hxxps://www[.]dropbox[.]com/l/scl/AAD3hNf79y9Lt7bxALg1iNEsnSZ9DcOkIsI

Analysis

max time kernel
130s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AAD3hNf79y9Lt7bxALg1iNEsnSZ9DcOkIsI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2753856825-3907105642-1818461144-1000\{229E9748-5D5E-4625-8B8F-102F02C1E899}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
4268	msedge.exe
4268	msedge.exe
228	msedge.exe
228	msedge.exe
4656	msedge.exe
2464	identity_helper.exe
2464	identity_helper.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 552	4268	msedge.exe	82
PID 4268 wrote to memory of 552	4268	msedge.exe	82
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 5088	4268	msedge.exe	83
PID 4268 wrote to memory of 3580	4268	msedge.exe	84
PID 4268 wrote to memory of 3580	4268	msedge.exe	84
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85
PID 4268 wrote to memory of 2968	4268	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AAD3hNf79y9Lt7bxALg1iNEsnSZ9DcOkIsI
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb11a646f8,0x7ffb11a64708,0x7ffb11a64718
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9853817094612488444,826575020906169247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c0bda5abb7137bab6fd33104585d2b08

SHA1
ee3d49a990d8e0d795d698710cc0fb6399b163e9

SHA256
96c32184af09487b747344c78de2ec9a8bc239889e1c7597514cb70782a2d9b1

SHA512
e8f0bd22c4860fa38c41c04ef292767eac85bf38a9edff4f18a10d5a8485113b49f3d5c40ec13a0ad603ba3300067c4dd8c3ea38fd68f153511aa9d617dc504a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d3108918383703f7482f249b9069c2df

SHA1
68b38af029021e62ff9ece4b3b009ea9a0662c62

SHA256
66c07506d4c5402974694e9cd6bc1cdd601f025b3ec41f2f45b6a5a9d59e3468

SHA512
a0315e120eb3fed5d3d6c83ce38ab13ab49069b9284d844efac04e4911734ed43a146164e8a66e8028ef70220e8657832a514262457df5988b36a4cbfd95bd36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
521ae3442eed73f7409fbca6d3d5b613

SHA1
7c7138f89b084cca450949273db19ec38d314bd6

SHA256
f1829e55a4ffa6cf361b53168f8266df079b8cf9e8191854b65fd6a92499862e

SHA512
c580ae154fdbe60d29209b16bf813344a2317042dd1db162cf6985e99af22f1459b7bbc427b71b3361a3e11e2b23763f6163eaee676417fab63dee7dc21c0b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b22daee3e98b2029abda150ed9ff0e35

SHA1
8ea7683eb8ad76ad52e63be54c7bcac0aec43152

SHA256
5946c33ae014ba7143d08e1c9cfa0244982ec7315f9e6b1408fde94f2d5715e9

SHA512
53b4239dd9d44a13bb619b80fc3a70ed6726f828e12cb316d0434e6fda190de35807cabd394096386bb5841bbc5ab765aa5c812270e060dfdc12f26c465b69a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
093da5a33545c8024c3858aacac92e28

SHA1
9f23648206eeab0fced7c6b292f886c98e6326e0

SHA256
6f9fe7be181c215d79e5706948854aca0b866ce37c0771f2fc64f47f0d14b26e

SHA512
f0865cf4b2a0808bb51be7aa9e898b684bd5da23a68ef002efae6002a061a252a432a3757c1fbfa36c517dc2c5528f2102d1baaa96a325f3d95d8c8b3e86b962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e91203cf358a95684270505b7dfe5939

SHA1
4565db7cb5e467aa004edfcae84f0c26d0728d8f

SHA256
4ac0ad890e63610b0f72786c021245b2d7ab6b3b972b216c34edd77467970a85

SHA512
9fd2c44d1cacef085b5bd585361f54fb4866da0acfc852087077f53315da476355ebdfe1d7dd45f08951acf07d172b9fa144d15c377d322a52ebfe9dffe72e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b36037f2b1fc3d9cc5ecc7adbe3b6b5b

SHA1
7d132ea3f6ab37a68737a3905dad9df716c65456

SHA256
19001f09a240cf9bce204bbf5bfecdbc6b45486bdbf00beb7638dea78f4f89a4

SHA512
20c9ffbbb7b65aafda543317689f3dda39d3c1a42e555797b4fb4adc13a1548f23e11667f6d38f3a30bed9ab745adeb01b26a20b75e2069ddee71e92218615be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7529d9baeea431b2cdeb024977793105

