hxxps://www[.]dropbox[.]com/l/AADMK4RjkFkE3ogpbJ7mz387ZGjPxwunoQ4

Resubmissions

06/09/2024, 22:52

240906-2thvbasbnb 3

06/09/2024, 22:51

240906-2ss9nasbkg 3

Analysis

max time kernel
62s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/AADMK4RjkFkE3ogpbJ7mz387ZGjPxwunoQ4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
3188	msedge.exe
3188	msedge.exe
3636	identity_helper.exe
3636	identity_helper.exe
4772	msedge.exe
4772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 4696	3188	msedge.exe	83
PID 3188 wrote to memory of 4696	3188	msedge.exe	83
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 4952	3188	msedge.exe	84
PID 3188 wrote to memory of 1408	3188	msedge.exe	85
PID 3188 wrote to memory of 1408	3188	msedge.exe	85
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86
PID 3188 wrote to memory of 1868	3188	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/AADMK4RjkFkE3ogpbJ7mz387ZGjPxwunoQ4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6cd046f8,0x7fff6cd04708,0x7fff6cd04718
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1776 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6076 /prefetch:6
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16509465907768416899,7707789965510304624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
21adcdfae5915a400461c30d75818f1b

SHA1
cbcf398334c9d1376b6bca5d0c0ec527e85022dd

SHA256
a1d00a80d7654eb3c79486d4583e2d1ca54929a22911abf87582b5bc4dd5e357

SHA512
f0bccc7885781349d924c0d42fa7f4d7bd76a4a5aeacae4b747366c018105a2d7ae2deaa72569db61ba83ad16df1f6cd52bc0eaed3333012eb8c481b47367b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a4ee5ef13d5eff0cd4f03a9cfde5f02f

SHA1
d07b42a317661c18f9dc9e2a441e74c9fb60ca53

SHA256
d21cd4891b62d40f8842c251a02c879b29399355f9b6b70f9bf028e6b4237dbe

SHA512
42d5b3ff4df39440ba9bc96d357fc2ea2f43d4e751de8056331fcea2f01812f063c2512770265f60472edfb88039f50e44ee5cdf785bf52ef54acd3ea3320060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbfdcf685edace23b3195412eac720fe

SHA1
9753b3b430b6cd0f0c46657c92c4ad8b18043b20

SHA256
7bec17bd17e42c69dd476b5bb9fdeac038a7013957ae6033ed19fadfe97f8bea

SHA512
7e6887a55c2a3ed9f04eaa4d827176bfc1fd4efd8496cf9be7148a9b669fe86cd5223c6e313f7dfe45c7dee8154247f404aad0baf50392b9a7a90fed104b6a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c6e9dec20ccc52c064812a25a474ced

SHA1
3abe242bc623f5d307a9cb0a584747437521ef8a

SHA256
09416902146340eebb3fc8f7253c930b98dffe545b44fcbc45af1c101fdf58e3

SHA512
709b4b8ca10c24b2d067ecf1e5e2c711ffba68c1cd1d6348e0a0f14b895d317238fbd1650f09c70fc1bb3441cbf69981727f25c4a27f5cdeaae625507af69ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc1395208805d51f951a207c005e1702

SHA1
306e572475bec924fee85a0d1e1bacd2ee03793f

SHA256
b289517f0b35635aee1e5fbd83917b4cda98075851827080b07015c943c9da79

SHA512
fed6b6f46499dc3a43fadeac1c577bcb4779f761c79fc32add4aa054d4505b3a3ea51e0760768684dea183ca7e11c4aa8cab2a7a046ae383a5bbe2bf5dcbfe46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38e6b9a351387f35eeee16049e0993c7

SHA1
dfe32fed5eaed8ab15b0d21f9acffd1c487ea28a

SHA256
25f82fc23dc2771182d4616f6547a493988b1b699b2b46327dae81ac3e1a3380

SHA512
bec8fb0b7a48da4887d9a801039fb89e349aa9c85aad9b57a58e63f1930ee55b2edbb02aeb5932b9058ffbcc69289a79d537028b665125fc8cea3e657f9f1b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
c7a1b333a3347724da8ffbad2f66bd8f

SHA1
08329c94c97bcc69fdcea0ddc60d0cfd5e84d2ae

SHA256
798eb9f9343900dffd2306597376ab027fe03b53e918c1b2d699b019501ae74a

SHA512
56d960aadaefd4cfe09b820494a4224c569c933de41fa37bb39502ad2cb9afef4a7c212763c8ec2ccaee38bf22985e0659381cdbeb0836bad40b68d8b0100cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
7a4fd6a755dfc6eaacc2c94b2cbd463e

SHA1
a31e18a0de9bf00206dc2d096d581bdd79e0fae2

SHA256
092333c545a5fc01eee1ce501f5114247bbdffc8327009ab758146822e123d7b

SHA512
11baa7dc01ff4e131555d4f601aa0af5561bfa2ead1153584c7f2d59860ed28e07f21d072363b47cd0f2c84e351a99e4c6f6da5d843027f8e54f38b948aaa9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582eac.TMP

Filesize
201B

MD5
e670debe650d11724a02b771bc1d99ef

SHA1
fe556d529ef4c5c3ae6b6eb90ffeb6e4b7cb3e53

SHA256
77bc9770156d2002be1480df4fd7896a5b9bba49da6552d09580e42804e6450c

SHA512
61a3e3815a18bba0cc0bef08220d3e941e615b433a06ba3557f0312a68a790c258e6e512b981de8bcc12862363b384aeac05d93309e11e3bbec086437c59bf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
202a4ec46ef5ad50eb2a30f55a3346a3

SHA1
3c559de5ae771f8ec1166e77986b423844372c53

SHA256
8f0d7a6e2aca82c6f7763f314a39c009d469b34322383419d52446fa7c119762

SHA512
cf1f322e3c39b0e16e031f39f529bd927815ef757c719011ad4a267456cef317df239864d58d4b3cda56d413c980881b36f2298c4991dc29a41dea271e59bf8d

Download Submit
C:\Users\Admin\Downloads\Scarlet Fraser Associates-27_08.pdf

Filesize
108KB

MD5
e15d6fa92882689031b66ae0ad0101f2

SHA1
feebb3202aed3a5d62aa1c934ed44f9fc2628a6e

SHA256
e1b9662bafe3d937b8bf74420a17652b7e0c2192c5b97e201d0f725085a0e201

SHA512
f25f7619f62018483627cbce33c44ed4af97d5f59f157611a015c6dd192b4fca73ed9313cfbb1b60a657a6c4d3b6565473d42c13c4fca08ac980e12f8eb48844

Download Submit