hxxp://itch[.]io

Resubmissions

22/02/2024, 16:16

240222-tq9jvscb91 1

22/02/2024, 15:39

240222-s325wabg61 7

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://itch.io

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2828415587-3732861812-1919322417-1000\{4A24B190-8D34-4B22-848F-3D5BAE84511B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1976	msedge.exe
1976	msedge.exe
988	identity_helper.exe
988	identity_helper.exe
1800	msedge.exe
1800	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	8	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	8	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2916	1784	msedge.exe	85
PID 1784 wrote to memory of 2916	1784	msedge.exe	85
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1988	1784	msedge.exe	86
PID 1784 wrote to memory of 1976	1784	msedge.exe	87
PID 1784 wrote to memory of 1976	1784	msedge.exe	87
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88
PID 1784 wrote to memory of 4220	1784	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://itch.io
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffad0ea46f8,0x7ffad0ea4708,0x7ffad0ea4718
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3940 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1866269342084020642,6207563090204002328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x3ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:8

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
0b1f49591e87cdf51358a554ed25fe3d

SHA1
7913c272f1cd1675d73dfb2ac43992f7c5626ddb

SHA256
a5de42db80c7daa5991e013450105eb78e447332e14220051389bb9a27bf3b4e

SHA512
d6e0be7fe6409530ebd9da627a7816585b16fe17a78ec9a236c4e9fb96b7178491444ad9f4ca033c937fb8e510d3e9e82821ebbac2855a73401bd41a98da6df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
72B

MD5
a871778f0d9daec8bfa5198b3dda610c

SHA1
69127c24d8946825827186c92e4cb60d224c0c74

SHA256
05688a1709a2c4b87fce486b97902d1e438c7e5a923f91138e6e665c5695ca20

SHA512
0f8b2a309345934c3a6d804158a29faef1fd3f90a94f8fcbd4caaffa36f68bbbd22e28bef55477fc812c3f33e1154a93e310c4836f91593b06aecd76330897b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e9c3f0bd41c39cafdcf2212140209997

SHA1
de7ce2df3f73dd180ba15e462dcc347c6efeba38

SHA256
0f3d664c370a4c641284424a072e884d318c17bc836f28e5964a5409804848d5

SHA512
00af8295cea654d4e55aa4ca624cd30ba4b5e393d46085f1328e978662bfae866dd4ddb9b4a8027509e10ffa58f7dc5dd862fa3ad7d8beda312dab7c23507487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8722df20ac175b519b0b774353603c8

SHA1
c3e78c819755986d662cfa642d38d1032de59716

SHA256
5930ae190a1edfc13b743c67575f284737cb86fb52e7da287c06135a1bf886ca

SHA512
3d82a3dcc3ad8bf056d657004e1dfa5a3fd6fbde3baba86fdcd7a56edbf6813d3e7a22ab2b5a8b5aad46503822059dac792fd6e748af70412cd4ec3eb92c0c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d4e987ea23f5b826e7f111ff7910c67

SHA1
98de364a97c7c307e26de2527244935aa7af5616

SHA256
f73a1e3f1c7ca272958a5a0f3a5b5088686fb8108cf3deb9d7bf7e03a4c4ffd7

SHA512
e6c4b031311ce3ebb14aae8591351a3a75a251a1eee5eeafd63268ef0a54dc31932f8705c335c41d414befc03a6077427a4538794a1160792d86032330505aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
56185bfe0517cb8488bb5767d8fe4dfc

SHA1
e93fcd311eea1200a88551dfb2c973a62890e52d

SHA256
cc581c1b54383a8b340ea27d8da19064a546c14e1f1bede2714c6b9b86e897e6

SHA512
7091f904d0fc4328fb263904b3cac07b4318779690ff97abeb0773e283e6701e771d9a4e02418bb90621ec86397b034effbd90b2cd55abdbceeec5c986c04b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54bd24e34e1e4fe1ca22b32b17081bc7

SHA1
9f1af98e3983e86b681ef7b94b13fd3f4d917ea0

SHA256
87be3a9a6946e28dcaf0c1aeaa74fb3b5281ef30ab2e5f8927009d23fa7595a3

SHA512
97c30fa47aee99fc7cb1d8fd59c1e2a936396e77ee877563c41259fc52162b074c7e2b407c204ec73fb517d7f85c961e41aabb366c358030b5c1d2154156134b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a6a33c36f9ae5ef29cc45fd7c88e6a0c73e1c12f\cdb9095f-a13a-4782-bfe2-37a9ac6d203e\index-dir\the-real-index

Filesize
72B

MD5
2015e323a1ee3804b2dd72a2f78a70c5

SHA1
16117ffa429617584a64ce83ee54bcc92766ba99

SHA256
94b0b8a20b595cb15db7b4ef3e0c6f2621f3725a03a3c763fa90240446de86b6

SHA512
936df0e9d2c86817dc0557e63f5eed1ca5d84964a3fad96cc0890656bcddb327d9f2f28e0f2f83bac11384b526ef060f3f6ef903d0f6955319c22f8cdc1847ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a6a33c36f9ae5ef29cc45fd7c88e6a0c73e1c12f\cdb9095f-a13a-4782-bfe2-37a9ac6d203e\index-dir\the-real-index~RFe5850ea.TMP

Filesize
48B

MD5
ebb8500fccb7bada6f0ec11859520fba

SHA1
17cd697e001ae35acd3968a3c8c43f23fd708e59

SHA256
b71dda6a8fcadbf488439cdf7350ab4884f6ec0bc1befa1d59731199ac4b7f77

SHA512
9ac903ca64f937df8f7d93b2ec84f982ae17c39fdbf3fdab550e4aee67ba816e0616c35b2ee40aa2837240f38c75fb9e440c59cd56a168c7af913a958917c0bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a6a33c36f9ae5ef29cc45fd7c88e6a0c73e1c12f\index.txt

Filesize
126B

MD5
5a28907aee5715eab32e11b391e0f972

SHA1
fb5bd5cbf66aa2bd8d6179963a95c62f57351b07

SHA256
7d967505c8bd088969c613183dff33506997b8a0637da07697bd059dba8ca6ca

SHA512
48d60b394ccb760c03a1ce603559053e39ceae34681ca538b52dd0d61d8bc276701c5cb5a1876bdc4c36b29ffa3a982f6b7c8f36542a8d9d3a490a77014997e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a6a33c36f9ae5ef29cc45fd7c88e6a0c73e1c12f\index.txt

Filesize
122B

MD5
d0794887a88e05788618f90362ccd809

SHA1
4e181444d5412b6f0466054eda47d9529756ce47

SHA256
c216127874b004e6300c3e4a6c036f01a900a6192ad62e41d58dadbe45934a7d

SHA512
817054d9b9cc9a73291ef12ddf4987b0870c3ab8476b1d2e9af852aee52f506a3b8e1396db95696986d886af338d04296b4f5dce143a8b3c0e1b596b2bb88210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c699e923a65c489f05db6fea263c53bc

SHA1
129754fa6d774a5655127c0bef1a4ead11371662

SHA256
8771d2736a65de9cb9d644ace8666e961a0abc643ebafe371dce3dd7a3ef2a18

SHA512
73610c0626de5f34cae1e41a9dc586d985319dbdb1582a66f1a5cbc6095960c5934f646b17692c1a70b37ae882fa989e7a350b8f173d901b861baaaab1dcfeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ece0.TMP

Filesize
371B

MD5
a3030852808c8f00aff76cc48e64a68a

SHA1
6b4b79bb9ecf8d29de37a7aa29f0ce614f04741d

SHA256
91a69eb90fac6cb58d307a91e9b5690e87757e518e3bb5ca11faf29cf995ba96

SHA512
82a3dec004c9eb768f1ea26ee4539c674d272fd6dd1a08686c539f64fd7f69de1b45b6d007b4814b82c461e78abbf792077a717894cfde59af0a6152516f66cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\efbe9aa2-42e2-40cd-9b4d-ab1431926ba6\0

Filesize
11.6MB

MD5
59d07d30d379b118f4a58ff977a3b23c

SHA1
767a363485237e73a2a9d4fb171e8c6f3ef7d99e

SHA256
d3bc20e3777b4a99e083fb4028bed50570d15923bf22096c2117b90009461a46

SHA512
16bc8fe2d61103732a3ecd95579ff881823f0bc6577b695f616e4969aed9741d91e55ec3b001bac18e3d9281f8f93aad69a974c2f50f1939102b6d7b1c6b1662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa24f13f07cd973c69172d471a03c4dd

SHA1
128b1f2da3096f448ff42d4a0d39a8b46ca974e2

SHA256
c96b4d5291c0aaf4bb079ce3324f50fafe7e79bab4c69fa0e0b51a81c2932156

SHA512
1c876eda65005b88f64714efb987dac8c9d0b25619194be6a11df374fa19e522161a78a2c6aedd6a4187b4b725e49a40c3b6617c8714f98b08d479660142095a

Download Submit