SHA1
dfd59ab83b5d3542ff4f0b5bc5771a002f895f66

SHA256
34556c19565bec3324c013e7c364fb1ba04b5df07d7dd00cdbcaf4ebcbb600fb

SHA512
c09b9842ca40cb3a255d6f2f441881f717549a8123a799d08c4ed76a3963082ec4bd531c108714630370ab5bdaf44a83d09ed7b22b17186af352275d035ccfdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
83f8a07f955dd87587ce44c8a638621f

SHA1
41650b042840cf9ef2817dae25076c9eda1ba053

SHA256
4b25c6c58132db186d1a59345b6db1e976d2fd9c7ff13d1ee6c2cfa0330a2501

SHA512
e917a9cb8a7ecfdc78fb74f460c3848e4988b2954102fe6695d8b5f45f2f0cbe92b28c3722c25572c2183c172cf0e7e45fb31ae4624b4b6e1255db2030e8fef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ea209dfcf43aae0b77b8e53019715fd

SHA1
828878965285c5665f2af15ceb9de84f12612ad8

SHA256
5f558a2323969668b3e44228ba4132f5a985814dc7d93f9ed12332d056310c7c

SHA512
971086dd50b0aedc4e3e4f6430be5c7993472b0f514b26fd6dcb0583ec82d868f6a0dae127a3d37c1c7813b5c99a1a55fbeb89ca0ee6fa8656a08ae663de0308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
97eea654a9b977004ddb146eceb34790

SHA1
b3ca38edf86c9dbf1bdf1c51ff191dc9965422d6

SHA256
de9b4840010d3bb920846c22907a50ba7f567c17d6e50b65b19867bd1031522c

SHA512
52a06155c2e92b8dc4f6ca95fa7c9818855b8aee8b71c8d51aebcb13d95ef014ab4d5df5d75aa53a4063f144f72510a20a0f6ec371b82e8ede1684918663e0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c0e276e0504ac31c5088f771624cb9dd

SHA1
01a94a236e872ac96aafa7d9ba13fa83fb91ebaa

SHA256
bbd9988801905f7172666698d74f021e3d08001e826f8cb69524a85c22e4d236

SHA512
2f4305c80cc48e7a9bd43b8e3679f70df88762689e70fab545d304ab12ea58897dc62d7a846ad79827a8e67e3ba705d36e8ac55b945bc46014549d9bb288942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
9b9de8e7aba30959bbda7e5deb1aa552

SHA1
3dd66dbecfcaf6a36255d0d762248dc0c04783c1

SHA256
c2871bfe15f43e0626f0acb5bd7f1f728375e4eccdfbe4175fcdf8467762789e

SHA512
2d6ed07109bfb239bae6ccb18282e675a6a6bb365def08d73f7f9ad648e68c723d72318040fe0114b1a1aa282e5f571d3305f570f2646772bfc0ce70711c8efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c84a2b90e66f4c69514274ac46925e67

SHA1
d6e87d4ba791473da492a742cef436f939574fff

SHA256
6ec9d56541b5bab5ec33453f22a2379e63d79ef48088f443c017ca6bf52f0bf7

SHA512
209c28c58598506ba5a28fa613972873b301dd9648ce47a4b1bdd256d0f9709b93902f8259c8036e62614402ea70a418633cb231f423ab7e4f08334a3a1e049f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e4f1.TMP

Filesize
371B

MD5
35cfd355396ea02b3aad135d42fb6de8

SHA1
8311ce212749341fbf8d7e2ab5dbfae75504c58d

SHA256
43fd31b11e5f48139e85de7a55667422b6ed18991d6266cecad7999972eb9ef4

SHA512
0a7f3d2309749c199b09fe5b533cf3deb5bd511e4f23ed769c871f1d1add94a4db109afed24f9b41127bdf520871870e69d5bec66aa56368641123d824855ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d65795fa-c829-4d43-bcd3-1ee4d0220b2d.tmp

Filesize
538B

MD5
23ba5d5811bace8d5f3f6b65932b9ff3

SHA1
07cbd5b8169f70808acb0c46800c461a22f57601

SHA256
cedf87eab1b374d695a6eb38363ad4043a4ed299c457e56b448291a69084b6da

SHA512
3fb0f6a30f9fef40d1bd1fcf6e10598c655ad4029df68ef581f2da996149b7753ab291dc25983773195f74c08eb44adbbb14bffdcfa0a2b5969cbda5a836201a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c951e48bd403d235a4a2d9dd2ac4a5d1

SHA1
c675f0fdd9d459f2f3d4e114f68074268df656ca

SHA256
21b2b6fac724bc64ab7541b1a2f91f2d230dead4ff855e5e974964c58da7ceb7

SHA512
3b6fc13768397a2285774148ff8d61735a43dc94b4e113fa7f1e1efc2d22ed3c47afb655feaab9806287c9b6d3e3a5e1ddce7e3e92c94f9083167d62dbb238b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit