hxxps://ezcheats[.]ru/gta5online/kiddions-modest-nakrutka-deneg-razblokirovka-predmetov-i-prochie-veselye-chity-dlya-gta-5-online[.]html

Analysis

max time kernel
600s
max time network
659s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2024, 19:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ezcheats.ru/gta5online/kiddions-modest-nakrutka-deneg-razblokirovka-predmetov-i-prochie-veselye-chity-dlya-gta-5-online.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\modest-menu_v1.0.0_.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
2220	msedge.exe
2220	msedge.exe
3292	identity_helper.exe
3292	identity_helper.exe
992	msedge.exe
992	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 3860	2220	msedge.exe	77
PID 2220 wrote to memory of 3860	2220	msedge.exe	77
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 980	2220	msedge.exe	78
PID 2220 wrote to memory of 3916	2220	msedge.exe	79
PID 2220 wrote to memory of 3916	2220	msedge.exe	79
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80
PID 2220 wrote to memory of 3092	2220	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ezcheats.ru/gta5online/kiddions-modest-nakrutka-deneg-razblokirovka-predmetov-i-prochie-veselye-chity-dlya-gta-5-online.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd4cd3cb8,0x7ffbd4cd3cc8,0x7ffbd4cd3cd8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,4976101673813610028,11708733840996604514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7648 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
16.8MB

MD5
13b33baf9597ae6ddc68fa9634af16f1

SHA1
57f3a723634ec00b4f09d066bc0607084cc4b6e5

SHA256
75a3295f8c688359fcb7555b80e3f71ee42c5ac1d4525a39b2571107acf06a45

SHA512
ed38d6150cbeae60451b74ae50af1bbbaf035924fdd266cf8a8fc8b84fe403dcb689185d1a9b5db048f1c11106a1a655d14d4833c7593512c5661d4c587a2e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
4a958948bbfa63b765ce5e846bd0903e

SHA1
2334e917cb73852cc8b0e31a0afdf0c21feb8802

SHA256
0094808b9f455a15137e211b1970dc62b96ac912e2c601b63aa7f65d71d0a3ec

SHA512
adf767655fd7ecb7fb0e2dc952f0ff74f0fe7110b17349b5c40d55523157debbb7ebf9b67cfe404ce1da4def8ee209d421c00fe08f7257cd0519b238df61e7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
2ced184e21dc9cc771925a1857dfe1a6

SHA1
b18e38efc0104b4430222c0337667660c32ad7a3

SHA256
dcc0ad8c61068da06a56155a892410a06f0d7b445004c456afb5137c67667d17

SHA512
5de01f3a1f5c0f8dd1806f527f1828cc10e2f19eaff6d0263655373c2b55828ff92c878a2c806d9084f8ab246ac2d6744916b909a1d6ae287f6ff5f2af3ada00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e42a13e2cc8cf7069a68af249e72aa06

SHA1
369f1e86959d300352b4c5f557f2287a110e8cf2

SHA256
d807180ff857fa736ff39caf87c6ba61581d1d20e8261a80de3b2ba4b378a395

SHA512
e218afbc83cdfa060a1a1b73893fe740ed724de41d3307fa97d439bb675032bc71247658103f1642f3fee330aa27a6a9a409800bbe1d8083d057d79c2b691ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
54f6adc29487e5f79806bca97acb3491

SHA1
83a46a19397293e8a8633e44dd3175a2c89cecef

SHA256
45fba603a66958080d1a94b8a085dd297d8d22bfeef276044e7f673060c32976

SHA512
9e9a452b4565f05d3357c7e64c220b7d8cac8902b3bdf09d6e2b37142a876c5857e9e925ecf51cf83aa7e7827e177373f4b2a56df27df092ee73daf41993c01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f825658b721f44e0c67c82e36f174878

SHA1
6736cef21705e2e2b435159744c21355a3e7a57f

SHA256
900ca82dde7e490e9f16a390bd7a2c4509f020dc763d86327cf56f3ec3abc797

SHA512
44028429a9edadd099fc2715fb51fd325037173ac5d298afe9918e84b1984c0effa69ff2058b228f373d2cecf3dbc0561e49f6a9cca7b5d7c3a27c5b29b7a42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18ba1ab19f759816b93daf9a20ce3c05

SHA1
44e7bbee13f7ee8ffe122c9e6527bbd1d81fef85

SHA256
9cd07a08c778faf534be84e15cd35e456877b6feaeaa8cc5374bcda9c9d2aac0

SHA512
28e82b66258572c99b7f0bf3f0f15a923e73e46d033f8be7bb72517d5c2d45910ed125aca50ee8c7d647191a9f9b3bb8067a536666372f6d60ed228e705565ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc89b1a134476e7531786bb4d4acbd87

SHA1
d9e0d0e339fe40e270ae8e22e1f932df717346fc

SHA256
b131e5b784f564bef8e1893b0e8d85c4dbc812dbb9c11460aea3390cbb404a9e

SHA512
89fc1006cbc22837b8e9f3e988bcf2a7f7e4c5dda4535f04300821f2582d0440823fba56d990e886e68d3e230cf3096d95ce067dc0a34a1caa61419b094722e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
80a2a7cc52b58e551bf192dc07461f72

SHA1
68c648abf0547a78d0b186ec3a4468153c5b008f

SHA256
7eed996809ed7a1c3bfcbfd12e7067ae4bfc4fe3905328d8c8cbd8880374a021

SHA512
bfb8b56939ffa0a842267d2d091a8795e164a05f112ac1a870bde931875941a6bbb0242b2931d26f4fc013eb4ccc8da2e2fc8e41c74dc18fdb0b40bcdfe734d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd5f5f86c56d1e7ff2847dfaf792b56e

SHA1
027e2d734bd22988e95a7823691f7b6f50a3a32b

SHA256
ba66cb71bc158e5c8893c3d48f4735d670179e4602e675444c84c8397e5b8aac

SHA512
3aed0c5fbcd27a352809084dda0336975b0ef04cc63e8c423cd17f025a7a82c6e06ee1b8654f50cd231e028d3442a84ea8f27f9ebb36ce1e37cc623f7c648c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8963860af94d9e5ac4aca850ad93458a

SHA1
1921702972b72eb0f38eb48598fc7fe02889ef45

SHA256
107432b38e556d3c56b5a8912c1dfeeb61ae3cef09fb27178cbb735307909edd

SHA512
d9211b36608ec2a36a5969b1fc8742f6ea517c819d9901fad9d4e333786854e487c5aa38c89e00e98ff956ccbff0d6a88a8385a58eb512dd69dcfa575522d036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0dcab0b421d5d70656488100a6cc1495

SHA1
2ef2ce9c45803709df367c77211d2dde93863c52

SHA256
6e26c7afdde1adec5bd30d076ccc91e60eeb18b62d1752770573e2122e4aae38

SHA512
fb8c1915d4e1ec6d98fa446b5d448ca64ca63c367b43f6727518ab209ed6f4cb8c098005c0e40ca54d9bd0329254346c992c534b346705f89f4b8ff76ad68e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fb09dafe14b91198b02547d84a852c5d

SHA1
9c96a5ed03dd28a59c92ff5ed4c0f45b271acc25

SHA256
986dc0460e6e40fe06e383621ae54e584d4bb2766ce476978e8e9608a41f9869

SHA512
643611ea174c6992ed9ea78515d87064b5f29f1258acc2742edaa46f4180165dff971d140bdc1537ae3ac173e4b9056cb29d2d404096165bbba6f6397bddcf17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60ff62c5aa1bfb106628e3624f8e0bdf

SHA1
332512941b53ab8b18746d65bf557c710da77267

SHA256
f4bb464a424caeb41c832f23364370ce1c82f242b440ac8fd399f7719b4828b7

SHA512
1dcd25ab642dcbe36591bffcee52ab7a095380015ac259fc95a77bf823cf950486963ebc31fb549b6e3b5e03493bc88fefa3170c7fcd13d4c84678a307768491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa128a577ee0c87176eafb4960b03738

SHA1
13334fa48f30aae758d007ac594e7ba2105136e7

SHA256
0d295a8947b06d1da960346c9861dbea573d7d275ec971512059df9d5a6f1ab7

SHA512
4e188946930061f925f42e424536396076e1eafb34d8baba94e774a29eebf4ee772c9160050649a054282dd01d32f9ccb030fa3192672e093f65f3fa9d75da80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cbbc.TMP

Filesize
1KB

MD5
3f54efd11f35a5ef46b38cd9515fc83d

SHA1
6df0d3da980ec764df5dd477193bd3a8e8fc5c53

SHA256
accbc41bee9e548c9876466744169c3b54db9edeb9867e84e448884d40a3c374

SHA512
b7b385a0702e5a0e173d54a014b4e5d8bbc0cdcaff035ac0d0f0fa4f9ee8be249ab90e2d498b3024191c069ad5505ec2c1c27c04c1027c9a2275cfd204c4bbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cfc6483d-320a-40d9-9c94-642b822e93ba.tmp

Filesize
3KB

MD5
f484840f4b25546ba60860f195478f90

SHA1
f4ab35a9d22f402d89f5992493f15fe80717616c

SHA256
399a6dc7f4a54252590977c5b1f7ee15015c8eaa696ec00df7d9c73f6899c3c4

SHA512
de36201f7dd10e6b6cc22e59c43f1d2257d24d262615e22aef360ed5444ac11cf04af67d8a2772ed172337dc403c646ee743c656e80ef3923b7f90f24c8c193e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
266be6d48ec9c8124cbf006ca204b7a6

SHA1
0100cf6c9da366f1df4383010c6f0a96fdb437c6

SHA256
05906ada75df25befe3c53901824951e5e6c38042d83868eb19a57758307e51e

SHA512
23dec1354271abaae12932bb612e944c3e2e8340cf738cd1e1144184cc00720c1b70f7c67a962ac8ab0555c70f727055e8dd7cfb38f2a4b7a155bc199a118518

Download Submit
C:\Users\Admin\Downloads\modest-menu_v1.0.0_.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit