hxxps://www[.]dropbox[.]com/scl/fo/h76t48vd3pnl8b0431ihm/AO0YKfGwIw6EOs-i9F2KZHA?rlkey=qbeix4uva4zv704b4777mpzxm&st=907it0ec&dl=0

Resubmissions

26/04/2024, 10:04

240426-l378kaea31 1

26/04/2024, 10:01

240426-l2n4asdh8z 1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fo/h76t48vd3pnl8b0431ihm/AO0YKfGwIw6EOs-i9F2KZHA?rlkey=qbeix4uva4zv704b4777mpzxm&st=907it0ec&dl=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{CBECE142-FEDB-4994-AF83-3C150AF368D1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
2420	msedge.exe
2420	msedge.exe
1236	msedge.exe
1236	msedge.exe
2252	msedge.exe
4932	identity_helper.exe
4932	identity_helper.exe
5792	msedge.exe
5792	msedge.exe
5792	msedge.exe
5792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2120	2420	msedge.exe	84
PID 2420 wrote to memory of 2120	2420	msedge.exe	84
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3436	2420	msedge.exe	85
PID 2420 wrote to memory of 3092	2420	msedge.exe	86
PID 2420 wrote to memory of 3092	2420	msedge.exe	86
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87
PID 2420 wrote to memory of 3824	2420	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fo/h76t48vd3pnl8b0431ihm/AO0YKfGwIw6EOs-i9F2KZHA?rlkey=qbeix4uva4zv704b4777mpzxm&st=907it0ec&dl=0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffbd07546f8,0x7ffbd0754708,0x7ffbd0754718
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7816536112084115747,2344116617046148180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9969e6fa894311bae033b5a5386619ab

SHA1
4c39cac33225f318bf44c5d058b40420bf3eefb7

SHA256
4814dcf1939c98282db97fc7625953727cff8c5dcc2eb8685d3c73b30edcc367

SHA512
317404eeb9b4e85008a6345231e39a5c01983a38159221772a5490a50f5d7d6a00e21e680e97382250ee0ee0a6855d396bdce62a1925d57519536259224a6696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c6b36c569d3ced2887994ba4a2c34c92

SHA1
96bdf03f70add9c1a57a9da968a6f415580678fb

SHA256
77181e34958fec8bf18344f7ec213c22ce074b3cd84c4910e6316e750588173d

SHA512
3c086be60e5f2435c4160ba00f345011f24ceffa3b1c9450a973f473d534fcb7f0087efa8bf1245c741e1a19e5d25c0049c838ae49b90fa57c3ffbdf1e1f431a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
823B

MD5
312e8f5a460cb624b7095692dec63301

SHA1
3ea6e3b489061bbfb078ba994620ca17ae4f5f14

SHA256
2e82ef8292bf7efe1c6000da9c9265647e4c2a338677b30a4392942dee545daa

SHA512
a5f2be13a20a5dd43eeff3fbad29171775da0fd16cb763e9656bfe647cda8523a5cd9a53dcc8d26fed4be47bbb95c9abb70f37568b5821ecdfa44196ad5f542e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1017B

MD5
de35c5fb7ab6a216e87952b29df56549

SHA1
f50193c7974c52e6471a2b65dbf01e02dca024d8

SHA256
822287d36f6e9c7867b809e790eb173f7108e2cc026a9db730c43dad39ce8230

SHA512
a765c8fa54e2e94ffdeeac79bf6daead2c55db3fa58883c37270ed8a501782378c9b8122de8b0e67a8f172c0fb7664d5ad7bea7dfe7b055261deaa5322f42025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ade485463e94fb2aa775c070e3652a95

SHA1
2197d1b28cadfb9a6fd579306a0101e678e3ef2c

SHA256
668d8636ff3d4eb03f5e4251065c0795a3afdf2da69a2d6de5e861f42a30306a

SHA512
b01743e2aa77db3238db2bf36d6689dc1f2e44f8dfe1d51f6b8738e3bd3d3760f590c830ce23ceee4a297c8c4a7c9eff9aa4527b6e382619b1828facbb894505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cafbf44680b45f79c32b71a4797f8ca

SHA1
a54869c7d33882610dc802aacb341b076e5f1bd5

SHA256
78b545693dcaaa414a18b736b4f9a8dc429ff3fde1184c82dc02a76827613e47

SHA512
7d67f7e1a5d7e266e76e84fb86f6d77799ab715b6a445050ce218b9f6a36cc3662ad8a925095385a003efd1e3c155319481be04e075e0151fe158cfc5349b133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abb9861fac639e80f505b776eb57fbdf

SHA1
8a02335c2b333e13ad322b4edceb72e019c1524d

SHA256
2cf866dd2cba34037e51846cb2ad1e6fc5005440a04b691f0e2c3e063a0db2d9

SHA512
1b213ea1ae6f3d166d725b4c836a4e8100014a5e149d09ef9e628862e96dd59eab5be882b3ab126494c56bac5b0b0ec9f6907ab3001d78d18cb6e23197663afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
6b1c9a36462b70d5d1ae1cf31388bc0b

SHA1
7ce091dea789f96d760a1266222b574c38deeb6e

SHA256
ba9038f82e44c5b458184dcd2dcef21d5fc11a108d28939ab185af4c3b9e0b76

SHA512
0624520dc298944763c8a21093455e34db5f7dc7f9b54bb997142805661b06f0f6b2af514b879b27985b611fc10b82655f218e8a1a8a9b05e04c015a7d9d5a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
8d4e1878da93959f3f5b5acf2f772aa8

SHA1
2376ab542d35b3c826273b9873edbc8cc660ae00

SHA256
7c8e3db75c185438579f2bc4ed12c646988c8feedc795dc971a3c068d86700b9

SHA512
9802741100d1f9bc2eb57c49b4395865307bb2481c75b3b166bf6f610375adaa3ee8be3ea452e8b547025d4c0582b8dbfcf00248ef9c6ee119992723d82a5815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
352636b4ccc38834e1dac9111c07619d

SHA1
5ff5ee2141068eef06061360a057bcc73889e724

SHA256
bf368c5eb70a19afe3c0483e99eaa4a0a77184c7a1d49dd18f42acf00fdee816

SHA512
5ec5a6d3aed8c4dabad42cc5579a5c71e8ec8878e4f200ea19cdc8bd23ad9cf2deb3af577c32f61cdd9cca9636263876c8eee4f6b3250774da30cd369003d4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
ccb5c5418e132109da3cd06858a75d3e

SHA1
6d34dbe680c6abbcb9c6928fe6fc4a2ebb86d145

SHA256
515321a0b2ce57fa1750dc7ee674bfdd4f8b308ed83d407295ce3d83c3702485

SHA512
904b67d3a9d8b33df269fb099d3eca83e548d5d27c94bf851b81331ae84729e4044f40c40af6eae516d30f81ccd2ed1bb5e6d61a03e6c1cbe3e31452b9d048d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
8fcc5ce89d5cd2ef1c195fe8e920eef6

SHA1
54b39b75c4828ff5a0a72b47886e20353bff47ee

SHA256
334b148aab819502633aa57e721b8ff8971640cddd52f9d8fd0737725754a6f0

SHA512
e20085b8efdc974408a73751c2d962f7fd361c298b69c8caa63d1c177e2f97f7a694937d04a2f71a69eac43620ee67bba7152ca9680db5b2a9ffe5dd80955497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
54346d332fc622e04b519720615a6458

SHA1
09e64303b1966beb3f3b1ce9abcaf7e482891225

SHA256
e0362e9a143953db3499a3e8da4132c3ab01154f703b31383d19876c36382fdb

SHA512
767b02dbeca3f2deb46fed7cb6333b8a232ffa1b6264d877f78eaacb2ed4f461072063c24331cbc3f4f70da4fed9c299bcef5f00de223b0d2c5da7d45ce23596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b1a8274b66ac707eb1c3f0a4c34e4163

SHA1
8ca8d8d4ab69dfeb1ebad7ac77a115b2ee83a66d

SHA256
82a00a93cdc7192a1446e5f617b017b874292c6a198c4106eaaa04417be5045a

SHA512
43cb185fd4f3416f3899f877e2d6ab2db13c87aec207f88cf3503e2dce9af6a2c46cca496402637ab1e8e75633e6f406669b43f4314970639b023b861d8ce1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
d644b117bf8f8447582aef7ecacdd92c

SHA1
a5c059ab7c947a20779277f70022b6d6600a70b1

SHA256
2050e3ed92cb14a3ae5c1ee553f89c8ae5a4a9cfc964ebf336b3cdf857729214

SHA512
c708291faf02dc2e3293796fcc30932fe7cacd9badf83a011df1a5510f19b736d9d488411ccb0a948bbd59b8b79571ef864e57d2a55eb29ae9a474e2d9ea8829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
538efd7aa7b809956aa57af2d5ae9c1c

SHA1
135dfc9e8b93892185d9cbc5ab7b3fd09a74a5a8

SHA256
1729fe18d52d65e58dbb0deadaae127a7aa842a43acc907c5d3551dcfb7b500c

SHA512
419e15c8fbf49887202e84d5f3feff81c556548a265dd4e51a92f40e2347bf53c7b033bcad2996c5f74283eff2583c8302f3250cd9cca3fe5e89e15c047fa861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5782fb.TMP

Filesize
538B

MD5
a7789a17e057c0956609775f51740b24

SHA1
5ecff197281013d027e8df66198f40134d7df7f4

SHA256
21cbf14006112c44cedaf4c88cabdc0e554bd0ededf5035ab8db999eb66cf4bb

SHA512
af39833687c9a29a0e2e1a404947d7b0069faa8c30ea0a2e941cbcd6ee26b58d04debce7b92de2eac1469452f06e46fcb096e094eceaeffc8284a9b2081dd4bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b5a97cb1e3be03127f8b8aa86ff027df

SHA1
12f0b90d17f4bce90b868cbdee15a5bc590b90d9

SHA256
beeb43d2863e9ddb47e7fdebb7428874dff0a4bf563fe241d7019fc0f2f72d81

SHA512
cd9f5a8eb027cca9ed7f675172f643a32b8bba82d2ecf27bb99defabd0021d6f3d39aa91a5f855e30495ef51d81d219bd8c81abceab468f8ec5aa82f8f11496d

Download Submit