hxxps://www[.]dropbox[.]com/scl/fo/h76t48vd3pnl8b0431ihm/AO0YKfGwIw6EOs-i9F2KZHA?rlkey=qbeix4uva4zv704b4777mpzxm&st=907it0ec&dl=0

Resubmissions

26/04/2024, 10:04

240426-l378kaea31 1

26/04/2024, 10:01

240426-l2n4asdh8z 1

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fo/h76t48vd3pnl8b0431ihm/AO0YKfGwIw6EOs-i9F2KZHA?rlkey=qbeix4uva4zv704b4777mpzxm&st=907it0ec&dl=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{E8F2FDA8-1D23-4DE1-832B-017B042C2C3B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3956	msedge.exe
3956	msedge.exe
2396	msedge.exe
2396	msedge.exe
3980	msedge.exe
3884	identity_helper.exe
3884	identity_helper.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 4100	3956	msedge.exe	88
PID 3956 wrote to memory of 4100	3956	msedge.exe	88
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 2480	3956	msedge.exe	90
PID 3956 wrote to memory of 3084	3956	msedge.exe	91
PID 3956 wrote to memory of 3084	3956	msedge.exe	91
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92
PID 3956 wrote to memory of 2004	3956	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fo/h76t48vd3pnl8b0431ihm/AO0YKfGwIw6EOs-i9F2KZHA?rlkey=qbeix4uva4zv704b4777mpzxm&st=907it0ec&dl=0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9cca46f8,0x7ffd9cca4708,0x7ffd9cca4718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10478132758716721298,14073891943989980639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f38951143ede15b2f00d3352e458d47

SHA1
1130065985230474657d5f744e99312f22c69485

SHA256
3a559763ad1634ef40108700025a909cc76ca8c66d6c77f41a07e2ced4c9ff65

SHA512
5376e21235d1b828a0d04e35d26154a1e52db3fe02690fa272ba982da55b88bb0ab7473e6b2031fe8d19798abefec072e22542132b175912b31279cda6f15f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b533661b945a612876de1e58ce73d065

SHA1
d93286945efeb7f33b49f8e594cdb264884c827e

SHA256
e5480b47432d7b0ca972afe477fac49f5fc1e8e82aaeab6401de99045949bd65

SHA512
672bc0f694e763a8597eebcce7728716a09515ad17854fae58d1f8df8aefca152eaabfd637bbaf8acae8e7936309809525a9f058a990148964a58c831d96dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5cc8b5cb3e5e0ca0884d01bc14a007bd

SHA1
d8b73970bce799f710e5f5072aa879575a04402d

SHA256
731625f1bded04178a9bd1f351ccf6c9e4914b32a9f66ef8563056ca14a7e8c1

SHA512
97f248515a36b5569b5ac71ca3c33dd1cd3597e6343e7643ed3d59f44867952bd70e2655ef49399055ae472fc333165f92837e8b68528f981a45517815ab0af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1017B

MD5
3b97e251ce162dd96007aebc17f1653c

SHA1
e95a6591be075d9155b7380e72571a11712b795a

SHA256
a969e4de3c76d71488decad5455d2ff0bc204c205a3e878d16fdc3bd5461cbe7

SHA512
44ffd5221f8fc4d7ccbf3bebc3cf47b258cfb074e9a12f5382c8aa3c56a10a5690ebb9a20f4e519d762be1c759c27251b47511be7603215617ff8968a2f51821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18998559b3727af292de9e99bf5496e4

SHA1
783d5e3a51cc46ad810248bdb6972eb074a82f0c

SHA256
55387319191edc3659233010e00db51d0421450d01e852744a82cdb1cf871d3c

SHA512
bf580369d3834bd909a9df9cf051175868bba43baf3858549a7cc8a1a42a8285fce0f77937bd4bf5b3741b6c3fd6d04bbd502414cd7a7748e8ba277695d551ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32d6327236800b4b39fa4d9330dbe5f3

