hxxps://www[.]dropbox[.]com/l/scl/AAC2M5pFtf83xZcLoxsbTxlQIJ01J0TxX_k

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AAC2M5pFtf83xZcLoxsbTxlQIJ01J0TxX_k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{B96073EB-0BC5-474D-93E7-285329B8A2FB}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
2172	msedge.exe
2172	msedge.exe
1176	msedge.exe
1176	msedge.exe
4880	msedge.exe
1084	identity_helper.exe
1084	identity_helper.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2196	2172	msedge.exe	85
PID 2172 wrote to memory of 2196	2172	msedge.exe	85
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 3992	2172	msedge.exe	86
PID 2172 wrote to memory of 1964	2172	msedge.exe	87
PID 2172 wrote to memory of 1964	2172	msedge.exe	87
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88
PID 2172 wrote to memory of 4284	2172	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AAC2M5pFtf83xZcLoxsbTxlQIJ01J0TxX_k
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc7bd46f8,0x7fffc7bd4708,0x7fffc7bd4718
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8705341715212156111,2422265969587684328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6192 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
51395cf6a919171293f332b5fdbe97f4

SHA1
b4ed2d0e103096e0698aea4974d0e242a37ec41a

SHA256
66a314b06e6e206f8e15ca950045a683f3b9601adbc5ff5cc4191fc3c11a4363

SHA512
a7f230e9c40a9fb628f7291dae7f046fb8340033ab395a546330b1b481129b4c33b708dfbdda0874f6fe33e71df6583b198b47eadc14da610a948cbc9c845a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa26e2f3b6642e1f7aa347f0e749210a

SHA1
6a1a8efb8417bd5aa9c4446e368bfd2a50e929e8

SHA256
d4eb22ffd0cf9fc304acd00da2edb3f380b8acb674c7f0716225bf4fd10430b0

SHA512
caffc371a3c1fe32c8330f6f642a337a7bec025d78793ff2f46d0ec5f287ce6624ee2d7f3906bb4d81427bda11bdb7a190463710aa21a19871bab178f7f87bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4d3a147c1e060b514826980f0d9e4df

SHA1
c3d6a308ded0ccaefdbc797acc85d35bb95d16b3

SHA256
e9cc76ea59d9fe3d05b376b5d13f9dbe852c9731a429d13701f8ad3d353e70b9

SHA512
513fad8a9e53e1bb6e8b30f829d4550f869521f25a857c8d1e30c8fc56cab3e4685c2e1091a169c23ab04833d050003c15537a6cda30090f9b5a34dab71d5e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8d9568e22bbe747e794b3bae0042a5e

SHA1
ec5a6e99e75bbc966388d332dd709c1d3d0f92dd

SHA256
ae7d925221551ebafb25b8b1aea8af6c37d329ede69803fe010263917e80ee32

SHA512
e22512b753876cbb0050b8cf858e121394570de6ffcdd10d3dc5da4835f1c5d6dca74608099135db6903d193de3e9e7d03d308552548ceae4286dd25dd3ecf60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a54cbb3d12208ea237414082eba9f3a8

SHA1
f78f84a2efc4f17b10e71bf8b19d36bbeff8aca7

SHA256
096cf4d8a68d571fc30bd78cfa59a22adcbf02d629a754195faa9dcde3ede4ae

SHA512
8d0fc42b58172d329d9d4a2036624e4a1d48bdb3d599d6521c2a7f3a9e84e67bb1e5176331d75a2254c2f244f3107ed0cf431aba65fcc9bebc9329a4f0df67ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
31d8a1cafc35734325b5d58d3978df21

SHA1
04f28cb126aaefbce522674fde70533bfd98807d

SHA256
6dafce8b9175f4f35425f35f7c5ac359fef21c50b30e5fe9a1be53a6354ecb43

SHA512
54387d379d5b8572e003fa8637e9137f1bd33a2e04d96c1eb3322a407c27159e4a8afb8ee1009bad6750f21d97ebb0493851716eab4fe9e780a86cc5eb67a2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c131f1649d56a2c9d8affe533062acb6

SHA1
0e1f56f342be7eb27894e5900f381969101447f8

SHA256
b80c19621570af20f2b67ee54142d71335e00d04a4da419e893d799686059540

SHA512
4c7b08ed548f0ab58ae667e1c3bceeeac9e2245e1c5ab12f62e3555438452edd35f765cd22310815985b8a80b6ca7f5076e7ddd2353768fa22fa4158f256dc1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0fa4e1ce2ef7822cb8d905edb8aaa7a1

SHA1
4bf031c7b712c7473485022f631f58b8d0b247ad

SHA256
aea7827ef8e8dee00ab0df0d62fcff09a83b87d41960cc2882a7ae8c720c8894

SHA512
91a636d8474ba251bfbc98122a1ffc75925a3b0eb9e9b4753e7f2c88b8beb4497e8af82d705f9af85fd7dfe50f1888ff69fb81b7355f787efc52dfba3319b82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
75e36fda6b2a4911e1d0935acb290831

SHA1
51163b623fa15ad5ea08274f15841553e817d7c6

SHA256
e82be90f4e2fe728a3799effcbae45d0c02de7a2fd11ad568ce3530922170f57

SHA512
e3434a95e9529404283d541c32e1c510c4a21c472edd9cab421abe0b7972571914f270e4bb4ea1d9eea3604765a65afc59a756b2261fec837718dceddca91bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
65249a680446d8085908a8aaf61b2f7b

SHA1
43bb8a8a7780d1e8d6046d82df56ac8c1b4eb98d

SHA256
a11c6a2cc2577ee3d18c133dac2b32de2327a440d87f876f9b78997d18c92ccb

SHA512
b7657ac9af183b068e49cd2dff56842b22107c2ff18bded6767204591f3e3811a98bf56fd79e81c43cc9e5d1997074f62b0984527aac509bad67adb6fcab8e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c6e518de22bf929e4bcb8dd1e3093ffa

SHA1
f68459c26901ce0c2b762d59e776b289c39de02e

SHA256
a817f25c91b2922363e451f85a96c6d92aa76176e7d962e3ad24768bd26a5298

SHA512
e3f22554d09f96a70b115dd4db80fba13acf72e6d8ae3d9d6b7d408b866798b68683c1dae8a40c0909bf1449e06a315cf8805696a181c2b37faa05e30ed2946a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
094f3590e3c306781f6805eed8831ec3

SHA1
154d064db954bb4172265d4d493aa6dc04d2a5ef

SHA256
54d72da05510cb34da1222d37286da6b1c049c3ee7997a897ab7988d594f429c

SHA512
79e187224fd1120020884c334cb0af4771a5d4ea5a0a2406e89e8e3ba4d4b23de7e298cd5de3be27967b810d3e099e37674a61efa5ed808cb654686bc57fc82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a160.TMP

Filesize
371B

MD5
99327aa907aef2eb42b1fe147039916b

SHA1
acbde086340e7b7f61cd50756a6440cd7d18b1d7

SHA256
a30f4a065bba459345102388f3c54e60fc2b3b1c857b8fcf8bc2ad6b49ca7417

SHA512
9910921b13eeac41dba2a3de083462fa616091ff0b8e2bfcce781ed8a2341cb428f846d3ab3918375dc0a24d617b35c01f62e51042dec8ac5eed44fb11748957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dbe797638982f8abed326f2a6718024b

SHA1
ac512b32c6d87e718cf6379c37294d28a23ebab6

SHA256
c15283799703c80b1c5587c867d5134c270a26efff738e825183e16990503310

SHA512
819049a174bd351e8523d0c2ab0f397340b1ec31860ca0508b7f0dd28ea31f94c6abb224aca6cdeccba9fa1f8a04409ab1e118d8a7d2e3f44f1cf9a5a2ca9f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35d3e3544d90ce02f36c0e2cdb740e17

SHA1
2512aaf715b7d891f627d935bbd3253cafea0b04

SHA256
35d6cc4031049193176ef41aa5c0eef06bad69fe66dbc54d5730fc2bad5e1071

SHA512
94bf9a032d382e0e3a25180b5a8b452f13b39bb9e116b10be83cd326e06d49590844eb1348a9274db2c2058d528f7bacfa246fe11161b766a2ddabedb2efb20b

Download Submit