hxxps://www[.]dropbox[.]com/scl/fo/qy2qk79x2gtuwswxjxcla/h?rlkey=9ophpx1zlqaopl8j3d53sf3wi&dl=0

Analysis

max time kernel
1785s
max time network
1686s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fo/qy2qk79x2gtuwswxjxcla/h?rlkey=9ophpx1zlqaopl8j3d53sf3wi&dl=0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	dropbox.com
21	dropbox.com
22	dropbox.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4616	msedge.exe
4616	msedge.exe
3816	msedge.exe
3816	msedge.exe
5068	identity_helper.exe
5068	identity_helper.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 2456	4616	msedge.exe	76
PID 4616 wrote to memory of 2456	4616	msedge.exe	76
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 2812	4616	msedge.exe	77
PID 4616 wrote to memory of 4876	4616	msedge.exe	78
PID 4616 wrote to memory of 4876	4616	msedge.exe	78
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79
PID 4616 wrote to memory of 3564	4616	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fo/qy2qk79x2gtuwswxjxcla/h?rlkey=9ophpx1zlqaopl8j3d53sf3wi&dl=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb8f63cb8,0x7ffeb8f63cc8,0x7ffeb8f63cd8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,14206231465345856360,11992584247608758401,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5224 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8768e6edceb13009812e682a86cfc59c

SHA1
74ec645349178fc7ca9870a2f05fd6b487525b54

SHA256
e8480f70714502229a231d1b0112a178a5b925f0ffdcff32e742a5312741c62b

SHA512
9758da7b675581645aa9a6c85a4e90a94b4bc24d8a52680c634d3b230ede13b18dcb3e2d83ae14d49b32c2772e664dd92b01f46c92c7e08aac710078e50250dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
690B

MD5
b4cc6b8009bcb0d80251d071bd8da377

SHA1
d7bde897d545b9d0f8b0a9cfb14d08208221bf4f

SHA256
0cc601dbbc1bb6d743aca7018b0cdae5e475ca2d08737d016a6bfdd768dbf100

SHA512
8e03614cab517582936cf993d27abc43a11f00f46459963bc91d7b5cf2487f8c879d64b404b97f54a89364f2b4a3ef679fea6adddd4ca77665fba0e9a94bd47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f01e07726ce0c60d2c1dea18f9e9416

SHA1
5c675b4750bb863f7eba8bdf40eb412ed75e0ee4

SHA256
a960859b0c96103e0d29d457fa3e374579620e19d292916b5aceb4c52316bd48

SHA512
0a0f5147170cad46881fe28752d72199371d3da025b54d1c7d713f1cfb89615425aa8f0aaf1fe2f6f1e18dd6c5899989482239d92f2f5bdf26ccc80adc8f92de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fc57f58390b9de845225a3985663499

SHA1
8ca37eed2ad627caea079a3d4bee3fde62f8a94d

SHA256
e5243efae1ad10c2eeb7790659679dd6d0280ca3248064149e2c964a43b86eea

SHA512
c3a7cc5da442ad486c48f64ff8992fdf4c06a96f241ba99a1f3414f0f7e7976f47322f971ccb70b0d060bb2c1df1b97f7445ebe0cebe6eb1ac211dec48945b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
23c3c32a056934468b422f43b9cbd3de

SHA1
8d47fbe8b5210f671c19501c65c6c42ee9f35f70

SHA256
8e794207d2135270f07054be77c99b0f8c9afc46904a388a41bf9c39cb97e2b7

SHA512
d380784b061d0f2ae1b5953169b0c99b996e22da68fd78728d35505fabaa2cb19a3929d677e3582acd7021d94313d46aae38bc7117d2cd79a7b920f500c844f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
556dc6f7408e7b4e11d83b5dda375744

SHA1
070bf61369b77386eab8012d0d240aae5e2087d6

SHA256
4825a5e6fe6434c89873a242ef6894daf1b5dc717382d99f35f39b837f7f5721

SHA512
21638307b70def787e47d71e1bed2dc2c7656261ea84c3aafed5008ea2aa8d3e145bbcb475c8309972954b0f0c45c63a031a2efc1720f4ed346174e9a16d2add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
203d5b52e2c6c9a040046d36b17248ea

SHA1
da09de5fdeabca5076c378433e3b775c628455e6

SHA256
fcb0622864c06bcf1ed99ccbf8e7c472602132894692a2315df4d4a56a640fce

SHA512
61a865a875a2fdc64aaa36b319a6388822029f921057f2ab2a99cee08c3f0ea77c3b5067e333d0146231e03f4a35c1a17b8f77e545ba63613c7f27d85f4bef41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
01545806f1d20591dbd7650e89d949a3

SHA1
f74bbf3cfda085316303d2029ba8c9c13ab946eb

SHA256
38332f544ed56f01db9799aba216da2883f0c92bc06b7d5bddfe69a86f5be041

SHA512
f2df263c4c8f0700f7e1a50bdb4aabde3d6c50b36a4f6bfda80ea8bb06dda0dcce7e461297f56ab7f231a951ff8330002907fd43eca795e124f9a87c7752bef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
23fde49b8c7185ccaca2dc15c8e0c1c3

SHA1
e9180ff45671ef69f7767477ef73ffb2e3c668e9

SHA256
3e33f67db7e77a6ef8af09c6ada671c7472f41598c07f6c24142e475a9700ea3

SHA512
cd54b9a95b939fc99777fbc3239d693a0a6a645600660609e2e38f210d26126a4d3c1699df84bae1cc3c3e2e5d1376a7d2357e34fb40dd5cbbc00c3157ccc316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
5869300e1e81d648ba93172fb0e83a8a

SHA1
ef34ff8778788c5abbe01ada6297bf5495575851

SHA256
4a5b34c9b5aa1a9a1acd089aae78960a4d05890b49ca9ca81313ccaab1f72e3f

SHA512
02f5289f31218f6d1405aca0547ed3181b97c26adc0cad6a1fa3368c81ed80205ef86a0f210ebf6727f5502623a9e59ae5c411db26074576e03eac989989f978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
3b287533ec9244ba513c3a3a1b737870

SHA1
858b4ca06ae44d373b43cd711d28e48bb61fde3c

SHA256
c3688f35882002bf14a651d87be3367f025322cad39c1ac91a9e3127e70fd64e

SHA512
7c47f1125b90df5f6e290e678639955084cb5aa4c6b350b49220b5bf45c77a2f46bcd2dfcba24cf1fa61bd9101e3cc06697d7e89b06f07e119f89257ac8ba343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
a36e94348f16477b3ac8eac8956811da

SHA1
fcd929348d0fa5f4ec205806f0263016eee9813f

SHA256
387f63503f4bd6a75a72f7025df324b9dfe88d1ea867b27c5bcacb44d5574756

SHA512
dbb4aa1fdcde7eaa4dff5d6b6b51c2a8ca374938b29e6539d7bded730d62549f44f349a0bedf336ff1cf2c99ebf67e7b5f6e77584c2585b7f37e51d70702b69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1d479ff5484e02f2b66c695e4f580178

SHA1
cf403001248aa15f9d62f76e631a90ea0c83ca05

SHA256
32611590242feb76684002e81c099d65a652123e23135f9eb8228a5570d5d250

SHA512
4b96a4c3d4f510ec528facc5b8ef6304fe755b7688bbb7a4990d93dd698ec71d8eaf08671831549a6cf8c33e995505115d3354dab4227ff7200536a3179f3082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
468fbe8a36d49b14dd97fe8e46580eec

SHA1
5bcf05de8687adcef1dba3b6d71b9ad312a3757a

SHA256
9be1ddf4797179bb34bda086d75c63a2095ff6777ee393cc89c2391cd8ae514b

SHA512
94aac86e03af1aa2ea353f216dec3a79151dc924e457b0cccd07328f215cbd6102e09c7851ae902146c7f386e10d7d01150818f37f0351b7a5f7dab0b3718588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
3e00c25d086d764a8142f50caf08fb33

SHA1
9e62a72e74265a528ab6df640f080607bd51b933

SHA256
a985e74130ee1336894c3e5df5a3f11cf710c2ac2873a49290a2463442416e9d

SHA512
27496336d7400e39948028785b8821501b528c09f338211e115f2d5417abab39a6d4bfa1b030d0ec9295c093d58ed952573d4f2c454797a93d0728aff86b8645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
e655a74a4306598d2dace4a6fee72ddc

SHA1
1c59f1aa46e5425e3ae28c381752fd52988bcd0d

SHA256
f6afa9d8110be6e41ca7bbb71120f180038fac71672a3e0e3acc102e48631d57

SHA512
461e2c98da3139520836b970ff525c470434abeb1b56d2e735a7d12e51987817d282fa63672f8dd8285b2faed712099a24999a85c6f98e6d73e03effa53bbd1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
a93e4583f714d5c85b74fd5cce66400b

SHA1
1cb5e0edbe49a68ef6c75647f0369fae394b8b17

SHA256
1ed1af1ab84ea063e0b6b690a664e7efdcdfa4bb00842335add91a2978a459a6

SHA512
c5de396cab81fb9d95a35d089a34f0e28dc55519fd22c08318fe01f87f4b213a83f8fd30f7ad3b6a09a0380b35bbc77d024a92e78cc1d64b2ecc26b3f312bf20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
6e6d8d5024120a51af2636bae1f71215

SHA1
f9526d6764fc04fac881d6ff130e8a99b2e155c8

SHA256
8582cee07feaaea8d109b5385d45a15f630ff9d91deaa850028e1270dbda1eab

SHA512
5afee3aab7dab3aaf90f50c3da37ce74a6e259f3234cd551da55db14c2d6b575fa3d4943d8bc8ec71e8ec1e49164ae6b85db52356c57c7434e001db10b797e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57abb1.TMP

Filesize
538B

MD5
ef7ebc47a5d7223835801eb5b4378ba7

SHA1
03f0bc3ecc619b5a59769eb710cdf8f9d80c0cf4

SHA256
1087e2b3ea9eff20b410cbf06b96adddc385fd7129552235313a6bec16bc6df1

SHA512
dd9dc02ca3821e7b018a8f480485c466aff2ede7fdf9fd96f5e833b4726fac2af2b2809cce8a707bdfb93346afae6575b905c7ae03bdf2c5ac0b54b065d77790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f3b2c154214bba424affb42a3573393e

SHA1
4e60f3643a614c03278f9ff972a99cc5d7b81717

SHA256
d2086f55fd0c32af51863d528e4ba21b9f1b73a80238480f4ba6967d0d4255b6

SHA512
7fc89ddba10dafd56814cdaa29bfcbf835fea2b4470f5d25d3b18aff7edf7561e1edff85bbf4c2c8d2b616f45440ee606c8efda74f7d38a29685080e00e7f96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
30b8aa5d9e2bc417e9bbdc03f9f3f497

SHA1
e4b3077a7a86b10406bb4fb4c7c83b23ee53de10

SHA256
bdb4e692baae0624937e1b947245b61af5456bceb410fc1ff8c17a9b4c14fe3f

SHA512
37e46b1e23b024e78b51dc24c22e9f672efc1c9461d84c627810526b8d47455f0a3e3fb5c2b8fe408b178fd66c0d592753f45e444d9ed3fe9203622d1ea95d0b

Download Submit
\??\pipe\LOCAL\crashpad_4616_RFBCFBBARSGMYESF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit