hxxps://www[.]dropbox[.]com/l/scl/AABPPlAmIHsKWs1awSo1ra8AaKOs90fDcX8

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2023 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AABPPlAmIHsKWs1awSo1ra8AaKOs90fDcX8

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2231940048-779848787-2990559741-1000\{94E1761C-2ECB-43D5-A2F3-4B0EAC8188E4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
4212	msedge.exe
4212	msedge.exe
2096	msedge.exe
2096	msedge.exe
4016	msedge.exe
1656	identity_helper.exe
1656	identity_helper.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 2112	4212	msedge.exe	84
PID 4212 wrote to memory of 2112	4212	msedge.exe	84
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 768	4212	msedge.exe	86
PID 4212 wrote to memory of 3016	4212	msedge.exe	85
PID 4212 wrote to memory of 3016	4212	msedge.exe	85
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87
PID 4212 wrote to memory of 4068	4212	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AABPPlAmIHsKWs1awSo1ra8AaKOs90fDcX8
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc15fb46f8,0x7ffc15fb4708,0x7ffc15fb4718
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8549981363102043744,10032100405081348704,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6f7bda6baa31dfbd17295b7dc254fb52

SHA1
7f1d3ec3a25dc39073255a070d320f3d44a4ba43

SHA256
c4db8cdaa007ea0e6b4211dcede5770242bcb41064979f1f5b960394507c697f

SHA512
7a615cac46369a105446cd4d756414028a6142f9caf97f04ceb89911ef8ec2fb0afd8f2e4077fd14fe95ca53557e4f666907f80b9b6f35947cf1048f992ee895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cf9d741457c8e7ce9136f990cda07456

SHA1
5179f1b416779296c3504942bfaeae232d2dfdaf

SHA256
14f0db9ee20049dad3a1c91dba5418f5e0efb26a294e9c3a3b4cd1d392d563f2

SHA512
ff692783f11d1c6500fcb408fbe93962aeecb774c14139dd91c2cc2781808e75ef4d05439899aa34608a473db26ce3d83687153082a5a4476f8367357c770e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
615af591b1ebdf4661d45f7a4ebe37e5

SHA1
d7484c43738d678af1485e7867efacf4d9a2ee57

SHA256
d18ac11995fb8d4a7913b9d4eec1c7df7f339fa2774702771d9219a4b9be257a

SHA512
7673483994c71bda23c0bda4d4e6b24af77ffaa177eb34a9d8cfb5f5bcaf98d19fb81bca70a11d133fdb13a67c72f4ee0f2be1c66539efe00d795a350b18c53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8a7215c8a56235c690852cb2dbc9824c

SHA1
248dfd54354100fa658770f2399ddf695f645c04

SHA256
015de831e6173481afbf9e293c41ff6046ffd49a99d777661e0357a8684ae895

SHA512
683d36584c75a3bd5b27b581fa8950133d1e3c41dfd99a1c7628706976171731aa156931531d11d4c0731c6e505f640ede605c877276f90827756d0fa2c97e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
b6cfa7146e15549b5160663086a52b2e

SHA1
eeca86a050457c0e71e17d85bbf66b5e3cf04519

SHA256
1efc439e48350aec2ce20a88d3b1f7093bd80f94358ba28f7a5cc8024b744aa1

SHA512
f30485e9570fc75dccc194bfba89fbd0773cfff24a08a20a091504699c3c10a5b7e3303a752efece343ed8f9ca9bb29045516eaacb69192f635288a3f78c5dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
941b6c727279f6cda11e830d12eb51fb

SHA1
91727f6d8f57b4d065977e55dbda0e4cdd8f02f5

SHA256
bc49a86898dfb986d9a30bc205b02163c4b00dfa3dbba9467836048c9c7e91bf

SHA512
8638161d754c0a572491b6b21b09d8a12de9d3ae3f7ede7d4e84d879c26f352dc8d8aa2049f3b6ffa6a13b8698402baab2f390cc2e17c1ad3d5ea9b765fcc203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
c7d7dc7a2f92daeb1dde6b1b26cfebbc

SHA1
e403d92b4c75d6c550807dbf1755c33aa8baea7c

SHA256
005e2b3617571eced31e792a010ecd8f20cd0718b58b968143258b7dd07f1a0d

SHA512
12c07218542ef404e12f4ec9c69abf93e772a9c40957c16e2e981e76197e312675e6e78e203826330254ba06fd4bb9a0bea0c1e37745bbc20e9f17f6889c0c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
dfc44a1fea05067d4b1cc865c282e87a

SHA1
6382dcdbf19d2eed34d248c614d6b0ca6656cf9a

SHA256
9d1f423026e349ff203b034512d5661803e3b50a2d4b126d219faed8e6befd63

SHA512
4521578dc67ec32e5121babc81a7d39adf13719f58e78e50428c43ea5f372b0bcefbca1e4b4997058bb17813db68fbcf7b6dc1cacdca39c0877d3edf31626d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
6fb752ae948921d5f7d8daf30d3e0725

SHA1
36d2279135414c58936dd4c70ae11a2692c9727d

SHA256
caefe32c8f95c9b0448bf0031a6aa5d4f7f724fc009334942a8db4416e96f49c

SHA512
e24ef3b808776381df85802270aadabddaf8ac9d5701dc63031b0f6c91e99744f5c837a1f2fb822c88584343810b49bf4c151fba726a27409a7073fc24c1ad2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
899403ee487569c682d033d260a19da6

SHA1
f6c00fde0fdc885bde5b6390abba830ffc979ee7

SHA256
ded7775e6c289e1b3496b4df350269376bbbcaea60ad2f6452e963effd2f7d46

SHA512
47b9f4ce247afc310e0b0c47716b880365d98158400d2cff1340ced8d78f8d4673a231d335bba55ae370ceeb1a612a05538190eaaf0ec8d82cfb3790ed7edd2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
682ba8c063711f61ffe3a16a2b534c1b

SHA1
04a0349f7b5733f1f496bc16a7c8d323bb75025f

SHA256
ee12146299ac058d4fcba93df09abbced2334ae8fd2489b9f2427672dbdbeb1b

SHA512
13355e08e2d6a415b71f25c6a5e0a47a651058772963ca2ff3b6027b24938457e4b81a41c342086c51f2f0c9a85c2ef43efa4128dd36b936c213057557628abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5884db.TMP

Filesize
537B

MD5
df80dfe66188439f26e563967682b379

SHA1
c52d1017cecee035a1f576e70f54be7b32ec101e

SHA256
9e4c7ecb1bed0b34e241323ccdf7205245660b7d7f6c48523d88ec2ccc83121a

SHA512
c902b56ba10dd44c9b1305c5bfe54fb1eccf916cd3a47b69c657f1240e69a04acb8d55461fbc66f4bd91b00769eabd78737e96ea11ca0eb777bc50464781c9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f2397f45-1829-4888-9d82-0d6c86e835ac.tmp

Filesize
537B

MD5
001b9818b1c0b672ac201e8dbcde45bd

SHA1
02d07a74354c5df4b267daa8765fb5ec750b53ae

SHA256
363b2eea431d50a71840b6b5996655e278a684be45b6d642a1b588f9efe64973

SHA512
43841168076eac3a798d856dddc5e4242bd237c39e6aefabe1b43dd836f280a07797dc80f66fd5cda9e366cc9d8522639ea440fe28d7a32150dbaba4fa33272a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
703d45e750107d619f535171002dfbf3

SHA1
ca009c5d3ba0006ffd5362056dc2acb66e78b923

SHA256
8593d491e68f89da48655865886515a58c5250c25f80fe7edd2649d469293a2e

SHA512
2d81061fec88a1f7fb3c8a239e517d87a8f5511eac48eb1133564eb61f2cf6f9f5d10e75907590f5961f18c700b2a3af0034b92d9cd12c4f6622585bf48991df

Download Submit