SHA1
87d7720f3a96e7674b820611c0d198251ab5bd29

SHA256
21f93375b579e93bec2acb8112520c0bfbf8e46be6d2614a8401d6886c51e17e

SHA512
131bffa0bfdc7c0bc7b4c79f15c2a122b7b26e0996b7b20fb19e63405ac1edfa96095e6a944f8b8914b651481a748edcf68335a19362c39ccc901b9a9fedf209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb6cf9c07a0778788c951eb340b95482

SHA1
499b88034424b58989f940594a4c4eabb08a67f6

SHA256
00887f368ed55e73df514076d4924c80272d161fcf0d106130ef220ca1a4671f

SHA512
5b422c41e70487a1fbdc5f5a16d8fe5b236bb273b5be594283927fd94106df58a4a270d0dae4b24af31b37ba0967d2a26bc4a68ff75daf0681c3ef75803acfde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7dc872cbc1f41b630501b615a9bfbe32

SHA1
c3dab5abb4a5189d3a59e8918114e17f46232f73

SHA256
f2494573eab7203d014ba3f9931adb11a694c83c4a4191a8ac70b7f31266e30d

SHA512
7457132c41bf7e11445f38499b1884f39041eb87ccedac1512a178d86cf672808aa87012fcf15194b81332415e322ba47c54bc990139f56832931e688be42bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
024020b95fda90d751982386357cca2e

SHA1
9fe42a1a4151d6fdc2fc3eb5fc0c6f0897b6b74d

SHA256
35b901c66d8fe7facd937b1ddcdd9fde80cbf07f29ec9dc43ee0132e29045420

SHA512
61b689962e4ff961d75a1d52b299751efc33134d07c67c205eb75a2d0c3cdee0aa7346366be5dee39b0b0cd09191bf1118f42363519176006272baaa7a2ed5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
7bc13e785b75c14509f06f5c6032f0bc

SHA1
e0bbe46fa3e8b8238852d51ec74a1ff05164e6e1

SHA256
99f75de0ffa34e3b88e45806a0e029fce7498114ff7c0b094b3579f0ecf280c2

SHA512
f8a6621a2bbb4102e63c8d659f7c18c7ff1c90e22c97f99ced1df9a1134b0b97326f385d674d99fcc448025d6e0afa4ba849ef3d4f3f10ceac7534b576722b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
03db8a92c608de54857cad35e2a666ce

SHA1
d0a2d28a81e925bd8f2c2d88ba40bea516af91a7

SHA256
bbeefddce1bd4619346f1e5cb7b52baaea77bc06839f9d4d479f7257e631d686

SHA512
68afff1037070eb3f1f49e075c7ad83268c4e502dffa4486fe29cac2d81cf5365f6e0971d99a26bc9ba3ac47dda37a3d9db0dec51d40f138a7305928997190ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
0400fc14f20f5a6457137090412ef672

SHA1
ca79a577dba31b08445e68b4e59d7aa160434afb

SHA256
dbfd0fa693f5c6af1889d27e75afce3312a9e9119e3354b6719b8f91db45d8b3

SHA512
bc06ec0386960b62762230606d614bb1f4fc2f4050ddec1284f2e2fc02edb43194593a6844943dee8dc3bbcf5e6fd24ba8a70d45b342b53f82383e33ba443a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d88a8d99c50c6fc114f47db4e36be259

SHA1
320e0d30013df70cf25993214aad4bafa238501d

SHA256
f05756cab9360b414c03eb1115f08cfdf4f66f0417a7e7e42a0c1d2cc92bba89

SHA512
06b47b81deec75b6be88cfe03f920fcdb4865cac3518350ff300ee3c8888ab0a838da493c9c93d36e437142b8763ccefff790b2480459015e11c42543c5c188c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a99b099bf5f688fc5af5eb9d73012083

SHA1
09b2008afa9b9f5da29ab64f4162e4ace6f651c4

SHA256
f8c7a0aeb8a63f499cf6b800226b287ad4083c2da73fcf763d0d42d5cca89352

SHA512
3da875805a94e714ca9cc4d0ea76486b64f6fd5a91e31a077941d0f544217e7d2ee0b5325280e25892fd0fc4d9349686370f3a04c61a5da1d6cd0321aebe3b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
9d95709726674a39c2fb1462e190bdae

SHA1
518f5c26bf4bf92ce98af3aa99274a3911ce7505

SHA256
f8f5b150035df81a542c6fd26cff288de6f83e7197ed22ff50efb574bcd71dea

SHA512
92419bbb7b28d8ce6bf114a9a5957f2afb9158c731ca4e654ae066de2d11ffcf801676616e187eed412ede3570dfb67dc6880550472c958fb33b1d98c01a526b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f6f59cc41c1937e546a8ad62b0cfe449

SHA1
99c46a351a0cfd7ea4d6b387257e927a7cc0702a

SHA256
11bf27a62e91cf09697a986d981ec51fedbdc9756597f671923ec55aa5fb424f

SHA512
11e103965465eb808b3665ae7677c07f09881d81ca268513a7442c9c90a7a61e422b5ce26181cac7fc580358ae6955692e7c3e4c5e1686a6746eb5d2ced7f0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588b82.TMP

Filesize
538B

MD5
914a81c87d9a20e7365dcfed3f1e1478

SHA1
a76d27b081cf349b26fadef35bc4e67dddad41d8

SHA256
0eee2e9b1c9278be046aead00f6b80a5f491a77919311d6c694cfd911ac4a59b

SHA512
fc3edabc306f1eb00cefcd46292cadd9286365221289e731238d5200219dbcf08ce2223c9e7a1d525da5df2641303116b1f1138624ce43841a6c066e3a4f25d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
5d768873b006eb1b6f1b5748ee709d33

SHA1
af9467f8d022c26f4bb8b88d302eb478f6e17aec

SHA256
91621cb8bd31c8579f8ba2c31f29581a1535d1af4a334b91043b2d5deae8c99f

SHA512
57bc60a0322be7f782ed08d7bd14e0d357f22f2708eb1f75e71037f6bda549aa301f1dcfbde6a6e70c1ecdaffa598412a9027de0eee51e8ec13b80b10794d8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
da9cae3a874d66c94887405fd854ffb5

SHA1
49bbcf28f9ec6aa6979f11229b329532a067f3ab

SHA256
dc763276c561de2e328b06342d9e9502730be78e4b2c87aa532dff8f4503e38d

SHA512
684816f5c5937599ea291f74b70c3cbd46f745bd8d38100997a02ee476a94b3540035bf1b47fcc7cccc12275b1eedbfac66a0b9535a76e5688c7ac7cc7f48d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
5291ec8ff26e8c5548ff2cfad60bb3c7

SHA1
fe7644cbf4a0ddb30b6cb7585f37d6fd7156664d

SHA256
ab41ba355e2e8834f782470a5705c2f097ae605ec4e17d6dde7e12307cfca52b

SHA512
d5341b9bd49c07e0a12771e0a22a8ce4cb392557e4a3591041cfb3ba9af14a36db8c0385462cb631408f59fc4bac812ff1b2d073c9766ead1e259154468c6bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
5KB

MD5
5f633e299c7942dd0008aea4ac8df02a

SHA1
8f241a92bff5abfa2d448d7da05c3f6cd5cf0c30

SHA256
279f30b96552382416bc6205fd520571b33a005781356654e63382bc5a558bff

SHA512
96285cc53d167182bd51d3d6557039cb94d996194a72da33019a2beb0aaa004b19eabf870a22f0615cc7a013eacda7855b8593013cd59d1858cc736434fe3ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
da72e6998f89088d4022dcd5b1b7e43d

SHA1
4f0c964daa125cfb58fd04a6f827a7a10c7655f6

SHA256
7d01371bcc40943c96b86e71d982179e4588ddceff52639f479fab571fdcd6d8

SHA512
9055aea5f0ea0e2fcf1b22c0ff9375673d08a1852c87f63fc9c94757ddf00c4ebbdb271bf5da2ec790b60034866b1606733aef02bc852fa7da30b11502281bd8

Download Submit