hxxps://cheater[.]net/cheatcenter/

Resubmissions

25-03-2024 16:51

240325-vcx5cadd46 1

25-03-2024 15:40

240325-s37qcseg91 9

Analysis

max time kernel
600s
max time network
590s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cheater.net/cheatcenter/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4036	msedge.exe
4036	msedge.exe
5684	identity_helper.exe
5684	identity_helper.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4964	4036	msedge.exe	89
PID 4036 wrote to memory of 4964	4036	msedge.exe	89
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 2524	4036	msedge.exe	90
PID 4036 wrote to memory of 4364	4036	msedge.exe	91
PID 4036 wrote to memory of 4364	4036	msedge.exe	91
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92
PID 4036 wrote to memory of 5044	4036	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cheater.net/cheatcenter/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1e2146f8,0x7ffe1e214708,0x7ffe1e214718
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14209090739649502125,18202252104618180433,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8cbff691-99aa-4e01-a08d-bebb72957f4b.tmp

Filesize
12KB

MD5
f211ffe953daa775743d12c87b955939

SHA1
52ce68d7ff7783e3128497e17a8a71aef357fafb

SHA256
753e59512fb1eac9b7d0fb2e0bcb8abf845a245539add6198ce1d0a328d53649

SHA512
b41488e2b338f96ef3d7c33092738defad4bc6da2a7824d5e3e948b95c158314f9f10c44b87859b0c92c2d44b36042c095c5e4ca13f12b17e0cb223ba6057cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
49KB

MD5
c0d0ad5f5383b8a5c9eaedd7b8ac2470

SHA1
7c148026618304df296af9ae5dcdd0fb3866cad1

SHA256
48f40cc0d3a6e9b35cc368672a3a2da76f3ac463ee9a08efb99296c4f73bd0b0

SHA512
2e8318b9624b37cab9ebd4f2ea90cd2ca7a479a67ba87dcf16b308e234dfdd8e65e8481b01a14aad44f94ec629ce815eca49fde412af816dca40c7e5171144ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
19KB

MD5
19bc108465e0efbde12fee516586bbbe

SHA1
b9a8da0b083d325eeffc08e3c0bb82ada15359cb

SHA256
1bf3beabb0d06117b7cd17d84dd1af3d5da041d87ffe90ff1982207278344b47

SHA512
4b8d26a6f564a88a9e4dd873759ffd2414bb83e24f7da7a5a5cfb10dc25cf1a827d9aa8d02adaf8d37de47006323e7c6c03a70fbc6ad98d9fd6f0923f6ffe251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a678111cef19401d131f12af87963b51

SHA1
f5c080d68c63795352748dca4cc5aeb2d4b7396e

SHA256
074b4a26c1f55c5012535ad9fddb63160cf567c528c1d3070802f53b5a8a0899

SHA512
e7d1509ccbbd5e400a0b20b32a193cfc2eeafd7fcde90d940937a05cc2336eb29d4221e0009296548f59694d23e23c92aa073cd8071ea95f3eb90e3c1fe55649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
63991ee0031370ce8ca4bf35022d71da

SHA1
2a840347bc84de57f85cf216539d4ebfb99809ee

SHA256
4ee863c1822ec8b672e9cdfe3dc4031cabd208859347452cf0f79d8bafba5e97

SHA512
251e7674f36f69efbde87c263a8aabeb25cb601d227aa70f570b8c9304cd8352c44944ce5d87c62ee2a5394a757b30bbbc629689ddcb3015e6b6ad3daa8ec049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a25490a61e7d474c472d0067a42bffb

SHA1
338b7a82f6f37fa41a951091b615c8921158f117

SHA256
aecece0526a489548102ebc90a67a62c9d7dc620288f87d19bc474ae7a91a0ad

SHA512
2fedcad31d0ac4bd2a9bc90e4a2604c185818aa3c6f9e65d9a6a8a1f8ddb14f243cdc298cfc54c486a202347cb014c3c24e294dec1a66d5ea542b17a5eef19ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fe7b0067aeff008f3e614f4b0ad89922

SHA1
3d818fe3aba0245e5c4000114a4abce8e719199e

SHA256
52ed16e3acc2fdb3b2e4551a29304e7895d48505ef72135820d00412f58e7611

SHA512
b1a8b7e355ccb87b8e339f89cbf8726454c2b611f127e32d578292e5e50a1dea291be24bb2578c16e647dc0d3b5c40178710a4516d6c7b3227f04ee25caf441b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f8995df252b6f01f4fac0b6af6c8ce8b

SHA1
3125cfcb64be00e7c177cc8d8c2de536d309f0a8

SHA256
e003af5714be3362866a421193356ecd1d6049b03555c0e3c41dc3b18ef6a2bb

SHA512
8edc7cc0702bd5f677e406a902f15f0b85edb86cb36dac6c12cf3250826a065d8397d514976ba1b300c72fd717b985679c391aee51bdc2fcaf0677389e3738fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4aa628735a40526680481d99fbda3dcf

SHA1
08c3c36d566ae56b69634f25e474b6abd3984fc7

SHA256
6556ed18d51cf6ede776193fca5b643e1c45c1e3bbe7e6965fe701557f7b5899

SHA512
9781cfb3a804a2ee0f3332f7a42faa28117f592468b4d7869081928f3f7fc785fda08afaf9e36096dcf18e982f4efacca0c31843522259a2477a595f4aff2d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c6daaad9696ed591d9a4372bfab737e485681248\762223a2-80ab-4806-916e-f9feeda76e0d\index-dir\the-real-index

Filesize
72B

MD5
c0f1b7e230aba58736cf54bd7e3a05e8

SHA1
d23730f2d5f593ba5aade8bb93dd7a3f56df209e

SHA256
363326dd727354a3a9738cb774ab24b9d2c9fcd6f00ba3e56c86ac0196985c94

SHA512
09736140adc0e427913080ef73f6ca76e9a21e2bd728505da31763e140f640b5b8028c0f914706f46bc12935c5f4497b29b7d8ad48db492b5b11d37c78e9973a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c6daaad9696ed591d9a4372bfab737e485681248\762223a2-80ab-4806-916e-f9feeda76e0d\index-dir\the-real-index~RFe5796c2.TMP

Filesize
48B

MD5
40dcce9efaffb3619481872fb68e320a

SHA1
3496eeddb45ceb024bc8c9bcc3f1cc3fe6d46374

SHA256
5a33463de1bbc0978c32a9f97cf4a9cf6ffb3fd3998259dc9ff41daa1ec3702e

SHA512
55df3758a719909ad86d41eb4d48ac14ec2c2153eeb38a0da28d410cf8fa97fb985bf71e2f6b1ad0e62b1e89c54f46561ad1d926e77a5aec41e50cb146f7b423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c6daaad9696ed591d9a4372bfab737e485681248\index.txt

Filesize
87B

MD5
9ecb006a6990f8c57ff173648a5de728

SHA1
ee235c8813ae96391c4525f7c91b38f5dabc1cc3

SHA256
c89ae5a3b5a044d967006452227fd5b5f40e5d9a7ef2515218f16159b952bc65

SHA512
b518a1a293cf6c3b0f921c03d64a373cfc2cafe846dcfdbc59e12ff231f840328063bba4bb47381db7045fbfa98c79b6cbff41a1ba55e8ccf38ef89b27715f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c6daaad9696ed591d9a4372bfab737e485681248\index.txt

Filesize
81B

MD5
5092a0291d00e69229d49ceba081bc14

SHA1
1b01b5badcdcdd04a1c728214e6de9c5f17bba98

SHA256
ddd04115665dbea88a4bbc2b7e91abcba9819be750277072a03fe650e1d1de03

SHA512
d7db3da139b38e9bd5f7d5aeec87d44b754da5fc43d2610eb31b5f354ec9becb188e3d62f782c12c801bbfbabd663370f58506244b47e88ab7833b3eef26f2a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
91173fd84cf6856bf10e57ed193bd109

SHA1
d4ab1f87fafa588135bc64590473479be11ca984

SHA256
00e82208846a332c7b46943841dda460b252eea74c58573edc6d043d6067ab69

SHA512
5fa85b76d32be91b700789033b211ada015bcb7500f99a22e23a67bfdf6de48f8811244131ad1ce38d8e2793b8160589960bface45459318c4253036b2409a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3bd0e2f9f41015673ecac5f98e490ffa

SHA1
ff2bfba0baf5ed4bd444b5c290477e32dac4d190

SHA256
bc028f70a642f0c8b3e64c50baad60f505b49639cfa99e360910435e394fe7fb

SHA512
373f768458461226592659eb8413e8a989d07a728db74c69aed3225f521a5184dde73e67c7d6b96f83396732d0786432e29cd7bc81e71cd433f8d9ecbe59fbf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5500aca-5e6e-4ba5-a62f-fa87fdc53e40.tmp

Filesize
6KB

MD5
378b4361e85152dc1482574310dc46ca

SHA1
9a43819876402f9299c77d3fd5a217008f8aaa07

SHA256
bd1ecdf99d6f6592d31fc6e22fa63b8fb40edf44d5b54749a038b34be936508a

SHA512
a1feab29784d96f6d0efe974e22e37162ce199def44893eee29a4530ff3db51d40d368ffa7d15fd6b5d3f8e7a598a57136c18402b9d292cc5353d991a6d61549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit