hxxps://waaw[.]to

Analysis

max time kernel
208s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://waaw.to

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
2324	msedge.exe
2324	msedge.exe
916	identity_helper.exe
916	identity_helper.exe
5280	msedge.exe
5280	msedge.exe
5280	msedge.exe
5280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3976	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 4060	2324	msedge.exe	40
PID 2324 wrote to memory of 4060	2324	msedge.exe	40
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 3496	2324	msedge.exe	91
PID 2324 wrote to memory of 4192	2324	msedge.exe	90
PID 2324 wrote to memory of 4192	2324	msedge.exe	90
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92
PID 2324 wrote to memory of 548	2324	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://waaw.to
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb23a846f8,0x7ffb23a84708,0x7ffb23a84718
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,5444486027887986109,16059112176006283648,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\18ff5ef4-7b9d-4dc7-853e-6eb9209d628d.tmp

Filesize
11KB

MD5
1b2299283266b249f0111ec2356aa3b3

SHA1
d78a1fb9dd481b51c85dda214fa6a3d712f400b6

SHA256
152531414f51b845be0260ec8afb78e0d17ff396545878362f29cd8da51259a6

SHA512
f187969ae6b85d2085f0b0324d570ca51cfd9e941359e75c02b80294a7444bfddd34db69ffb6c5dbcddd5a726e83ee917d6bcd8f5b2b16b6a60b27abe79eb935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
18KB

MD5
3cde86801d9ba8f0123fb0c9a5209401

SHA1
897d0db04a2466ffee30cd044812a619e0472088

SHA256
bc2b6f81e9f65bc67f4b7a44f220c31b1f7b19f620fbe8d383154a9cd958cb77

SHA512
5be9a90e8ad6459e9d75b61c81b409b54e261ab387037720f127fe043994a25f9f4935f394f4bdae93b08403826b7d4abb3254e1d244e11324e4bf404cd1c8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

Filesize
1024KB

MD5
b3e1320e27258c81aaedb8ce5729ee59

SHA1
da37cef77b0a4384b73a0a0d4ac7a65ca0fc5f16

SHA256
ab428ea321fa6804b777aef624fb039f87971f3edd05dc095b9fdc3568141435

SHA512
ea947a7e4d7c4c399cdd0e51731cee07c857b976ef5e7e2c5b329958a3539947450dab7e4f609a7c8e67dd95aa23dcb548b49eabf04f9e05668e1fa923bc8d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2

Filesize
55KB

MD5
3f56dfd738c86e5a499358e3c4c6d104

SHA1
3ebecd355b40b96a37205c05ad200ed7fb2dc98a

SHA256
253e7e441e58483e0f0e7846b773aa219d0d57341007b306f1c79ef7a59f1240

SHA512
105d49b25719cc26c29ce8c07c27395ff4bae570389cc766796a3f3942955266c7f12ae417bdd5684ed0fb84c9e65c094c11e46bcd8b13038f0a3d458a3a0caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

Filesize
828KB

MD5
1540ae31ff5a2221e60dcee6929a5def

SHA1
15604883929dedca53437fb96b3fe0d973edced6

SHA256
dc877ab7d30cdc34b4baf3521b0cbc921847fa0c0604e9cd2317056713d7a7a7

SHA512
7ee87046425253cd868f7d3d8776c98c9f5721df91ba552fbbfbe54a7cadb73bb35b01dc6aba3c277d4a3815fd15313a3c723b3d7778e70cd990615360628f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d1

Filesize
1024KB

MD5
fb329b9822be341a6ebdd9752f278915

SHA1
fa8918101a93f948b6a77aa3db34d2e34d073edf

SHA256
737e79f5e2f7754289ea63185bcd6677450718dff8cd433a5829f942d048fffb

SHA512
23259ab06bb4ef92761676db84fe14be2a49ceac0c000af8e7990584d6f0b321f2f5c40d633ea56e24c18d1e8195d4f772aab8ffaf90c0aa3e54d62245a5d0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dd

Filesize
858KB

MD5
24573e4146eb633713b39799ad4acd2c

SHA1
2b6435b590c8802cea5e1ac2828d04eb5a34b483

SHA256
54d697333914e514b40e0649cc08c24865c9b0689e2f33171ffe3552949c34cd

SHA512
646705538ce8d8685a4eb971a3a4912f873a5fd2a0a82d6a0bc30d4ddfa8f4a1bf87a7ececbe3acb6f4ee5275f05afe0c70e928aa7a1cba6496d85ca2654fbdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f32581c2e33296c8304db49c26931fa4

SHA1
c70c21eca086b64bddfcb4aa7d9ad0427c419a1b

SHA256
67d9e677a7bb5b00bf8f17e044075cecbc635287153fc944cc83b0f29e30fbee

SHA512
92bfdbe0f86a95f7853e33df011f4bc4086634b4cf2bda7ceeb3f45bea30268fac9840f91a353673d4f95416fda36f4f2ddd8b6aa7a67c9a197d5df8c4b70d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0868cc0b7b82ff5a29c131eee8e7fac3

SHA1
be45b1890d1cb18e5b3c4b042b2875ff038154aa

SHA256
b0ec33bdd294d4cf958808dd0da16d767477234db73a6a20b644336366cdc552

SHA512
88cf9d29b9e6d99ebb99e9e7201bcfdb0e2b962fb0e7d285a6f4fe4476fca9685f2dceaffa04eea0ccbf8eb6e3c4653adde5e7cab60b8bf4b3f84adb64871564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
74f6d8e2d7fdc4a8c826bc58b64843d9

SHA1
520ca7b3d189e5b98e0b2bb173501a7ab661a94b

SHA256
0062c2aa41b2d4cb403029662496e5f88430757696e57096b8ef11625bede7bb

SHA512
6ac97c31c2f420ffe86d5779b900fa8398e08b270e77d8650e5a440b9577f0fde0b34dfff59894e5d1703a3dbe32d67700a342259bd7aabf6a7e74419a3764b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6173ffb7e8b700932e2f8dc8498b0b20

SHA1
42b908e212edf2a11cfca7b697aa0ea76dcbc106

SHA256
b594c2134b65aa9852918d78de17419050e4bd494af11ac332f37e9cdfd3ea72

SHA512
b5f0e5869aa5e0f5403a3eec90e50d18d1f476e4a27f65e05b62f04c9b15fc3fd96b77ee996d0ec423e34f61e9ea25659ae0181def8ae1fb4056c880de8875b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83dd3df31fbbd362b8fd5e821bb99f7a

SHA1
f2e5b8075390cc67ffa822b02d5b1b5ec3a27e64

SHA256
1bfe6c61bfa0ea3f80feab35dd25233690fd473cfada74df0dd7ec71e510c156

SHA512
353edbf0a17b3b06e5b15181b20037135a4a15f39af6be64aeb2d87db1518f0741bd69ce9c9e940bfb3f7815a429c2cc47147537c6c24c89b3d102a40203039a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b02814580eed55da87f0c7c6d36811d

SHA1
af4e37b3342c505fafda4eb207df488bbc5fa3b6

SHA256
064681560df4d9cfd36afc86e8bc7a33ef413203694322955f205c051907c79e

SHA512
8848f9543c3b2a486da79440a3d98bddcc62a1c19746866d6bf2152a3a217b9ccd634a5326aefc78fff0d8670a9751d1732a622932b30ceaee336eabcb6c024a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d30d58f093faaa8630b501064d330894

SHA1
00b039bc109eb3755cf13477a0c1d39a6d6869cf

SHA256
d9dfd2356d8a76527461eff95bcf9e6fc32563f8a0c56cc18424f5cfaf613298

SHA512
1048965a16722f6802de8c421a118727adfe4664474bc1f121c850303bb7286e58abaeae4053f7e269d6220329cd6ca18f812abaad5b382c6d115480579e9414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7e12361a1b271106ef5c13aa4f22ee14

SHA1
fca7a47ad00ce9dc8e1d2f3d14da13905f407368

SHA256
b43d75d021d92e9273223368c9d6b05db92a46eecbf322ffe6e10f2a39d85350

SHA512
cf95ab3a7263f54a6232707b7995372baa21b8f65e98d20c47806a30679ceafbf7be4e11f0d4dce9e6dab3f8edf6c79b7d0e59c3726a2543a71c47260dd90d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03ca7dec0f2b342c953c9b94925f4ee3

SHA1
2d861e03a9e254f88e7910fe7760df0eecffa558

SHA256
8ca45a7a2adb23310c8e310e6aa72a9d508f72edde63f96002397f706f6b2b24

SHA512
ea74117050c7f8d5ac710d2f1dc00b5dd2a6e8ca80d123e1fe7857802c6eab4595d5915c8a7ff498c604671e3ae637cddfaf2aeb2d61d4792a19816063924a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
9f9889474c76ba11158818599e79acad

SHA1
f915e138b7837a242ce17adaf26d55e924568978

SHA256
d2d264a2a0b0ad2c5df947a790c7efa3d1f0b9a72be682b3297a2622b8940ef5

SHA512
b5f3804c724ebea1d1f7308cef4f92737dd09b1055f74c1b46d195adbe6a831658064f251edb51212df4759a61ec7678656eba8fb11fc87d371f06bb3b4615b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c00a.TMP

Filesize
204B

MD5
00d64cef438ab6b072756402151dce07

SHA1
289af2ffe35abaf787998a1109d9119acfadc4e3

SHA256
901248244a5b0fbde0c9b8df5be3c30116531217f05b37a347cf3bc2c1239048

SHA512
f672430f7751f0860c3a9cd741e8d92d4f40ddee6cdf638fb81e81240e4170224b44c69a9b7cd71b042196f83dbedcf25eba1f8507b3923bbddac9de666cc351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
38941f6dddb0b5ae2f8d0ff71ea1b339

SHA1
7dc3fc5c47d19389e192e2f727f240fd4c3e9960

SHA256
2468e16346cd8b3c81c24971707f5ed9dee43f847a2935e08319890403fc4942

SHA512
f6c81035b44f03abb70756c6c14f37e04cacab901f9e9604c299f7c75a0fb0792728cef3a3a44a9bf2a613c93d727458a5140ddc2e6e90d50836aa633968a7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fea6e6f6f76869a62deea535550fb913

SHA1
202d66531b046e4d13895d218b5018b5b693d107

SHA256
f96ce11dfd270b2695a7e223ddd42c4741b5380ddc3060b059f5a82e57bc8e46

SHA512
f46f56f939326dff3d03429eff282c212afada89fc3d8fcb2bed3ba5912a139e2e015ab81fb8a78b767d9bba790878e067bcc666537b80be94bedc2221e7d9f0

Download Submit