hxxps://www[.]dropbox[.]com/l/scl/AACN2-DO0QYddAHtmbAHQt6xFUjowk7MStA

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AACN2-DO0QYddAHtmbAHQt6xFUjowk7MStA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{A3BC1FB5-5257-4651-8BCD-054ADB94F752}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3148	msedge.exe
3148	msedge.exe
4576	msedge.exe
4576	msedge.exe
3992	msedge.exe
3992	msedge.exe
1564	msedge.exe
3236	identity_helper.exe
3236	identity_helper.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 1004	4576	msedge.exe	90
PID 4576 wrote to memory of 1004	4576	msedge.exe	90
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 4056	4576	msedge.exe	92
PID 4576 wrote to memory of 3148	4576	msedge.exe	93
PID 4576 wrote to memory of 3148	4576	msedge.exe	93
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94
PID 4576 wrote to memory of 1484	4576	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AACN2-DO0QYddAHtmbAHQt6xFUjowk7MStA
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb261e46f8,0x7ffb261e4708,0x7ffb261e4718
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4176 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10816843872107559422,6463588741750290315,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6388 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b98f8c2fb1ac2b242abaa5f4e9cfa48c

SHA1
3d8db4d979018042003645b9c1829b7099ed71fc

SHA256
c56bbef47f10606671208b05c652cdcdb03c44cb4aed5e390299be8816658c02

SHA512
ce700601a195037d454ac04f62416d50f931a28b8d7ae0b16c4d9dc27399a14e22599eb21464594667e7997c1de3a93d71dbdbd39e2fcb62eeb8855c341029f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0e99e43c0d24ed9969e3ce84d5d74200

SHA1
0788964d2b5033e9d8b20f49b27c1f7fb4ba5bd8

SHA256
94880f0e368afd138affdc29fcac204e9442b5fa1dfedca419f27391700c0fdb

SHA512
75d5475a8751b35f05e7059a2c4b31fa775480afe581cedf5a1250ca708ca5494f2fcab2b0a3bcdf297be37dc0083f3bf53e2443bbdffe9aa0b65544e0779717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2413b6523b02f59f66c6db6f27a60c31

SHA1
d971d557ed33f9177088922890ef8018e7b3ac3c

SHA256
ddd0db7c41cde7ca47c53d3d836d1d7a610352b113f34b840a20f1892f523010

SHA512
2669c1e00d5364f29ae4488875a155c03f562c7578959e3a2bc14b33a3d9199b48d23bfdbdf576baddb0e01409d186df2f1d1874826198b5547c8fac204fb6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b8e1a4ab2a76b9f77404d3e6a4a8b4c

SHA1
ce7b3beb9ad5af4137fc1bf1efe3064487caa96e

SHA256
9dad38bf2d1e9f80851c9f967b67bae5a69595e49f4829a6c536e8bff4cf7661

SHA512
157bc0ebd53934928c530a80769ff9c555e7372e4c06aeb8102491d2d1a92e35e2486a40cb542c7aa6467e32144733b7567c6a8a01eda4159516a492c4b19fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
25ac71e2437461bd4baef1683cb59ae2

SHA1
c3eeda9afbcb708e6b155e8dc29932fe3217488c

SHA256
619e0adae135a76f64806e2ffb7c0c8f31995ef2483cd71229585c456b1704e9

SHA512
40b75564e2be4861474f0c4e1b5acc5d5409ae520bb24a38ee2e19e137d8ce97c093463f518a3b5283878c2d1d371367be581d63a1dd824bf763445c54243150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
41077b30c27dbdec0ebbaf6287554b8c

SHA1
470a34b5f008b40cb4c6ea744f58bd750decab97

SHA256
95ed760df54cf436acba21bd519b502d2a0854c06ac18a5fc3cc49070930eff5

SHA512
3b5961e97052760cd7d42b8641327e399aa1576cd341af8ca3dfbf498fda2bd8a24ebda7290eb16a7a2f81421abf9e1c743d610e3bf86f3fdac7e886ece22add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
a9ecc2810a23065970a9b4cbfb91e770

