hxxps://www[.]dropbox[.]com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{E5B98149-DF56-4817-B8F0-DC5AFB6DB732}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
792	msedge.exe
792	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2484	msedge.exe
2484	msedge.exe
4460	identity_helper.exe
4460	identity_helper.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exe

pid	process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2988 wrote to memory of 4204	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4204	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4600	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 792	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 792	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe
PID 2988 wrote to memory of 4584	2988	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed2eb46f8,0x7ffed2eb4708,0x7ffed2eb4718
2⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 /prefetch:2
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
2⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
2⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5124 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4216 /prefetch:8
2⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
2⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
2⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5792 /prefetch:8
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2328,18003169192148510182,18274797037569364595,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3366850e-042c-49ee-93b3-d4bf5f7e3c86.tmp

Filesize
2KB

MD5
b99c1f4689213d480fb1fb22ceee2af1

SHA1
8c9dd5d7c1eff3293106cbcd607d131315a17802

SHA256
ad352782a22c2119cca76e3a393632777f25640500877cc6556755990ce6c1d3

SHA512
4575d5e1a7ac24d95b2b06a6fe5dbc0ada4305dd92ddbceead935a877067c858c8a11abcd49d9e14def343dd5485ff72eef4f57bea48d40f472a920c0e2d3762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
39KB

MD5
563b91f926ff578d17b2cf84044c4d7f

SHA1
5045ad72d147c7dfab15cfd1dd58f9f28c27aa5c

SHA256
3162ca72953a752c70dd9e01c1d2a478ecf8ef316045d47100397b6be59464a4

SHA512
438baea1ac63f494170a4bacc92aba246523d4390549229feff28fdae3d853d5df221fd6480e3f33e1c204a443ed4190b0dada9b03c67d35280974aee204aa41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5a3b00e742a56df5b29eede42575b87e

SHA1
54d2571da0985b610bc7e71e40d1772039ef1cb0

SHA256
d1dd92f8a2f63d7c0e8862aa6ce5a80c06dec43c9e176a036188418646f99beb

SHA512
f32036a02d58f2d316a0ad288a8ebed0b8e18e97417a551c312b399f034b495bd3d8f809669ad6c3e981eaf4f888aac896fcd65ee738a69830e1ce77d4335f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eeebadb56a7907407d853e332b773650

SHA1
331aea53fb8fe7f933f9a9a3ca6fcbf9053bc1c3

SHA256
4ee6ee941309fd4ce46f088aca49c9734fbe8280bc0ab58080f654b333804dc8

SHA512
ec2837da583c446104ce6ea3c40878b07093304299e5e3d42da7d2725cee48bfeed9de427ce752de7ca7d9ba153fa8863c9ceb92c44d7f381ffd116efd81b8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e071269993534917901a14f1f4d86c83

SHA1
fb7d2c5c93830f2e0ba2be2cef8632c77ccfdc42

SHA256
4b96fe8128e3868610c5dfc924f5db769b8de0d28695fe73035eae52721b0e4c

SHA512
349c8f8cda10a54fc9ee6574603eb0b27124d37ef7d931bb7de40300b19dc1e6acec3bd8eb71b4e1492ecc84e88430d83b52f702cac4711894aa2e850da9fd1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8a261e0482cb9fb39dde2ea63b5038a0

SHA1
30c8e349e4532c3d01a943d7e748d81ee093b624

SHA256
198e9fbc11bacc27a15523ad685c80db9df2b5fdc2a9c9815fdee94224a518e6

SHA512
3294f478c72c9a18306192fc26e98969e79ed1127fe3a44ebb15c94ea60851dc90255d75b2c6547a9fbc4ae8d7c832f896094c677c553802dd9085ee48f4f5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35ffeb0184138f01cf8a75d7bf18ca85

SHA1
a8f1e8e35f4da86268569480d46bc4775766a225

SHA256
f80c5dc0890cfb775029caa0a2e11e5036f1819e3426d98efcd9e4b95c7d58db

SHA512
7782f63f730092b8f4b73fe561ef8e72a008c62ddfeb05c535c56257bf5c5ee98fe5f2add4fde8e9c95f0d9a8f9451ee332b5aa2b9896778fac669cf660752ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e87f8128de1f1762e30c7f9a30ee65ab

SHA1
14f395705f1c367505ba723da621cde3b0c9d376

SHA256
678eda51feff8130914f28810e4a44dff3adb5eee111d134d1374b5c9a3c1d13

SHA512
932e054b5b535960bc9031eb794fb4f2138da61b6ff20d4bc3a07a0f9fb109fbcdd7d266f569ffe2d40dfe9830df8e728a1faed7c1355e50f38a797f7cbf6d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
3716435c1184bebd115a4368380710a1

SHA1
4d94e9bf8582763933091c0331879fdf8e12f994

SHA256
0718a86e0cc85d9cb967e9df9c661d0c8326bbec885c910ab2a7d44aed4329e0

SHA512
aa3d45d79520a116440706a0971405cdbe087abf2e74eac1cc2ac40608298978ebb892728e24b7a95fd04e02b6c407efb02ed7aeaa34f0744a7227dad9415386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
530B

MD5
8c6313b1b8d8b4b34348d356c3d57e2c

SHA1
d7662e51724ac4776801c2a186746cd0ab40534c

SHA256
58df5497a2fe19c92259937256dbf1fcd4b96ec17d8e9ed76ec46233a34a6e66

SHA512
4830f9f411dbfe51a6edf5041c9822699a5397031bd362e4d0681dbc13d8f5b18871a5958ff080d7fb2409bca288e2977c1a14c2810f5f8869062f69f579d9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
0c4c3da666ab7ee1f6344d142a5eed9b

SHA1
7f4454d7e10ef56eff56a32868a58540bae9cfcb

SHA256
900423bc2c34ff466b0f95730d03aadb0263ade2a536e1a48fcd6fb260fd12f2

SHA512
6edc415dc7459beabde010f152f134d174086d85df8292c453fc6f03ec6478eff54c43c75803a61a05b4f3911c205f96658b11459ebb1a00e61dab0e81c0a08a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
34a010c56c5491ed9017e0a3ea35c7d7

SHA1
79bf58bdc16680ae98951403b8987e4c3556c4a9

SHA256
69da4c3d12261f380cc127d7be9b0958e252a52bf7160297054007ece3736f1c

SHA512
6dcd7c835f3886c6379b307a930571b847416275cdae2e4b0113d1b8b9e0955fd0fa574ddf27090064f5451528305bde01d5660a3042c75755eba05399a779d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
35f8a7bbd161c78848dcc4989cd727bd

SHA1
97f763d65b43bbf68b961ed84d436a76e9b18bb7

SHA256
b060566c7d286d0ad5d14e54124737283c1c463b35529528d5c7ae257ee847ce

SHA512
c32ce244b4c287c81415c29c73f2d833d58b65bae0a8145f65980eb12e6aacff2a7bf837fb464ee0d5ef1bdc9af6e9da0acc331e16197b3e613a37fa693fe19c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
12e15eb41f69bf63b8aba56dd1146781

SHA1
f5874f25c7a0f8bef78c2d0b5e1da585c232d6ce

SHA256
7ffcdfc574563e66f5a5a898b658f6fa0915e1840e4847d595c7c4f93b59133f

SHA512
1fbfe5711ad7a8d1cdc8b9fa6f88e25a0e36ecf188a776608649bead3d6b32fbf4140ba95304b8e3321f93846cb561f42e6969b17efa1ea8eb9b652dd6861241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
effe006a097d729382f8d99a525ce572

SHA1
ba053b85346da14e139697e7ff96e725a28368d5

SHA256
6a7aac200bbf1da336ff0e84ad745386f2001c06781cb63bd38c17da4ad23331

SHA512
58093dfd20cc2f351e0c1366b97c939bc9a3b28098e6bad2c7983bea1d8a79e15af0d5c9316733195515afddb6bc43a967a110406617f6f11820e9e9604a481c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
530B

MD5
712e7c26769d36b07df1fb3186ea295e

SHA1
58a5d9d33117a04d086d2db6b5d3e90fb508884e

SHA256
f3e3e8478c8fa0ce2e478c1bfd0319956e2c92babdb8fb5b7777436025a9120c

SHA512
48cf4435a1bb64e6694031529b607998c0e1e49783f534c2a9a4efc151e910ebab05b90cababf8a534da2176a946c2b31469199b447dc5287ef63eff92057fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579858.TMP

Filesize
538B

MD5
46523fa0b5c42e860937dabb61b703a8

SHA1
c6a4d103340a9cf02719995444a419fcf5c3e8ab

SHA256
f45609e09f1cf0c632c8ac29f06421020fa1c02848dd97096b23681894ddb895

SHA512
48d06fd4e4afa27706674b7ea9ae61eadfe891895d59cb81017a359fa65b13ae7c0e57d1451e315bb1e3fa555dfbb16787238d544edc1a2e3a48d97925751f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af0123de6c93963b80ca6ab512049052

SHA1
34eb05f7c8b9d1ea7ad3de02a11aa5fa6eee4e12

SHA256
5eecfeb25f23ed3232c0665be070eef551b85722911dfce1eae1270c0aa175b6

SHA512
90532ef01c8bac32952756f95c53e87354f7e6269a5048a3a76d71c22a925cf3acc3bf239421ed7fdb82051396b9df33afb3b2705c5ee4cbc38290b7201e4e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc4a5eb3b5535e0772860facbd55f1ea

SHA1
218b35814f7a3ad57b6d106382b0dc55a9c5d65c

SHA256
052ba4952ecf620690e69a627d0def81694069ee1680518f4a49e9fe297d4cc5

SHA512
ccec0cca65f61fa99d897e4504bf1b8b3e3fc5877bce07ef666ea34f8c56f1c20cfaad49fae9e6894d804031514f6ab9dd9a229bbf84390f3457cff522b270db

Download Submit
\??\pipe\LOCAL\crashpad_2988_OPQIKLQZVDIXEIYJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit