hxxps://www[.]dropbox[.]com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{303D5519-92F7-489B-A910-3FB3FF991578}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1856	msedge.exe
1856	msedge.exe
1100	msedge.exe
1100	msedge.exe
3148	msedge.exe
3148	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1100 msedge.exe
1100 msedge.exe
1100 msedge.exe
1100 msedge.exe
1100 msedge.exe
1100 msedge.exe
1100 msedge.exe
1100 msedge.exe
1100 msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

msedge.exe

pid	process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1100 wrote to memory of 1436	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 1436	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 784	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 1856	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 1856	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe
PID 1100 wrote to memory of 5040	1100	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8232446f8,0x7ff823244708,0x7ff823244718
2⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
2⤵
PID:784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4868 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4836 /prefetch:8
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
2⤵
PID:1080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
2⤵
PID:936

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
2⤵
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
2⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
2⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,11184244400067391762,2740637848538098858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
21d6b0b1a76b4d864fb2a5249a226b0a

SHA1
ad9edf255882aa4a6d4eb23c2de3a4efca64cb96

SHA256
67abd944c53e0c40763288617583bbf9d257d56a5a79de84489cf896338e6954

SHA512
9aba061ebd5cd99a25fbb29a82a963b4d88c7531eecaf0906ce8fa8b5bd339172e55171865eacade3a8f4651eaa3a37c8abd7fc8b13392603deb06b58a880da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01db7f7c0387132f8bc8334ceb90fe94

SHA1
e40d258455bf89d00bcc97e31e5a4884b36db9f5

SHA256
42390755dd7c051f6ef705892a9dac12c8dd6b84cc20da4abd5774642a52d31f

SHA512
d7f91c2e8053600167ba83594c7143d88f68d262ae369f48ab31460d853b11767406f9789e7e11507de88a39ed7f4e14a68fcca81160cf7f36973eb9af59008d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1f1b708715603773b548cff76ef320a8

SHA1
d8b7c89780132835179698429321ba2a1e185945

SHA256
7355e5446a2490329408e8a9f337a70e5d041fd04eefcce40e8002aa6fd77515

SHA512
2df631f5f205f13d5fa3fe390140bfaaae4e687d2ddda599d13654ba82c8a0008f06749d7dcc57870bfc3fee4f1d35bc68e35b8a4fe17810d0fd82765b0d037c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a957cee53eb65faddc1ee6285dd7cb68

SHA1
6036ccdd052cd2062ec582eb216aef1eca44007c

SHA256
caf7cbfe60b46a879984d98d741458332b3962d710bee44682a9255d86f6bb88

SHA512
941e0522780d94ca3a7f2e8f14c540aac43731fcb5a09dbae15f76fe01a0a36475c08597d4b0d7c229dcb4c65bf37601dce88c06d16f2987f6c4cfb235ef1787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2248f75c67fc63289d6b8bb955182e6c

SHA1
49642336c23734e8da67b6bc4afafdedcebea66b

SHA256
a7e7ddcfef0fc0f57a05b99d3bd35cbc6ace3c00d38fcc80d753124733c23838

SHA512
702b6622e8e152b61691cb073a10b1c97e22166e337707a96f9242356a28aa411b2447045c846b42e46d5c52c5099d9ca5b949c34d67c62835a5e80fbce89734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e9d4024127f5c433c071d3317fecdc3

SHA1
5aa7c3fb0aae1fabbb804fa5e298cb63b1e1261d

SHA256
791b234c00c2647ddde941672ffae6048a3e486754415972ad0b6980d7d2cd8c

SHA512
d1677b71f5a222d328c2f7519c86460a194e0cb66672725077a75c47a2a81ec6cc6f18eddbb8cb88ec198aa7453244245974e0ef022aef63362367ce6187630d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cfa3fee5be1eafd1ac789d308d1948b2

SHA1
4d17e840c8bc334adde99a00f93f661e39a8bdea

SHA256
9113add43037f7f8e766fccca114f7d7d4dbcfacf6689f52ccfd0ac6402dbbcf

SHA512
f66856a490441dc516bf5cc0f7126fad0a4680f744368b6a35a953f4c990f43c3ad9f307a476058dc87b2f52d5ed6b12518172b2d211642ede27d513a3c79eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a7c50d8846a020ed5999a647da1b891

SHA1
f23bbff6483ab8471e99401b64281d904436c6c6

SHA256
6425719e199eb07ede553f34cf3d1493b28c8def82b9fadbb7f56dcceb2c2bbd

SHA512
6819cfcf5d080d74151fb510dcf03d70509c6b36e499f01769ce45e07cb75487a44ca8c35a19ef401511923a7af7cebeb48fc781a10d48818ebe80ec51d98376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
903cf709536aa52dfe77755cff392270

SHA1
ba357d69f8a597f0b7c41e68ab044d2ff5615db3

SHA256
765b04bc75a606c1247d70a2730a6d73d41977176bb16611b473ed89f16c727e

SHA512
87a44c01639e9bc1c15453343f2e74440f86d91611e50296b6ea44e040b6618f1ea0aa43f7b86c7315e2a478185f3cbccf3087fb1e12f137f593ae91f248c094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4951b6d32d2f822c2a9d0480b6558a0e

SHA1
166e5240e83f10b5d7984e4c02b85e06a36681c0

SHA256
669692f16a8840cc29e88c919642c3784655ec719bfffea6d6d15bb76dfd9213

SHA512
65d91747a6b3941d084e3656a1c09993b2dcb9c2fa3496e27803ed2a2d7be00d3df8d01a9c1006484628502091ab8e90547ed038da2115ab5f83fe3c76a9b58d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99625f43e24916bf0fd5200f869c12ab

SHA1
e64b1815f7d9d2aa6d0948cb9ade9c6304dc9647

SHA256
8dd964e0e0e520d1a30137e582f50a6e62bb6e2535b27d9ca6363e75ff42efc4

SHA512
f9a441927ad7713775fe017154adfbcf6906a1737dbd6272c394d70c4d7b05734a5e8a957abef0561e2b512021c66ab0cf37bd68272b7fe5c780f67a85c37ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
ba13fcd48ab20483e780bc27686a697a

SHA1
1c75e625d2518e62a756a460c2d6c7b094c8e920

SHA256
a3077405f0432f8f71cf2099ddd30078ff3f3f9d3e8ed23e1fea001a621fc83d

SHA512
78b5386ef54922ab858fbaeacbad48092501e8fff0e117c949b1b065ed481d893021ce6a84fcc91b19f5452d6095d9e2cf7b7a55a8dd3edc554a5041442f1fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
060ba8928718a12825327b727b83de11

SHA1
36dcbece864ea79463d9cb76b2737c7bca491334

SHA256
2fa2db371c5b6d5160bee4b0ce67a174241d827b3f96305edea6caa4cb38a72f

SHA512
19c5cc6654cb814219325bc6df85fde4947c9e35b189aaf0e65f3627c80c8eb1e7a9abb48ef9916952193b451f22965d4f4012b6b54fcb9ec0fe9474b1db8842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
2a82fc1183d519c55c573ac7f20d95fe

SHA1
6bde49a4649fa6d13407c53bbac1907043d83a65

SHA256
c18ef5f5c0b5135bd1fe441102a8c92816d2c861d451866ce65a111ccfa9af1a

SHA512
f1f6344576af23156eb545f0bd88172e079df42bf0c86e3d5792d33b492a05ed9c21b2ac6db0f0420e898015d0345e7f4a5929189c80a8cf65a3f6de18fdc892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
ff55b6b2c9e6d604f5ea3610b0a35055

SHA1
0a7b9987fd9149fe75f005900a7efd998d631d31

SHA256
b31561105b1007dac067f42a622b9dde0bdbd3fba7e4408eba8d9668ad13438c

SHA512
07473967b9f15626bf56e46f12eee456b5f2325bd7a94d618fca46b55207489216cd284821f55d0b616f7e9145f6d6184bd1aea658b4b6d51b5df8b7047a0acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
781f1aabe513c4c2747abdfc33e35035

SHA1
8b162b433e1061350b19efec06dbccb9491d4c09

SHA256
8d32f91d0fb0c5fda9ddfc1fdc0ff273e72d5ac23e8f9f4a1567380aee492e01

SHA512
b95bad78a961d6eccfe935b12a55b5d2f7a0f25e953f74558a8acbd21c822f0e1c8e36d5377e38fbc2e0dbda9ccd9287383dc1932efd9a35582d0c99594291e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
a7a83c2e9dd3f2218b3b826bc0c679e6

SHA1
1e040eb830ce3b90d22e09e09950008159e682e9

SHA256
f21036c81e49072e78bc5ed616d7441580108e6d49d4eaba072ce3e623245523

SHA512
1aa6ba1f16ae46857f1bb769a2b508e9bb014457033b8bd699174d7a77af46218030b4a9bcfe40446a90d97d58d555ff63ba170ee53a87b7bf7bd8fff2479a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f7706ccd4334c5c76567b2d0d7cf4537

SHA1
93f71c426eea36da8572c6bc016b3edf9f510527

SHA256
52e657bd7b76949da014d5041fa3f80df98afa8477654cd3299be71d34508ffa

SHA512
d990285f1117ac8d9f0bc1eb035f001dac8088394d91525b680ded425da99a4e0fe75043a1f3dbe130949c623d4eced876c2d5e873ac5c1075f4d42083688a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8d30f3b1e8fa1c0ca71958117bb46fcb

SHA1
6be27dedf434bb46a65506ff53390e6de6cea115

SHA256
94909267aa21a04183b421c1df817fe05f312ed229a952c4c49c815bcf284de5

SHA512
e9f3e88a57dc6093c231f53113e70a093e79962c1053c79e3ba5101c09c5fccfab066e6b386c458b0c40224737670327eb4b863feecd23a50319ec86bd7ea639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8019f72bbb1f4d466cb7d72dc6d2545d

SHA1
8e0ea46f7983d51ce8da46bb26343d368ef52a52

SHA256
55b6c60c54539a057bcd072f98f32e60a79fe5ac28f00ed1869b2854567f70b9

SHA512
3fbe5dc688e33715052d421d16b4f64bdbbed8c5cbcfdadf4b1f76467884c80d29a25008d8197ed9b61c3663beaf09eff3c82bdc9ccad44447bea3fbea874b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
654ef4bc5ac71939b57a75c7246bd35c

SHA1
5ea1976d0cd82d9c02ba6e2c07a0adccc8429b96

SHA256
f1f4c095d53d060b97d8367afae9c3cc6520ff2fee44d18b7900a8a3fc6c109d

SHA512
4d6f2859ae9cde3367e17599366ce895cace2cf602b2962da4a97c4a996ce73b45af6d140a85a39f920e6c9b6d1fdaeb9d8e777c6c7efa21430d4f5396ee2c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a587.TMP

Filesize
371B

MD5
d11f35d4f1653e5a47d892af6307daeb

SHA1
b7908e584d6ca468c179a51196a21bba73696f66

SHA256
f1e65c04ff08473d42bc3b1df5efb29b9ffacc92bb570c457cf37cc1c8314850

SHA512
e017657291a91726428609e938f00d4147ae846705ac66f829ec1ec1bb4963c0bc507e624131edac9e46cfc7d850f5867cfaba4f568c30f422d85923bb9a2d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d12d6cb7820b19852144dbb646a3213

SHA1
59ecc957f2bcebd552cc61b7fe1a576bc832deb7

SHA256
39886df293b8d5a32723c31865a123041641805069ba4578b4886995220f6b7a

SHA512
149df35370b3ff93be79fdf5fd38493147517b5d4c4244893d8bc435c3d45eb59c1764a41f40c026d06b9c8d1bab062b0583e1ac8c26b9a6be3cd656186f7028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c66c8d74d858f9c02810366607ba63a6

SHA1
762828a96ce283f135b46a2ac8ece5a92b15f394

SHA256
1c4166c011ff2180c3279e2ba450c2a570b1c0d87f9277594ff2908d5f145b73

SHA512
3a1f226572197cefbe8fe234c97373df5465ad3086c1f6ccd85252a6dd6ddf8008b3e94a88a67575f27b41b6d22c8fdf036e3605c48504fad2dfef8aa9672823

Download Submit
\??\pipe\LOCAL\crashpad_1100_BSUKOSEERMJVKKXO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit