hxxps://checkpoint[.]url-protection[.]com/v1/url?o=https%3A[//]djeholdingsdrive[.]sharepoint[.]com%3A443/%3Aw%3A/s/DPWorldDigitalSocial/EULyQmFntZZHruyjCKnYM54B1Ys17k-aNnihwmOo12f66g%3Femail%3DRaul[.]saca%2540dpworld[.]com%26e%3D4%253ap9Lc6m%26sharingv2%3Dtrue%26fromShare%3Dtrue%26at%3D9&g=ODMzYjM5NDNlY2FjODJlNg==&h=YmI3YmYyMzI1NjRlMDhhMjc4OTM4NzM2MzRhYTkxNjhiYTQxZmQ5NGIxYTI1NzY4Y2Q2MzBiN2JkNWYzZTM2Yw==&p=Y3AxZTpkcHdvcmxkOmM6bzo5MWZlOTVhNjY1OGE4MmM0ODE5Y2JjMmY0NmZkNDUwZDp2MTpoOlQ=

Analysis

max time kernel
157s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://checkpoint.url-protection.com/v1/url?o=https%3A//djeholdingsdrive.sharepoint.com%3A443/%3Aw%3A/s/DPWorldDigitalSocial/EULyQmFntZZHruyjCKnYM54B1Ys17k-aNnihwmOo12f66g%3Femail%3DRaul.saca%2540dpworld.com%26e%3D4%253ap9Lc6m%26sharingv2%3Dtrue%26fromShare%3Dtrue%26at%3D9&g=ODMzYjM5NDNlY2FjODJlNg==&h=YmI3YmYyMzI1NjRlMDhhMjc4OTM4NzM2MzRhYTkxNjhiYTQxZmQ5NGIxYTI1NzY4Y2Q2MzBiN2JkNWYzZTM2Yw==&p=Y3AxZTpkcHdvcmxkOmM6bzo5MWZlOTVhNjY1OGE4MmM0ODE5Y2JjMmY0NmZkNDUwZDp2MTpoOlQ=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
4020	msedge.exe
4020	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 2308	4020	msedge.exe	89
PID 4020 wrote to memory of 2308	4020	msedge.exe	89
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4448	4020	msedge.exe	90
PID 4020 wrote to memory of 4764	4020	msedge.exe	91
PID 4020 wrote to memory of 4764	4020	msedge.exe	91
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92
PID 4020 wrote to memory of 4032	4020	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://checkpoint.url-protection.com/v1/url?o=https%3A//djeholdingsdrive.sharepoint.com%3A443/%3Aw%3A/s/DPWorldDigitalSocial/EULyQmFntZZHruyjCKnYM54B1Ys17k-aNnihwmOo12f66g%3Femail%3DRaul.saca%2540dpworld.com%26e%3D4%253ap9Lc6m%26sharingv2%3Dtrue%26fromShare%3Dtrue%26at%3D9&g=ODMzYjM5NDNlY2FjODJlNg==&h=YmI3YmYyMzI1NjRlMDhhMjc4OTM4NzM2MzRhYTkxNjhiYTQxZmQ5NGIxYTI1NzY4Y2Q2MzBiN2JkNWYzZTM2Yw==&p=Y3AxZTpkcHdvcmxkOmM6bzo5MWZlOTVhNjY1OGE4MmM0ODE5Y2JjMmY0NmZkNDUwZDp2MTpoOlQ=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8c8c446f8,0x7ff8c8c44708,0x7ff8c8c44718
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1996 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16879893284506685526,14649701886194042194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
73705a6695387969b094fedff8442d67

SHA1
a74c953462579249bc6610cfa6db4bcc2b364ed7

SHA256
5f6047142e521cfff3f5eac2aa02db2b7265c1162071414eef8bded8c0f74817

SHA512
f011fa5f6d49efdff9293da39c04e33963d84b14427338372d92a8769f63326d2df5b89baa65572761920f2ddfcdc19b80742fcafeb2e5e2d3dac921f6d3cb70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c3dee6b2bce3330dc251e68d6984ab5a

SHA1
bcf74c3e73d2541e167339d47214cbf2153c1b2e

SHA256
212d2706d7ac6e2310ea0cecd629ac791947fedaba26d2739f4c036ac26438e9

SHA512
f1f7657e47b5a71570d11f17537f6ab3f8bebcac67fa9b3e92ffd6511bc3541d653b80c0616741d01e6a9dabb7ae25ee06ee9ea4f748122e8aea61d726085daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
452B

MD5
a627f74b77d21db31f5e64c450f6f36a

SHA1
9116e8533e971072c52a8ee68e093e7bdf9de288

SHA256
9e4a7d61a0b3aaee12728bcf3defb872f9e4dc7985443894b5928f7163ceefc8

SHA512
1eba1c0e281d74d738d626d7a7881a76532806157d233206b3b040fe698f483d61ef2d3c72891271ef66191d19ea1bbede56fa78662806ebc511cabbb4b1777b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
452B

MD5
1125b89c38a3aae65a002ce9ce57731e

SHA1
c6c61b05c6cbc92a776f5440a0a228e2dc0005ea

SHA256
6160c8c559f3e49eec5a8ccefa9543049698ba8941e388ea75137e6483937829

SHA512
207d0097a582981481ebe7327b96937fb8909d0078add5dba55c8153d040c93328d42e3a6eda5b8ab4ae34f4330d3a160c5d630baeeba88e5a4c72f978dc22ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce597c81e66d08bbda8ea96f5463a042

SHA1
bb1e807bec1998e0e4114a538769a0201127482f

SHA256
166e34bb3d1d2b3b6149e832c71fb9aac3ba19eaf1d7f73f1a0b14da751277e8

SHA512
b9eeea9056712c4a7ed3ad1d121373d39f476803cdd9ccd1e15d92affee1edf305c2e100497ff8cf3576baa97bbd0ae19fcdd283b8106f8f3f9359ec20e689dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adae644d744119424df7054955de3699

SHA1
ab88fa7152dd88b5390608143536091dcc07706c

SHA256
e8a01fb15da5716c31fe9fcddbe99fb7a171e7c7341bed0e1ac48f4d2a8e90fb

SHA512
6344634918848543c181b10a5fea7cb26b2c6bfca8cd3fb4f50b38671b4cd29613d44583b4aacc5d7a5c4eea3a3c64c299a4c72b63080680210073b46c47d0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db5e2a720be10f33064530fb4d11b589

SHA1
f207e34579ca9f964913ff2ea1af4e368ced0769

SHA256
1af5f2eeef0a360cd3336de19f2571db4146af93378cbbf1e90f8bf389089d9c

SHA512
8dc2cf1ce9edd199914e08f62c5953d0a64d0fb2d41caff9f825012e130948d9bec97812b803101738d91a90bb51667cd2212953b68ff0a33edbb7f8d71282a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f4a4cfba92f846acb80fe7106d2116b1

SHA1
8692fd5e63bbdfb22e9690f2c062ec665dbb21c6

SHA256
bc7d03627171d15528e3d9af386eac03fb265e91258c06a5cc2abcb63fc0cda8

SHA512
3f46a6cee98b189465159cdd523306aafd4dba3f069d7dde766e47a08a4627a10da3e18ec15da2fc518cb8b548d513ce1bc19856c7e42667d3fe95a06683266c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
264b7e0c9af81a2c4f8482eaac7563c9

SHA1
ab58c98200fe2b77ac34161d230d3bb52f1bf8c0

SHA256
7ae1180dd80d64387789ced7741e7597809a2d03db440cf2e000a6163434555c

SHA512
d0aac85ca27f6d256c551ec03664278deec8c39140b75c9606fb166facef9531408492db4c5c0e0c0c33dfc1b7d346ec249e892ce70637098142e2099c57e310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5925af.TMP

Filesize
371B

MD5
395ea5b5f026632ab488d731700ee7e0

SHA1
0bc5d3151eee2bc96c5f5169e39c971753247ce0

SHA256
a910e4a2ab521d101a58a75702486dc52e6f0ea2e6dcef5bd2641b581ebf06f1

SHA512
35d83c68f33b0cf09e104b61b4d5592b02e1d2c8aeccd20dcf109d1682a302287717568394aef2bf1b88344ccd9da32ed386feaca2c0e990a3dcabb7c282d050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fc51e08e-c250-4a62-8d80-b02fb2a9231e.tmp

Filesize
6KB

MD5
4ced4c0699a3e4a776bea3a56f3abb7b

SHA1
3c6a62d610c21e7b68862dbb11e6ce3eb1063df7

SHA256
f2440ed8890fd0ce9063facc4d614464c53053978837c76533466457a5acfcf4

SHA512
0e87fa296db5e9460d4ec4dd18a1cebe77b38910d972dc23f43246356f6777db376ee47accfd2086e51097c54782d81d362c600c80fe0a294fb10c382f239cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c8806986d51e5797d9aa9ea198a1d7fb

SHA1
828775ecb09658b1b9c024b9d07664685d3e7e92

SHA256
f49fc74f729065589a1ec851c165cfe654dc9ecc25b0e51188bae720e72f2451

SHA512
45164f1db45d20f01065954a7d8864bdab8518dc1641c232fcef4e4899d6765cfda002ea9ea5ed3b50a559457add36008f6bceddd82375f488e1b33639bc696a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
07aaf138b146f1b55cf98c5c63207cc9

SHA1
a57da5ff83a8f423afd835ea6fd5750c0d900e03

SHA256
ab0f3ad47f0eab209d708129d11e59bc7a3786154a7c708120432c439da40541

SHA512
f2e1dac42560eb55dfc547f0cab78df31b426715923ef93b9511f2d38c6cfc3abada6dd8bd525711df41febf681e24b77e5d36d36b4389870cac75d1e3b02ac8

Download Submit