b61c4e32e731df2742c76582b38049bb27a60a3255dc

SHA512
89b4c469a1080422cf50fd43d2ef40f3010ab1e26ef9fc2d84a3b4361a88bfc8066919161339b0609f41cbea53dddb04c48e627341cc3b921b198c1b5c9e4371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
ada5d6215cac275810b18098d6d89c0c

SHA1
e4a54527128469898ca58b68dfebb689cfb30751

SHA256
1247e522d7feb7c3c7867d2bc9a5cdc53b9f4b7c282e9fdcdda8d9901809a9bf

SHA512
afa3f3ea2d89163623d4e3439c33fd91e46c6cdb68858b813ed26afba9ee19de56ffb44f0fd03b1c89173acd750e80f851a1a70d3edb72dd67c18e0f3a4e36fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
ed8d1a63d759633da105257fa3b6532a

SHA1
b9d460fa4212f1cb4a08f479a1b30bc7ff46c9ea

SHA256
97920abc3353894384f66da0fce5041e8986fa9c57ade05e4ea2ad493291228b

SHA512
f4118acec7bed7231e9fb788110f49b8715447955331afa5de946599e9717af88038d798bd98da73b1e5a66ffd99922b53e7726e73a6bb0ea4b23a9a8abde504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5809bf.TMP

Filesize
537B

MD5
dc2b2120250905116aa5f76bc1e2bd6b

SHA1
7e2ec27f7fc6320cdca3a839bff5c116e3e3a42e

SHA256
f562c5197831b6bcf99c5f84059945ef969b3e5f8db464e53f8c06c3f3eca3fa

SHA512
8f7f5214c23b6f247f2e04a64eb5930f0e0476f9e43e50fc3f85afe177b38a8c939f3a5a37b38271841ffa1b7bfb9be45b4e83ba57621a615de7716d99141fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19975a648dcee550c060ba97acf863ba

SHA1
98340f2921f89b585e875808fbe059dc46fbd146

SHA256
713c15727e0925135692c8e0edcecb6117aed559a15b1817283190cf697ec746

SHA512
a61ef92e200bcc6dd2e2d7d4897b82d3acd00052273b87c747d7b8178425605ef996d7c6a5634515ece1bfc0c260d5cebb9bf6c3605b30d4650749270e6a7cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a73523d451af097fc6c89cc6c878b5d

SHA1
0a0ae5877d4d0c7c3bb7c048c49c291f954f5825

SHA256
f3c1505bc6192afba42280df72f1a03b0a917664fb0deb033cf706b512e19902

SHA512
0e5b842aec1e81f72fdaf4bbbfe72d4493e2c210a33e2ce7f5ff67412acbd22ee8b5c184a21dd36eac36d940715bd18cd58741cc55da83d8d6a91898e027a583

Download Submit