hxxps://www[.]dropbox[.]com/l/scl/AADK2uTPsxfQmqSb84VhUqf8RctRNpjU6Xk

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AADK2uTPsxfQmqSb84VhUqf8RctRNpjU6Xk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2636447293-1148739154-93880854-1000\{711C2251-3098-4C72-B211-8542566F1CCB}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
456	msedge.exe
456	msedge.exe
4144	msedge.exe
1284	identity_helper.exe
1284	identity_helper.exe
4484	msedge.exe
5536	msedge.exe
5536	msedge.exe
5304	msedge.exe
5304	msedge.exe
5304	msedge.exe
5304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 4224	456	msedge.exe	84
PID 456 wrote to memory of 4224	456	msedge.exe	84
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 4460	456	msedge.exe	85
PID 456 wrote to memory of 3296	456	msedge.exe	86
PID 456 wrote to memory of 3296	456	msedge.exe	86
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87
PID 456 wrote to memory of 3192	456	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AADK2uTPsxfQmqSb84VhUqf8RctRNpjU6Xk
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba97546f8,0x7ffba9754708,0x7ffba9754718
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6608 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13962791276104359873,9561246690112027737,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6b4fdc06-d87b-460b-858a-aaf134d8b4e3.tmp

Filesize
6KB

MD5
64922cfa2c20a675f9d45ccde711d92a

SHA1
ed37f31884a30f1e85b94cbc5ae0ca93b4d13d21

SHA256
887cbc489160d0013f7327b0bd84160fb70e1dde9a6168641230b51d2854c74a

SHA512
20fd8a530a36ca8db161464fc029a55e5a458702f2f19868f5430f402775f059707dcabd2605b74c92ea0620585b6dfbcb8becd40388707396f38b5928d91242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a7d8a42b3446ddd31748187fe16c1014

SHA1
57af4be0c7ba34b3b86d06ebf2ad571206dcecb0

SHA256
f8722b0bb2e584f6ff6299818e03996277e1d80b19f84839a6c378a4ea19410b

SHA512
f6736d01eaf0fb24e10885b5d67b1541dd7ed16aa14b08ed79c201762dd963b50e0da2cb307d083824f059a0e68afd6d51e23c03a2abd4d83697d4c974f3efcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
adaf512f7a4e9ee623883f7b6d0f123f

SHA1
64bec6762f442c049186682578e40f2b960ef35e

SHA256
0a4817c9c5b7fc9f925039affd338617e9aa3e0eff91047f0520abf0842dd270

SHA512
16f7fef27121aa165dcf4f58f4251e64b16672759696ed838d2785f48f89799d650e92389f254d1cd4e9ff141ddb3bcabcfa5e5ee21aa228ff01e6079998446e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ba8d64dfd4100cab5ecfa6b5ba73f159

SHA1
c93da29856925af3c1f159a842f2de328fd57024

SHA256
1247e277046df11d59cfeaaeec6f49faf1b524d8df86c8462d4ca73a9fab1ea7

SHA512
1a01d0b6e6e1de1ac50e368e210aebebd8be571e798a9df8ca43267968eceb19d3589731a937f7d9a9f6200c6f6b8301866b3de157469dee2dac070812e3c5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
29e0fe841d9de7e9405fd565737e512a

SHA1
76ba61eed528fc8d50d409529fa767b8a63bc703

SHA256
9b1af01904f75524d3115639a157e88a0040ac1ed37e3abc469175fab566cf0b

SHA512
a81a7a2ea80350529c4445576f28a6b32890030530d35f6f1f09b8678dbb4eb425427adf24af6600cfe6b88743b2c1c25cf621e99a5baf8ed0bac7b32456375e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd674d715e60b593bc2bfe8ceff379a8

SHA1
2bc4bfe9fc68a9a5909671d8011b9a3fea63aaba

SHA256
abb3dfdefebfcc7c86264339613f01d80c489285eb3e66e75382685ea14c993e

SHA512
5d6a1145033983824e462a60c52af1ff9596ec470b237b62b92a404a9c24dba6ac1794628bbb88b301eaffc1e995636c3fb585338bc77e8cac476b7a7dcc345d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
837237bfa10bc6dd606a13c5ea46bd94

SHA1
8f8e9426bdeb772002f96def318a27e37aa1e950

SHA256
11da90e0236e6b1954f7fd800ce84427d7fbc597e3cc01b33070162df605cc87

SHA512
8d26229658cf05fd6f383cc0462b2c649567932a3e301e6f848c711ebfd4f53bb8423d2c7bcb2317ee10b744253afbe433aebffaa4b4de6dba87387fd699c16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
bb51d9a160589906007669c1dd2cf835

SHA1
b4b921166662e9280b5662e4c191c8d02d3a9d2e

SHA256
44f41689ecfc15f0a761e8c3124283be642e220f03c70914bb808dcad860a2e5

SHA512
0254199af38b6c1ded5128ac61638faf4cf4f62c5782d6f7d87c88c87780f0812dad45701a1cd6795a67c74a6d9b86eb3143177f0bb28f8a664e3a430b9d7b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f954bf742ed732c20aa8b01fa7cfb27d

SHA1
5aca2ce5cd29e730359d67881708beace0ed8bc6

SHA256
5e6bb37ea7bf5e4e4336605199b0711202b96cccca9cccaf9c0e8b5da3213498

SHA512
e03624c83fe72cec0c7b4650ba550185f13774398e763c132aab2f426c5992469d7aef8a4cfc1b1e8aefb1f4fa54d2af889c18b32900861733038f94d69eda00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d6fbbbf3226bf6a03a94490f24d857fb

SHA1
925ef39eca4d55168c2f3313f9dfbcf95104fabb

SHA256
c475391d62da54fc6a536d118196f11eb759b4005ceb05bdb39629397030b0e3

SHA512
e9fe1e65cbd6738b93942b7ebe89bfc671158908c357c4673ac074034d7adbb138e40aaaee6fafc012c15e42bfec69d6f4ee6701442fb947665c31147fe89bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
edcc4065ed057004cbb452e07241749e

SHA1
c1d9e413c95a6510d76259357617dcbcc04c4c8e

SHA256
1770013b342db01754141d28f6b573caa5e55e4a15427844b1d60ceb63239844

SHA512
45c591e5e4823a5365674b9bd0793834d7fdef46d4801854f43d6a051d09f4854afa2038ace6a8fb87853ee3fd864b8ff4cfe2b7c9db1c1da2dc387b06e42dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5be1831daf93d04a7dd5be25bb290b30

SHA1
dd7d06b2a10e60ec47675cf93b25220d8812b772

SHA256
972316a53f3d345b17c32207bdaee8a9913f9cf7423162ef637d6dd2c744d25b

SHA512
36894e8d20ac23b257570089ce746cd4f0db8b6ec7dbfa6c7349174087649e564e63f81644a31e000546797f087ac27c977e0f1da55b67ee76dea2a5981cffe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0d33266a4a009e4495a3e71e1fb52f13

SHA1
8fae12ea997e614073c8d7e8be00b760405fbf0d

SHA256
7bf5dc7f6ab969863db7d0b576998111e3c3c924abd1c11a65ae4f89219975fa

SHA512
1532a4aba5e001bc056530795ec10b4bdc16320ebf88f18409bf975a4cdbab5bd92cf2292626b2a48ce53aa97f4b3c2e89320fa93e3faf3aa1349754e794ee6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ad7713d0700e73044a8f20f4d391deb5

SHA1
11386985ef3eb6110d53bd4991e8faad062a12c8

SHA256
7c4a7743657b315a40b99f5c86a6eb719463645d6bf1a386d46581e5e4cf6e53

SHA512
003205c6bcd35d7c8f12efffd0899d448e5e3491fc8787636374ae11d283da54b61c5b8fdf2d3ce29a93f669bb102a8627bb75600a92ab5c144dbc35da714283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d9ede3bdbb43a4eaee243a3d36d0e3b7

SHA1
f180015825fa13168ed034aae38b4b0a39c357f3

SHA256
1a7732a0a99cb363d1dc9110f3d45a79aa220616998ef79ffd9629c6f09c33bb

SHA512
8a371a4b6752c0123e86c799dc118fead31b4f473532e13f900d666ae0c1ddd28ed4721645e9947570abbe42d0acf77c26e7e31acb426a22d1034538d0c1011f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d438.TMP

Filesize
371B

MD5
f20959b6881f8ed719eabcb21d29731f

SHA1
bcb2647bc749ae73569bc532119a45dc29a38947

SHA256
8d16f4106d3f35636559faf6b3531703e6ef091ecae3ea024f4bf5b292f5cb50

SHA512
d340d736027a1e03e7f2a342b0224dbec647ff57189fa4a856b6650ac3d11a1ffef6821e161de474eb4a4ca85338566d6e6588dfed3e0b8d12513d69290d94c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da43bc34c177358aa1a2c3d178abdd79

SHA1
06414a98a9248bb0679c43723ed276fa1feff811

SHA256
a17966b8299afcd860e1be06d83c8ee954c5a04554e477a3ff1300bb282f2de5

SHA512
ceccbe8a1c525d9ecb9318fe49a48820f388f0d8d1c447dd19d203963d4194d4c12ff2c042a26d3797e930060543006f542fd66fc036a9ef618d841999f16c1d

Download Submit