hxxps://www[.]dropbox[.]com/l/AABmaECC6LYsZtpAsPdQeAnFl72O_QJNQXc

Analysis

max time kernel
1787s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/AABmaECC6LYsZtpAsPdQeAnFl72O_QJNQXc

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

26 dropbox.com
27 dropbox.com
28 dropbox.com

flow	ioc
26	dropbox.com
27	dropbox.com
28	dropbox.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3500	msedge.exe
3500	msedge.exe
2188	msedge.exe
2188	msedge.exe
456	identity_helper.exe
456	identity_helper.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2188 msedge.exe
2188 msedge.exe
2188 msedge.exe
2188 msedge.exe
2188 msedge.exe
2188 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2188 wrote to memory of 1288	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1288	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2796	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 3500	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 3500	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2168	2188	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/AABmaECC6LYsZtpAsPdQeAnFl72O_QJNQXc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa597346f8,0x7ffa59734708,0x7ffa59734718
2⤵
PID:1288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
2⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
2⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
2⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
2⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
2⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
2⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
2⤵
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10453223051959142292,4793603350210580328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5571a97b-64aa-4f29-b0c5-c1f83492e4e2.tmp
Filesize
5KB

MD5
237973d47c2813c5ae5516752edd388c

SHA1
c99c261ff1adeabd63f57e6e0c6d99998208feda

SHA256
31efd25c486df76e574509618c3f35bcd3b279b913866c0a1a861490ab8c21e8

SHA512
cefc2cf6e40f4a9ddacd5e08d78f29789b4cc74c68f75022e33ac48cd990cba5201470f9419026271fdd73b088b70d64382a2cae9b0ef329a85aa7a9b10660a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
1d752351b19a5a62283d3eca208cf6a8

SHA1
fb04dfcf54085ef8ae9db6e0cee1f9d926d05eac

SHA256
ddcf8511c7603479f0a463b33af6cdd0fffd7aedd6ad3600b0a81b8892481500

SHA512
d42b09578b12891077c3da07d0f5ed3f1b5911766e9c60acc23febf4fe1951304eca9f28b29af29c03e7d3319101fca47018d6a46f85dd182fd893383f8fe197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
414B

MD5
1ad9ca0e59757878650badf851be637d

SHA1
d3187ea4d95fe64e1d55779dba2c7a751f2dedd8

SHA256
2cba9c3dda8f0ecfa770ee4b750aea51614070cf9a635216c84a620983142dc3

SHA512
61533bf249753864a50ff1472fabe04e56034f287adf928c3a5307c07c40e140416fc6e933e7858062289f523c4b9994ac2e4bd2acc356668e63c5e75fd0fd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1380306ec5907493dfdb88ef8ff53466

SHA1
fab9108b1cb9911e494c0bc3276926d6314e28ba

SHA256
b95ddb45dd1529db1bb8e0df33ff5e79b452fdba403ac82d61076c5e97acb5d0

SHA512
19895f47d67099ca79c42c81e22bb981273125646f5df6dca703083cb953ac60d0ec3a7eb851e3850baebfc8d01f32567a5a43fd1947a8230a37b579e85b0ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
b173a68eb810f68dc5e573a8c2534f89

SHA1
86690851b0d2ff408fed0f6933c18587aefcd8b9

SHA256
cb14edbe92cb440627d5686152b120c09b823ead15bd3e6c8939ce3b1f5eaeaf

SHA512
4bdefee3b067b4ffccb23f63668a4220556e819c71e51a59b871514381ea95307254dcae05bb9e772411cbbb600274b633c67760456102b5dd2229ee3a379e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
66ed86d3c6725433121da76bb70aab02

SHA1
6ba3c1936163090b46a7fcb6a1c867b57d64bcc9

SHA256
15de43be73bba046afa2c2f2fbf4425bf37a46003e1f02dcc991782fb9f8a9b3

SHA512
a3b984f0a4cb9bfd00b1faf6fc2a1dba67ea039f8a2947d0dac98fe65c302139d0893b5e887337294f778559f98915bcef7e6ce7af232f86c7ca3f971a0ece1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
7ab4d8764e0917df5879246c6c02a8f6

SHA1
9c0c6f226beceb1b90067e5fb377176dbe64811e

SHA256
ceafbaa3a765084c1f08143871a971d32865924d63a39b17d0627c49efa7285c

SHA512
c526e3e5fbc4ba96473c07f5926fa82dd6dd35a5c57ca21b584dad4dafe93521dd904a633605a37a531e8e961e4cf255be2409d166306ef495d66e5ba0c54e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
c6cb57dfc4f9c999f5caaa6756071cab

SHA1
9171fbd009e5928e211b6020102ca6d6591fccc9

SHA256
5bf82247c1969d83b741561b157a077abd56991bfbf7f0183bea0285d78b5e01

SHA512
a8b896cbfe5e92ec7e1c61b2ec48599cbe3cfee64f0c5c4b3912d77784efde2c47fc9e52000559e242cca329b2ffffa31224ad8770ad2f88bffbb07a00326728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
86d361bc50ea4d842e43f9460c85cb61

SHA1
016e866530f3378ef1c63b3b0ead1b8e560e7ee1

SHA256
83be52c39b41edc53780ccf6a95c2a540ebda4d27e9d51b2a304f31ec322c5b6

SHA512
ab750e41ef7c3ce279f08d29dbb356a423a5de42effb72fe17f1bd681add13438849898ab6ae5613783b5da367a621ccfa32b2f3adce769967282cea649821a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
75351b5f422414b7d83724ef95ea4390

SHA1
3e94d272def619a1ca1342307f47770255b45121

SHA256
99b8d31c444bf1afc9e4f7570f620feba58b1428498c6ad7c6d82486b59178b9

SHA512
008b226272c841dff02087a74f20cea1f9980b1e1db23a3cc6a466da65b5e0e89cde7430bdf05626d50c06d9df6b6cb93fb2c26e870f9be506b8c911ef41b8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
5c72175e44899c911890943414eb2ebc

SHA1
bd687575b7fed11fcc21b0a6dc815848755753ca

SHA256
91c631669e1d00482161c0afd295d52c4dcaa7fc737335cc1da078a77c7bb2e7

SHA512
699a01acafc23a27a0e26cc3b6b462bb2dbca394318894b7fe2534b904f786dbe550b0db0c1a569be2791a569f332f7a8b0047d5be2190fb24f86b9b18df93e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
ba3e027043f5a8bcbb62599652296f2d

SHA1
6b3c348a3d97bb3d6c0c5cbccb12ec1d450860f2

SHA256
7e44b0e59373cb4c79aa2c4bd47ee1cfebf9a59ebbfc232152198f69db9ffe3d

SHA512
24c8bd8b91976b7448573a8e654f174c6328ced3a7f0288e1ff38a958810bbcecfecd19d988e8054f71720e8bc8825c7d54e8258761b9b826cafd3b774c672c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
a21639127ab95072382f1dcbe97f16ac

SHA1
1d5f3008b8baf903ce2bb0dedaf12dd38f040607

SHA256
0c87d166b2c80175d990bd9cc586506817ac5f49757b21c97a704a7cba40c9f0

SHA512
bdf1266963f1b662b6823c399c3f4ebe4bd8c06528301e91bf135591fbf442b23e6a2de8cef01f35318bb88ed51b8c66c0cb87fa43c44db90515616f454831e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
1881be6d3981de33077fec1281820b1d

SHA1
eb242c3da15efa47b153cad1c6b0a530c5188bd6

SHA256
ea6a6a91c1fcebaf746007b05dbd2113847bbb74dd520163483c7fb07fd4f2e2

SHA512
f4423b3ef92756bf4a221ce7695abd620f01ba09e03184185d7d0b0d0ec66018ab206e6c22c53288b0221d0a3c0f4269b738937ec5fdc223c61f9e4f76980c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
b8bc5870d93636f03f6ad605c6ac6a20

SHA1
434c96ffa824ca33f099135cecd1edbe39777bd2

SHA256
23db32e60ef7b876113e1d56e0274c10ae235ccc51531d48804d167ca4d32dae

SHA512
d52b3983f12178c3d4cc1f361564709632482b9fcc74d258f0225822b2f43fb76713b96aa6217ffd47d4338ae662d0fcb781d217cf0bef7e353c6f71e8b4e600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
368B

MD5
4c0ec8d05a2094a1732e0256d3536854

SHA1
9c58e56498ef1d2b14c0991ffa278413c970c993

SHA256
9d0428d95d7ec6786dbd8eb4bb496c879400579459ceb66513efb9004338bde8

SHA512
fec97205322f4065aa8007e979dbf8d24b7cae6d017a1ae247fb85ea2c6a1ba5c5c26fa25e7b6bc2e4a30b229994763e8e5c289df40ba4e7600bc20040b2183a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
e5f297f62848e6a0deb994cdda1b69ef

SHA1
78804814937658ae40b05e9391ca430950d0ba1a

SHA256
707d5bbfa1dfa8e67457758f73854ed05ef87a5ae4833f44e2f7d023be3a7402

SHA512
411d407b54796240fca653429c01e0f92ca951b8d8f0cde7d4e28fd37bad6e6134f4b1f52bf984b2d6778b56ded4f08dadf85aef1727a196a064fd459a19e8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
7959360c5b400bff29c5f588b63a02ac

SHA1
06150565e317dee6cae195d6707a71b9f39be0be

SHA256
865f178be030b5a9b7da3586958930e9550b50060c72c79c1c19f8b6b4155a47

SHA512
4a4a776130f776e9391810f2d5551b71846fe25fcc679c43182254b6f1c60d9c854e6f54e5ec836d2409fee9e7853e382d8f78d9fad002e51e37e1623b9ba2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
4512261292e17002ab9bed1f383f8026

SHA1
7b4b4737ff9da7077bb9b78bb3ce92e15b3457c0

SHA256
49bcba8fbd98b3610a6c7e426c2d8a276644ac670338064fea6db6ec20700874

SHA512
d4cc082b41934856e9f3d3ba4d5bc273baf8e13867f0a2179725795d8eef73bcfa1629b96f1828d64cdf7ca6478997f1f72a1f0b325aa2f7a3684b6b38695ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
96df0ac3e5d6fcfebde7392c59df5a97

SHA1
ac88f4bcb2f8084203507429424a1220be77cbf7

SHA256
f0713db12671ebc17def1a0ce31b03af4ab30f5bc126ea82b72f9e50ef027817

SHA512
de78b37639048dc9b183db962fb87739d3e9cf7bbabe26cc1aaf80813d71c9c7678e3178db4ca9b1f83d24e79f2d39a1aec84c9c3eef041f6ba4d76247f1c044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cddf.TMP
Filesize
370B

MD5
a368d27ef9227d6a84e30c2ab9e639ac

SHA1
2f65083cdee4f01e8595a8ce542d0c058db0c755

SHA256
7903601ac4ae0000c4830f2a9c0a0e28e5889c8d49cb6bbad00ed6323a696496

SHA512
ef0dad4758724af25d2924f012ac5e3b395b6df176f8625111dc8bf65122030912e0e3923add75f1b9dbd4986404d974292c67b098deb5b666b58307c98e85eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f623fe322512e609717d452663b4bf65

SHA1
1bcbe3f6f07705a1861cfef47c4f7d0f7692295b

SHA256
4e00af281f905042b4250e5b23ef4cba4ffa540900a365652c66d381c94dd719

SHA512
fc1eecba3f6e642193a9bf802293cb4d5c8ee4cfb66045a2fbd0bc1c9df59b16b117cb157e6addeec294302d3e874ac443d4fee2e9d7f5ec1c079163f6b4bcd5

Download Submit