hxxps://ay[.]link/Boti

Analysis

max time kernel
110s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ay.link/Boti

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
1856	msedge.exe
1856	msedge.exe
4520	identity_helper.exe
4520	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1084	1856	msedge.exe	42
PID 1856 wrote to memory of 1084	1856	msedge.exe	42
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3172	1856	msedge.exe	86
PID 1856 wrote to memory of 3092	1856	msedge.exe	85
PID 1856 wrote to memory of 3092	1856	msedge.exe	85
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87
PID 1856 wrote to memory of 348	1856	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ay.link/Boti
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb7a346f8,0x7ffcb7a34708,0x7ffcb7a34718
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,479649478696349843,13065852236086095868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\82cc7157-4b54-4fad-b744-b9e610358bfc.tmp

Filesize
11KB

MD5
04952c578cd765a6745ce01f226fb401

SHA1
ed47a03ec4a5a6bf041acb943605bffdaade0004

SHA256
78c3dadf5e872b5a9b7b844a45f986284d72ec36eb74239f1a0f328ccfda766e

SHA512
01de148167929a48cef9f8c37804c5e45c44fcb6bd0a7bc4968bc15b6c47ed52b8334d12cf143bf3e2a471d361fabe48ceee1094e8dc388eec474fa52059aa5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
8852b46734c87248cb2064233b4a325c

SHA1
cf4dd2b70b676a1973cc055feb2595cf68675cef

SHA256
04bf2e2d5009786bc91fc1709f5dbda9b58c9f4d7bb85f76ac3bdc577b537724

SHA512
0e0850eaa6497fe18dd4af8e83bbc3a22a75d20da90118d8373ab150fb388daa95578f0a4dcb34d26ba6d9e085ffeb24abd717baaaa98ee1656f727a870055aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
c5060c73b0cd6bef61868f7970664582

SHA1
34067bc80fe9b9b0bdc128935ae39b20db324365

SHA256
ba2dcb7cb4c6d6802fe6783b42b43de8859975626ded86fdf9b8bf98beeb37d4

SHA512
89bd42b26c971dec092cf7fca2bf9fba1970759cb247ad246c90d735d70ae134d0ca6584be83c7295e6e23962ca32af6ee92ac81cf61cba3d15b3e000c54ab91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4d2bd0a9e1a29d31fb9a5a85b82c7660

SHA1
806abfeafcc987f65511f858ee25aede4f7778a4

SHA256
c78adde4a94c74fb63dc1bec493fe1aee6a8a1b78bace37b16f68400f48655c1

SHA512
f49dfdf8312278e604152304ac95de1ae97d30277ce5bd2720cf2ece718e8c00f9e2d970e84f39e86404fc03f11c7c7aa99c9285e67a11911f5c9c17623d8294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88424d32a29a2acf44ebdc05904a121a

SHA1
49050623d782e98bc4871f3f6f40bc172dbee52c

SHA256
7a79283689b3a10c0ba33c218bdd6b051c207c086f62c1b5ebc377e665f1203a

SHA512
07aea28c80db49ad7d3633bdc3e1215fa2771c4a732eb62b1080a11f6bd2a5a2a5d8684a1843c4e03e0317bb394b36bcb1923f732b521bcf98b06b85bf20d52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
510916aeeacc5e61cd9a31dfa365312a

SHA1
d522b1383728cd77f604d5f8587d4268bf3915f3

SHA256
5874c297a0b5f7b686a444adb958a15d137448dc5fe7ba1be5675c775b0c7749

SHA512
3745a3c5d9e117b5388f3e0759913b8e674c398721d639bbdd027c33ca334f4e6105fd49b07a2dc8dd4f600b6a715476b9d1ac0b1bc9f5d6466bd3a8b7f66738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f1cca5da80d62fde7b6b75d8c148a78

SHA1
73a9d6c403ccca3e251c9fba48257c7074d3c546

SHA256
cfeb0035b6f174190821675cf94687ca1bca5b76ea42f82e2462ee51372a6196

SHA512
e1508ae7c4a64ce6d88ba8d87422ae2d0ef89a7ae164b579c8d450beb47893ea4638a07271ebc3d498773974995757055bbbc37e9a5d5baae907e74d9750761a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4125b37af4c995d45356e5415fb72986

SHA1
678a665400984e47534bc4cdf3296f99befbe48c

SHA256
75633c87105e0f51141c574372b3e8677ae86acbcb4004ccf0b1485ce3458589

SHA512
50d7188ecb2d248eb01ecda2cf391bd299591fd36b25fbb3b7d4ae62c803f645295bf83d346f1014e5df716c245e3b1f4e87b90c4fb312f4cf5e991050851e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f08f660db7b90573830fdb698c994a6f

SHA1
aabc17f7e7cb7d441134cb09ad73a86535c94a01

SHA256
1b6ce4f4ab8918ecf6b2ea6d1d5cdc821645b94fbb0756f274fea14d6cdb7add

SHA512
6e7b7517c81cb5c390e82907a5aeddd1e185537d15b3bdc4420980140a037698f96b6a5372c686c2f80e1a850a0686fd45b5984c8ee3b82239b2bbcf85f3deff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
52aea8a89f88842a067548d4db13c799

SHA1
47b46c4a7245994953db270a7d04446d7e1314aa

SHA256
ea3af6aada3cc85b2052eedb5c8d4acc2d6fda303a56cd2f37946436cdfab0e4

SHA512
2adcaf9de548b3350f86242edf1c6fed5687cb308b57a2ddc63faec86ca64650caa53911e06a3844fea3f7522c5344aaa389be200cbf0a9ee993fac5471499f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71823ec9dc29114f447d549ef43a597c

SHA1
685acca9f5544de106e8864b3061c0562a2a7e61

SHA256
087b4748363e9d5a728f8e03979d91e95f98ca679dfba4b1df2958b01b34a36d

SHA512
3c4c5c00bbc3bed917d1684282157e7f77d3d7f1f72005c291e5bf3b41d6211c45fb85f6c71125bfd7c6081aef1f0ada46d918c14a761eba44ae88b66a55ea4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
13adb4c6908037de29c91ec6c18bd39f

SHA1
b2be02702a77005609c89b5a905d610244123344

SHA256
4d37f6af60ff5d0b92f48e6f169ff78e866503b872d8125e4a17e13461e7c31b

SHA512
6641e1f4c65c34dccbf33d30bff02500c79534fac7b79037a607e1310502ec839d50d23593da3e2baa841867147bcb11d34c318a727bd454e2171d8ba4ab9891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
568977b58f6a1c843a06d668f3cd9c9f

SHA1
9f2d3ebd7d04ff174f3d5b16493ce0d32d8cd88c

SHA256
b4901a6510199f9993e5752120685f2c85166ce92d17a8cad1b92dbdf08e43c8

SHA512
f66162fe86fea5f0965a2b704b4882194bdb9324368837555c877e4757c3f8e2e5e80d30c76a434c71ac9d36c47f427eac145bd62779f1f2c8a6a162ba82d3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d830.TMP

Filesize
539B

MD5
37b6accb0632fa9cdc4156487e883365

SHA1
3c79a4bf6601a6aee9ba6fc924cfadafa2763828

SHA256
637e927104eb686af4280033cbc76a3638a1065a79469106edf02551eeada79e

SHA512
7838027b02b956db957e7bdfaf1ae7b1fd0be87424260f61586a5fbc0a1c1be3cd8583fbab476056c570c08cb41d75f9ae658f5ae6ef8a1e5f7f605cd3b2dd5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8b1b3c22b2203cf2b53321c6d62a82bf

SHA1
d7b84e0bc385d49a728b7ed0ca373b2aa3c00b7b

SHA256
6bbac36e9556e64ccc89c60c793976d0d8ddc22d8c616d474d82006d2b3ee4f5

SHA512
39e96b2b6975ab621ab5a683daf330de0361e0aee5d3616b7bb735ff488fb6c8fede4d709973d7580bcc8f292d563a9d47548d6a1ea382e195269aa3bda78a57

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4cf7cc5547ea99708971ef3c0543ff09

SHA1
a34d76eddcf0bf57b1615fe916d419d03a2bbe38

SHA256
d384a0fcde1bf6bd965b3b0b356d344c8be1f321c7e5db18cda92602259f4531

SHA512
baac46faed7a3c0a8fa40139ae6b5b09eb2f0f08fde475ab92a694bc4da2ecb499b0675d20a68af830446f3aaa88849097faf8f94eed822d09d3200710a34fc1

Download Submit