SHA1
ab80c408f007c0c5eca5a618e09dec08213fe189

SHA256
7ccdf233b32317753280a23c3ab9f3ade48c1d619c1f972af5962d3417145ba3

SHA512
de74ecfdd5c4c6b65d6a4e020dd9b6897c327774adb553147628802746a73d092badba83a823c36f561491b14ba03d3cc4dd3520e2cba1d584522518b940e67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
cb048285003209d8efd6f7fc82b6dd45

SHA1
d551f520b9d068f83ac33bd28a707afce0daf0af

SHA256
4c7c6079223152246ade505799a1273586ee469fc61662f88c9c86d7b63276e7

SHA512
58b3455e3f030c01caacf866a1ca97a425395a487029e846b4ae100a822d77d39097e3a9c3e472363ff04f1a61888dfc7c81b141f62f01b53232dc9dce1cbc85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
957470e644d2ff50096daea185e2ef20

SHA1
d8137f40b0ea0b6a0e3c32aa88656247c09668b5

SHA256
0b44ec590241730b17add9fb74a3d9984a8a8ced8b1bd791002cd48a0c43c908

SHA512
866e77a36b65bd4d9ab588337503e11e61f86b4beba7987ee6fce6c8f3dab99ba08c201b7ad4333323c049f5cd7a150bf728d43baf0dff6e3776a96bdf436555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
947053e959ecd847dc68e855313c87fe

SHA1
32b3cce60d4e012b044b24513280f383701b1f91

SHA256
d6545990eb7425aa9b788e304648fa16332048b1086685db29692c274af5f1bb

SHA512
d166f96746f1b66390274cc5a60cf16f00566aa1862f2c4094383ccd3aad6c1cb719c5538b5a33bfd450e9a99c5f6ae9d680bbf658bf688defec8acb71960b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
63a384ad8dd21a1f2b8450d92ba7ab60

SHA1
f4a211f24db00513e99099c7c563242be93ee57f

SHA256
fd8d2a1a883453bec39c6afe2709fbbbf7584a5a888a89b1f6f4d0dcfc4c2ee5

SHA512
2aeab29033b2492ed45cd1d647268fb72ce7affffe1fe1926304da37e7eeba1995c40546268778814cbefc23a281776d64ed6a8dff30de6e2574728f4e8bf887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f629bdaf3a5ae607911b036bf6fb1cd1

SHA1
15046d9103b43d252d6f3d762405353c7b04adcc

SHA256
1fd16b9e1bd84da813403451673094b79d469e990f327a77b8bbdcea62921023

SHA512
df10787ab4a108b0049db7dd130b14bb934afddca971c73a0da0acb992da6176fa3949c25041876f6c7f1150c2046d9f25d06d55a1f979349eb57dd2fd31715c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5791ff.TMP

Filesize
371B

MD5
138ba2eca879295d5964846999880940

SHA1
d7421e76f52eec5921593fc2d25653d80133d306

SHA256
b176f4a9936aab687e55d0a20779313231ec82518fd045df65d5f78d04301d5b

SHA512
f7fe22223b4987856917f2d58bb7e4501c20a7d2d957404f62e6e3bf85b4c0fcb8c6b0cd033c613f8795dd055e3b48dbf99280ad36a54720d1d8a08598b9c90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8671062f0f474732ea1818f185651c10

SHA1
0e14ac0e9bd35b764990b7ed2998dc34c54c0312

SHA256
82632fefc90420b061a43a62c7fd42193c93cae552678369e9bc81b74b3b58c8

SHA512
7784b016a505c4abc234ecaefd0babe1cb0754c369854b7f84994cdbe56234a5d156856c6ae278eb27879abf0e9f31c58917b1e82dab8615043488970a6ccd17

Download Submit