hxxps://www[.]dropbox[.]com/l/scl/AAD1jrC3kZfbIrhdd-iSaAgiauaStF2FjO0

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AAD1jrC3kZfbIrhdd-iSaAgiauaStF2FjO0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{DE04ABE8-A0E6-4DE7-8BE1-1A847B2983C8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4600	msedge.exe
4600	msedge.exe
2396	msedge.exe
2396	msedge.exe
3756	msedge.exe
4076	identity_helper.exe
4076	identity_helper.exe
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 720	4600	msedge.exe	82
PID 4600 wrote to memory of 720	4600	msedge.exe	82
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 2404	4600	msedge.exe	83
PID 4600 wrote to memory of 4272	4600	msedge.exe	84
PID 4600 wrote to memory of 4272	4600	msedge.exe	84
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85
PID 4600 wrote to memory of 840	4600	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AAD1jrC3kZfbIrhdd-iSaAgiauaStF2FjO0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea9374718
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14441280607153797718,10453794989979736357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
986a39a529574c0b668fe9517b8b2994

SHA1
382481034b5275620d6b06bec8164027cc3ca926

SHA256
f4211171236ad65cf44660735e2b66dcb27c8d2b51885e8298c87859cb63b5cd

SHA512
911e109e5cd6fe4aafaafe8577b6e3301cbc43521ed46b5e50054bf0ad0d842f1d933bc72c97bcda259ea7448e6c5cfeaa4cac31a57910a01ddd56d7da63a635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b88bf9265fa7895f47e68e613777d2f

SHA1
368554d511a53eb68fd1402ac02c4adb1bb5f864

SHA256
38a4d18d519a9cc4a260d1920c7c5a9afed7b8c9d47b866350e1f0b6183c1660

SHA512
6719d1aeb9888b4ff7d977b9405f2dea1a8232a9f1f5f71b176ab7561d1edd555627c35edb5140313783b0945e9ee8af04165cefd08237150cce793573c43281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0a6fea37bb1a1557d4fe55720d96a9f

SHA1
1a161aaa2a6b900c5d31fc5ec8e1bb76831e5719

SHA256
82f0e293f03fb2afc98d3acb1774ead10f929fc017d1191a655ff564c33ba700

SHA512
f5b8d17d8e52a27b077ab2a894eb6bce9230c4fdcdc3ab7f155bda8857647a570a40188c125c7c29dff347465db6161274eec800bfb0d76574ebe24d9718ac91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
edfaa7fb31dfc99c157c71b8ff83ae36

SHA1
8c858b282c3e756c1d2472c1fb73b5437654b92f

SHA256
09e6b06b2983cd95cc9d44dcc9c9d349d04d5b1a8b828b5d551d202fcb797a40

SHA512
801abf681c07321f5dc3b369796dff94da42978f741e557a937d5c87c86cfe20c87ebdbc0305256643fe1257c3b2e7f2555520c85dad90756bcc9ff02f1e41ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
55dbaa55be68799ce1649e7f0672a33c

SHA1
402ba06f7be0fad6eda8abe4989f8136bac297fc

SHA256
3bba94e6d16acabfc576d225ada0b00b8c70d573521cf72b6aa47dba03ce70f8

SHA512
dacaac03bfb97bd3adfc86d84fe0a010d68aa9eec94f94506b77eabdce01489c22ae72a092bd0a9719dd81236853598926e8b97ea976e24765029a505742bad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7567dcdca961e59ea4eb34dc0fc2db0d

SHA1
1fdf442b4c3208c9ae2bb5305726ea61ee144859

SHA256
eb1010ec0548e847a9dae139822406429accadba21da937aa5737ac15b55d631

SHA512
bc6abb11a6bdde029016eca3cf3a48d3582c8d0e708d1d7ebd056f75f3b9484d64bc06d6891bdcedeba27d979e6f05b154bc30e25375dd11c6b20a8f91ca7e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
08e7b008818f52379401f740066a12b0

SHA1
7d9accf5ceb480dced79cfff116f83364039655d

SHA256
cf3a432f86ccca71a153634af2db3e0cc41ed63b14c32667ee5adbd5f7bd3279

SHA512
7ab356ed7b40159f8ecfae9dc09d5649ebadcecb83faee0a0774fd6b42b65900853b8ccd4adfbdb08329933bdb9e0cd4c25295fe16cea08871d371656abd2102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
fc2a85434c96e5e0e17b04266f7ee219

SHA1
de19122d744582b21acf0f4e6e56301b129c8d29

SHA256
663664b02a9263f06359623a93bd219d45383296cb32e0e1dacf73a91326f1bb

SHA512
b9b1f58e248939bf594a13d7d87a6529df7433eea72ce38228298bbbbd019c6e4d319309f0598fcbb7ca6538e8e57c5db1c762005582a4329e0d58c56232c8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
48b696b7ab7a08f25a443dbc82f60c8e

SHA1
2f72a18c950e478e8579172e5f478ff6e0378663

SHA256
e88f2064bc136af67f958c7ae6bbb676087a5f276ca2f79c30237e153f383b35

SHA512
d2d805b84bc8477373fa7ca44f32d3e3f265a357b9865b87cd1cf35f689d2707de5a9ce8364153047657580ec02beea87c7bf6b9a80557fc678ed3198fa8c712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
25baa6f6c08814e05531ccae88f6640b

SHA1
863b8893730bbc4e50b466ea9b21f23af256eed2

SHA256
664117d3f7ad5a5daefa702684f4393937977a4a25f2e47ddc9e43cf15956e80

SHA512
2a7c5bc9d983ad15cd0fe18620dea2c2adb0ef10167f6d93acc55dff3b72c7abb0febe6ba0bd06a5ff19d64f29a7bfcfc43bd2434ec0cf17cbf21e2ff997d25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578397.TMP

Filesize
367B

MD5
331a6a214580de197cbf8fbcb64cd23d

SHA1
adc4169bbcd0e8e7909d076a9a7b69c311a558d6

SHA256
1711c46b92fc5547c3bf92088151ec1a7599a45408baeeb3ad56ec129d997f36

SHA512
2963298e7b20582b3fceca20bd5cc82783a1bf8a4a70301990831792940fe53ff947a51b3e323c34f968e8dea0fef54c7e220e1e96d53d300bd967e474c368bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f16ae237-18f8-4900-9766-b6fe0ec57ac2.tmp

Filesize
1KB

MD5
66211e7682d5d4248198d3d4fdcdf812

SHA1
451952307d72d6136c19daecd90ca9a495638bdd

SHA256
8ca88e08ee1b4a675449f6c53498c0794989833ea010a4649e5da7dfa37e82de

SHA512
1444a0cdcee9fff4b67c32bdbfee193d9ddd4e16d48555fbe5268337c7b6261dd6234512902e19dd946c92d21c7c2a470ef098dc2cb8463a78a305833a7bc689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a26b3266f4153c1fca03ddd3f7381c5

SHA1
cd2a467ff4e9a58f30bb7b826828c853f681a6a0

SHA256
0fa689bad8171a2284ca21f464e0cd26e6bdbbe1ea24f3cccb02cca4146ab930

SHA512
f291b8b58282b72e1b4b4a8f3a04d88b1810ca55ebb92f893b65be17e2f3123aad38212ce6190d0e5f2b78b36a535b3016527ac6c8dac6fe7bcf44c43968bc2e

Download Submit