hxxps://www[.]dropbox[.]com/l/scl/AAAtoFzm1hTSvxYhCJUloxpVQDiq2l_XZMw

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AAAtoFzm1hTSvxYhCJUloxpVQDiq2l_XZMw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{2C6CFFE1-3528-4B8F-B9D6-A71380CAC4BB}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3340	msedge.exe
3340	msedge.exe
4372	msedge.exe
4372	msedge.exe
1728	msedge.exe
1728	msedge.exe
4244	msedge.exe
3708	identity_helper.exe
3708	identity_helper.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 2612	4372	msedge.exe	85
PID 4372 wrote to memory of 2612	4372	msedge.exe	85
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 2932	4372	msedge.exe	86
PID 4372 wrote to memory of 3340	4372	msedge.exe	87
PID 4372 wrote to memory of 3340	4372	msedge.exe	87
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88
PID 4372 wrote to memory of 3204	4372	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AAAtoFzm1hTSvxYhCJUloxpVQDiq2l_XZMw
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab1d546f8,0x7ffab1d54708,0x7ffab1d54718
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8887377866342950983,7872343346006545178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
772abaae846570be32c84335c98a6417

SHA1
47cb477ebb5521d0336380180ac22cbc517a87ac

SHA256
a8b3a823aa1fd3e6568782e637adeadea3e36558e4618f0465eb8cabf3be7889

SHA512
44131aa7740067ae86804ecc8ffae4fb7bf4b933fa6d6cb8e5e97213e562642b3e3b0d9caef55fd89d42807e6651844a70c60f9c771baaaa68dfb0da48ed2498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
def1427f41af3037deec4c3db74b30f4

SHA1
b88cca7501e31739065f97c119a0f1e85e24a90c

SHA256
541591b7e6b14b0c86d94760a32f06ad7ddd05b43c6f3f84fdac958ffe7c3cac

SHA512
1479b6a6c91995cfad35f012da0b1d45afb74e780d4babd37845b3ee756001d55e6810d01e63da6868d9500b48a5a72547b0d7259eb36a2c000a407286c0cdfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea3102356db8f9466067046c069f4363

SHA1
7beab27b9aaabc21b2ae30c11e65b73b0c7d366f

SHA256
8b810ea4c50a30ec8c230f7101377193e4785d5f21fb90f0c522673b44af2951

SHA512
06a239481f46c17a00878191526d50bbb5f01683783df0dbd6b377bd3f39d1e0ad75ba2a6d15ae4ee45a2aa43d034a9f83f764bf7a95e1e7f660aece8956afc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f34d1688afe9ae20dba7249bd2359827

SHA1
2d8e8b8dabfeec757c5f79a36f7ea7ecaaca54e6

SHA256
aa5771206f58e77cd37a690e8376f9dc5738ccb4d9f4667622260aa8cc9d856e

SHA512
2a9d1da90e253b1e844fbc999366469c9db2168786ab1a0d84e0638235b4f9d4a1681bd85a32dff88f4f4c16a66d2c67bb8853a2389ab78cb9c05024e1dcf110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ce2583737dfa40c65cf274d331533755

SHA1
771f7b6c9edf2e100696951ad70a8a9ab1ce77cc

SHA256
d4bda03b4f85e3577db2152c8cf814b504ff186937e915d08d3f8bbaee8fe82a

SHA512
2d35db6d8f4b0c39b0b587b9276da824ca3d1320bf8aecb6cb4145fb847408078f6fd5b024fcdf70ff8082d42dcc8d382eb1fd8c3a8e55f6854299f2a82c4ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ea5f50fc1aa0546371fea539a583ae8f

SHA1
e15c9afd69585f85851e79d3783b8e595fca1182

SHA256
d3047fc2f0d29447b23b8db092648880d12445d2bdde05ab7a1e0c7058a053d0

SHA512
9e05c7ee9104d861554bc83fc845923c37346ab699df55fb6469fb44fe3f2de535327b29a5aca21367e7770a35c6b676f670596f1c78c265d6800e44333ac37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
21b241fdeba8ab6411e6777ff0866701

SHA1
9397bdcc3d2a6a811e5eba44fc0fb798c52534ab

SHA256
cb32a02dceeb98adb3a0e7f8c1df45a51707d4f263f4ca2f96d2576db4982f70

SHA512
5d0076de0c5ef2e869b606146b7fc0daf183d2d46ad8ed44d7c835087982533ad77bef3518275c9cc26a0442e97b18d90f6ee5db43acfa3bc829b9ae9c4141ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
aea0b03cbc5cdd1aad56e341f5b10fce

SHA1
c9860d9afa706cad4443e710f8474f0b106036c5

SHA256
9aa05ed6076a86ce8e1dc3366f154805e26e8f8e7fa40610c524d7687520630f

SHA512
9cb42af77c8b47999b56313c8403b778a2dd083abfdbaf3cee0937a137800549178e95ef2e8d612a5ab31c4b9fd1c0fb92e749f5b55dc9aacc6d2bb7fa0b5d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3ef3099eb010434da0bb116e8348894e

SHA1
b9b05e633426d93920a4f89d45ddcb3c6a2e6880

SHA256
0032d185d3b7ce198cd284713161aba014c026676cab595ff79ee6f544de320c

SHA512
25eb8559ac61140dc29afb80bb8bea4f5947067eff7b9cf9865fb30d046f0251f275c7dcc3065a714e18222dfda2f125415cc14ae185b742895a261ce5a69784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
1ff290cc3007d3373bccf7a910d3d920

SHA1
14da5f84919b59d1472e229a4c665ec9a37fe95d

SHA256
a8cb21c7cc28b9b53efb30b746eb8c08731417875b466a927d41050b02a4bc90

SHA512
ac9f1627b2cf7b97c37a16bdd6e1a78f0aa57f29834f4fdbaabeb79b8100707f6b075ae05a302f5f54ce6b62aef122656eb9024851a813eb8f4ee6047ad56436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
066f638eeac9d0af79fae2caa022f278

SHA1
fbab19bd0834972db8c672e485925af0b7fd0d41

SHA256
b23147c21494745bf12063fcdc35b16aa5204e666b0a7795b2f0929bab2290a8

SHA512
e2dfa27bcd910514b27cf84e0e986cc8e0051367da7e4d933f95f9747d37b5457ccaf124f9c6b6d95213edcd2376cc80593f01c8867b1ce04a05d01841959d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
538f45d1a4c00762589c27a5fd570b73

SHA1
729fbd34f65d107b2eebe9ab5d26e668a96883e3

SHA256
3c92fc54b39dd2c8aa5fec295b1dd1642897235cb89aa2f575a2086741d6cf42

SHA512
e40e1de229447cd9d4247175f4a08d5203cf2dd8543044b8b2955d059be0b122233eda9a905c99a418aee303df48340586729246abdcaf33d122c50b47798e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b546.TMP

Filesize
371B

MD5
0b2ada7a58b2cc569e4b5d1cfa1b8326

SHA1
93f2f55f109edad058d7c2dd7a840010a3e6f5a1

SHA256
1951ae3156fb89cc771feea6efb1043e11c586b11bd5cca58bca1f561658e13e

SHA512
f08d2b97d60bdd9191a30fb8f0d96493ca54bd4f6957f603b1ffee9a257982480084ec3d52b922a368e9d84cd198cff663063ab1bd7644cca1f9f862dfe46951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95a534129136efe88d09000a2c6d53f5

SHA1
6dda7389c309da53b17c2571af5e9fe5fa4ff6c8

SHA256
3c97cd1f356ae2c0d636bf8a9941fa68d08de2f232d23b27ce200962e6db747d

SHA512
0eba1ecbd50c48a49f4d590f7c60e6471b8bd9cd1381b963c8d35df3b46f0856f51ac4e636258e03516b1e0b9e7922b8ff6cbed09ce744394cba0d150ba10786

Download Submit