hxxps://www[.]dropbox[.]com/l/scl/AADUylOOJ0HdmJ0ySGsVFbeRQFfxSIMiL_o

Analysis

max time kernel
113s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AADUylOOJ0HdmJ0ySGsVFbeRQFfxSIMiL_o

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1926387074-3400613176-3566796709-1000\{BFCDF51B-CAC6-44CD-94D6-1EA9F70F1164}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
112	msedge.exe
112	msedge.exe
1536	msedge.exe
1536	msedge.exe
4412	msedge.exe
4716	identity_helper.exe
4716	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 3700	112	msedge.exe	58
PID 112 wrote to memory of 3700	112	msedge.exe	58
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 1464	112	msedge.exe	85
PID 112 wrote to memory of 4948	112	msedge.exe	86
PID 112 wrote to memory of 4948	112	msedge.exe	86
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87
PID 112 wrote to memory of 1232	112	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AADUylOOJ0HdmJ0ySGsVFbeRQFfxSIMiL_o
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8108746f8,0x7ff810874708,0x7ff810874718
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3972 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4355412213078554682,14220117464980803566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
  2⤵
  PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
34KB

MD5
22dd9245045c1f205b65aa781e9f1aa7

SHA1
d0b8804f2fee26297dbcf35affa56546c21de8ce

SHA256
bccafc5649f28404cb0d500d0a154b50630432b30250c90e4e41558bcd71f19b

SHA512
7ea8739d8f7c0bc949216021bf67b0715c0123fed5866407894e4e85b68f8a3935f77cdeaf08a367e2a0402c2376446da67778e5ab832b620c78aec1c93160f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
49KB

MD5
94c6ca19a6df253e84d0a37248758ff2

SHA1
35b363c823db3bf289ac24fc601dff74a22f95be

SHA256
66e3184acb9b9c2f721b667f6070b4e06538c60461e5a810bf9d88c737d3688c

SHA512
0b6b3baf1c91631f29da1a577c2ee853ad26bddb59a91e5a75939aa3e7bfa8d5f054d19d3f233ec01dd628a25f411c5d18ac8ffe527cf5f889a025e3af2cdc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
eea73c5372a94d6e2a251fd442728953

SHA1
3f9e15bb247803ed7abca77d3a5172eb94789bd5

SHA256
c13df1c9221f7b53467aa018dda3e2a0f911f5c4d3bd4f6e5f22259d017e17e2

SHA512
546e6c6f951af1ab015faee9a7d1516bfb47d36368fa5bdf647bbc58de2e184efc9daa14b9f9ac78e757916744631f48c437aa0144c1a8c3a5f7a6ca2c5c3730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_usersurvey.dropbox.com_0.indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_usersurvey.dropbox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8d4df6d981ebef12d37671b78b2953f6

SHA1
6c0588ce430e32758b0407761de06cd0a2ec8b48

SHA256
109528a6f96e716fcbbf5cf49dec07f68dba9d26840ce154308bc3f026772972

SHA512
815a06b74d2b4ee3764db565ec544688fc8daad0389e36cb2694dc8a9b6cd41810ee082f47de25ac152781b9e64b9612f8d943606ab44b8f061582ff44af8746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9dfa0925412cbd2dd6139539d1c57eb3

SHA1
c4ec5f247bb9bfdd79cc596f8eb6ce82bfdac347

SHA256
937f1a047a5785ee60ad8e186e131eec30bc4a5f001839610efc8a8fcfabf3c5

SHA512
33fe30ac64188fb78cfb309c61e51ff4165c92cfb60ccb227d48d665a092594dce30b60af876148e93f6a44b08d8c0b8ac9b0684f52e1d03eadc5428ee40c2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94aa219e4adf618ebe4ccb73ecc31e7f

SHA1
566ac14ffe1d36f1069646c4dcc453e2d2cb3d62

SHA256
a9ff6f68b1de0d567573204f1c3b6eb6910ac6bd997c17d2a6ed6e4446a039c2

SHA512
3e48d121bb0172b65c81d3e35a7308dfa9213ecceb3d3fe30e0db830b1cedfc10fc5f51315cbfbaf5cdd2ae305a35e6bd9c808e713d53a30f4cbd18fbb4acb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10485a793fca1a559f7b561f1d41ade2

SHA1
fa6fe92755957ca4ccc256c6444bb998b0380cd7

SHA256
58956c329e1b136def33b387a07c873e9a7e928447e550f62235dcd02a651798

SHA512
bef53eed526b1496c19cfe597b902d15651e0a8f274102386f33c8797806701aafcaebbdcf79f3c129c07423c3cae2786704f6d7c3ec19ad07c54aeaf2b33c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6810b68f23519c08c90bd77c981856a

SHA1
e241c9f1ce2e8290cb11fe7ac73c4a8af8466ce6

SHA256
f3375e6aedf53b141c95f70f7d09c94e8500ee15f958c128b9db5d3d5e474970

SHA512
173d6e4398b38b4ac01ea478f2b23aa543d77581726190997d7d53ce0017f66c15102f6e555095b28bacce62fbed4a9744cf296e4c682c8bb8eb864e65fa92cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8040f97f21d1a9a6fda3e0b92f662af0

SHA1
79ca67cb7d44fcb1fb042b5b33a1a8a469cbb692

SHA256
7e5244f0f4535ceef75a74ba09b8b5cb857319062299a4c646438e0a63752ddb

SHA512
8c0feae63c5a4c3b2ed64f9c3cf850e9de898619af08b712bc9db7b6d66436cda6f19e827c344196eada2e1021a9702943fd7a17de0554e46da6ae82fa0c2af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a078fb8a7c67594a6c2aa724e2ac684

SHA1
92bc5b49985c8588c60f6f85c50a516fae0332f4

SHA256
c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

SHA512
188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4cfd14e467446ec8739033dc185f539d

SHA1
e0d3b667b480a69c87103473dfa654fd5fb71dd9

SHA256
bc71292030d855a54c6bf444dae301859454d0356421e026f917b28a00feb624

SHA512
0a35031513a4441b7e0485f7d25a12aeb058557a06b56605580cee5f79e2af08eadb3ce67ff7f74681f0d17de45be5cdb73ba5d22d5b8cce5e7d2ca40c1a2986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c3c1916b417d900e8974139dbaf9384d

SHA1
41dd28e8cd7298da280c6944dac2cdfe097b50a0

SHA256
b560ec259a717e99e2d216d0c7c59538115d6ff1eba1b46f4b43d4f268505724

SHA512
69d46a896651adab3575cf6ee49961e3251c779c1ec58b0f237cb24f2284fc59577cc5a6d1ee7c41157f111722a79f207890bc49eac1dd0fe0f24819593b438d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ddaf4510e587568080c9021c5fea98d4

SHA1
da9a681e792cf7804078a291d60f9bea0ed5b46d

SHA256
0244a374c4c11a01463debe842e4edff71688ca4ef09b43556139c4c1e0ef013

SHA512
4217f8e91f73eef857df48d4d393726931c1864e7ab4d895686fe0fab6d8fbb1b20f0499cdbf4184b667a6a3f1891cbb2b2352a1027c6ddcf897197fd604c40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e1d8f69a0e7e73c4c439995712cf0c81

SHA1
3dd25d50e2fa780e8215736e325d1cd1b3c7c560

SHA256
7d4a437adae0b7f4b4891fa9dc145b780ca791088bbe7ff223ba1720bbd688d6

SHA512
a88ac779aa40b5bbde26462bbe06342bc5926648bc6c64d9b608da46d1ab4e49889a025f6a5ecb1fe93b9cb51c080385b53eb46e74d6b40efff0214450ebfd18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9da2ccffba9ac00ebb00b79547c544fa

SHA1
5a90a761ccd9619f53d6e2666c0932998bdd565e

SHA256
f2d818020fd0b03625ca1fb0dd705a4ac83138393135a003ea4700ee93f82a75

SHA512
934559887ef9483fb3da1783f6d96599fadf81f3df1123d1f06a839e8fdcd1a60197650fb3b45c208c182dc5a7d684e4d19c1838128f3def995eb7405e58cc9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc1b77798fe850367e0bd6e6e6830659

SHA1
b2f6449dc63c07658c23f62b668cb0208827ce74

SHA256
f6b32a817808b190debebd93db3224fc9715c5c82d17e9a5545e6ce487e4aba7

SHA512
b1ce0d7c295106ec36f33e265358d4d83398a5923283e5d53a254b3303418467bb26d68a361943c3777ee9d263465c98c6c85bf9cb624dd2403e277b4b8300d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
294d31d2f668ca9624c3611112c7efe1

SHA1
ad704f0b4019bf8edcd6fc19f09b93e44838d172

SHA256
a10fdbce956d1eb0369511bae74996710807ae6ab28ea2a661b743f12d8f578c

SHA512
4eb4f8c35e82f8782597e07f0a00c21c1c4b9b8b17e4f873827b8df8b70c95370ecad64fca5bda0c8c75ff951c0f6624ac0e4846892fc8ba768186cb4a605a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
154ec24c8920a6974d8dfa92d88c2cd1

SHA1
2d1a87e290d3d1e1e42c7e1edfc4d2ce5e4ac387

SHA256
0d3f81f53bb460a0922669b43c3d2e11e7f892c47ff6605d2d1b2668c70018ad

SHA512
3b507a701844cc24f7692533e7a01a9090ea07df9271a39c4d73616bf53108bcf85b0a1778f7a4d597dc17693d5847a02ebf462fe41d5d6f1daf8b574b878b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e8f8.TMP

Filesize
537B

MD5
f4da5ccbab7fb16c23e1c60cf1f13e82

SHA1
7847cdd5d60806774067752763ff68bcbaa20a16

SHA256
05d28e467879762229673a4b58b16a4b708eb9ee6c6542deef3ca61b4804197e

SHA512
df81ab80fbeec3fb9ea49188a58f99386ab464ed785d5ec10f2f8198fab15f9e8c326939686cf4e86c4a41505af6e7a1d23c285ffada0306086d0c9685fea9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7557ea49e79894b94d48b5df72cb49c8

SHA1
6b7a57ff967afdbc2e8971d610c5aa85754d0e48

SHA256
5fd3c1b2af5d3f992a2f877b0477177efef888916dc8ed0175abc4f078ed9dd9

SHA512
0a2fc9253a213650adb65679050572f3494fe8cd6685913e276662452bfb061778469d4e5f61d39ce2facd8b57b3e23bb4418f94cbbd47897193d84f5549bf09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3242c11087c66c61cf238f87a05511f8

SHA1
e7c762532ed637a1b128a4df79c5c2080796fb85

SHA256
5ab922a98153fde5dee4c85d733fed2fa51bda66fdeb5e135f88c73fecc9a1b1

SHA512
7b87abfe127eaac6d01c6f687be1e1f6302e9cecb33e15af931ab3f8884c77fec00f89ab3bff88ea63196742fbbb26b1c0eaa0fe7c28fbba91f579b04d02141a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit