hxxps://gate[.]sc/?url=https%3A%2F%2Fkrosnoth[.]online%2Fuser%2Franwakeawood1982&token=d824ef-1-1713535421999

Resubmissions

19/04/2024, 14:15

240419-rkh4lsfc7z 1

19/04/2024, 14:13

240419-rjkaaaed52 1

19/04/2024, 14:10

240419-rg5hfafc3w 1

19/04/2024, 14:08

240419-rf14mafb9w 1

Analysis

max time kernel
107s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gate.sc/?url=https%3A%2F%2Fkrosnoth.online%2Fuser%2Franwakeawood1982&token=d824ef-1-1713535421999

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1536	msedge.exe
1536	msedge.exe
4896	identity_helper.exe
4896	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 2372	1536	msedge.exe	85
PID 1536 wrote to memory of 2372	1536	msedge.exe	85
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 2036	1536	msedge.exe	86
PID 1536 wrote to memory of 1096	1536	msedge.exe	87
PID 1536 wrote to memory of 1096	1536	msedge.exe	87
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88
PID 1536 wrote to memory of 1696	1536	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gate.sc/?url=https%3A%2F%2Fkrosnoth.online%2Fuser%2Franwakeawood1982&token=d824ef-1-1713535421999
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3e3a46f8,0x7ffd3e3a4708,0x7ffd3e3a4718
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,9253948348817194513,7846829016294026192,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
fc20a34a402566a56e8a66cf15ea4095

SHA1
21ac3e17d73401612977e68204afc865b8ed086c

SHA256
c94835a1397f390aacbb6c67bf52155806d991fc32074be6a05b4a1aafd93293

SHA512
c7fd2fe74e8a94a0ea77436e9d091722faab9263368533d57d7920829d58cf303508a563ddc2c66927f67e9085f2dbf470a7689abf34d4febacddcf3966db14d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2b4818f2f4729819dfb42355df4dca36

SHA1
c1b83fb1553029727919f89bfec814727cc20f17

SHA256
4b29df5b23e0a30f9ef3eea912cbc97d2127ba752f082db416279a0c2acec803

SHA512
daf5e26071d96b76f28c3bb3d84454e6b6cec8f44c703ea50198e93e48d6a50118817d9dae844d067189730edba974ac6d0cf998a30e2113e88e8a3fdea7b52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4a3d78ecf503e5cb56ad5b67014e3d61

SHA1
5f0450fa7e6973ee8bfcf865550b032a60df1a1f

SHA256
1d93c54638d082bd932bf4a163803f74bb93fb316a8dcd83c4ca78ea232ea70b

SHA512
215b4e1597fb20902a41b68fd49dfb1f388675561aa90e9a806249d5d88d989ea25768ce391e10cacc68bbd31b2d01eb0a45cc1a0f499c53e38a04385bf5dbe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55e3de22898bce6d1c22818fa0504e9d

SHA1
7e25c8a26bad5b00993cde75bcc9066abcec8b11

SHA256
bdf178b5f7b0641bcc8a485c0cec361ab8f62f8b79589240553c2e4fe5ec6cc1

SHA512
b5d474ab8ad345659d114c3d94b632db7beff30a641fa332a3763dbd7328056d271f1b8921cc2d3f85896f2a5215c08d4412cbb9db0534b10e9abcbe75dc9885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b5862ecb2419b6c289ecd70198a5cf1a

SHA1
3dc5b5eac4c39a1c57078d2926181ebd12cfc3e4

SHA256
c43f22a7cc96fb00b96ab2b9e7e07ff8af70666a79cc4d448c9038e2be9e7a9b

SHA512
cf9e10773e138c00271876fc77b023f143bfad443a327d5a255b11f8a2ec0da3f81aac035cf8dccc8049f131738f89b15acd2bd9330b851c645d56e606b85788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fda7242ea563a5874bff25bf1ee51138

SHA1
c622270ae8b384c06ddd895c153aa5abbf520fd4

SHA256
3b33b418f6b755b78c5b0c538d6cb098f8fc05332d2ba8f7abd86945498b159d

SHA512
6a62d4ed4beb0d9f200ad0990163050c332486ef8321690a2fe8b1ae33def7dd58798e690bb554c07ec603322aba408bdf7a78dc7ca864da004c570b6adabdd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5fde42a0ae077031df49627581c011b

SHA1
a47ca8fcb2776822c19aa2055b3b230743bc26bf

SHA256
95c9c9edcaaeeafdaeaaeaf0a0eeac262ff3eaadfc6bcdc3b12418b662732221

SHA512
30ae07756a97bf57077b0990287843f29c38c6ad7fbb8351c87678a7a83e84045d73cff08c9aff0c42ffc95e49f377ed0f935ce1cb8da8bfe7a5446eb260d150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c9825a5b1d336eef778d2131e893bbb8

SHA1
622a8c4de2e82f3ebbb39b550f8401bfd876a4e7

SHA256
9693e31ecb1abace1062c0245f577a54f7b654edd94a378511201977393042cd

SHA512
ceb6233170bc343107660f4af60f70115679db7516964335c1c509eb26b76d96d0a9d98428d09df3b01d26b92309c8e11a9dd367af604bafb5d7103e1fd76b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
920090b97278a577fd0bee054dd4d5fe

SHA1
fccf0d2553307c43c35d454e41f67095af51f362

SHA256
45463996e3e432f0d697012dd14784ae07d216378b25f5933632593cb72f6d47

SHA512
136a5c6ea550d54c097c4ecac5ee7e69152503ddd203c9aff218504c1726600ac45bb5ecdccdecc0a54dd8c96743103a7cd750676561197b48530e0f4340ece9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4739b1fb56bb658bbdb7e2eec5a02b88

SHA1
bcb7177d9e6d465b29a7cde2c3356823d7d368c6

SHA256
fdf8607ce903cfbbaba61b67bfead42600c3b2f35c3ea6222aea3d11a536eab0

SHA512
6d6dfb3fe555f9e9e35b6d2c80005e23c4fb50f8492ea85ef6dd2c33981feaca1e0aa24beb286e4bc7883e43cf0112136933a70868f59c2d6074ee96b5b67514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591803.TMP

Filesize
48B

MD5
40b81e66c474597e5ba2cc8edf83dbf1

SHA1
d8611cfb171039b3a6a6e18633f831f0ba601e80

SHA256
62b7f80ab0f71c35c95de08711c1f00aca4aba9a6e34e62b202d65a8151e797e

SHA512
706a556f8498758bba1e98d1721df0ab09b380c72925cead78f71748b497692a9f3708e53fbc5358d5bd087f708d61841970384bcc5be7f0b946e305eb7e51a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
786cc0e33ec7c37c0f0528df50f7cc56

SHA1
f77efa02506003f264801c010fd1ca3778f20798

SHA256
24910629f21c932cb71c8341a9af7c8d852bb0236b5a15ca1544e833237e50a4

SHA512
d53c74bfa46c8d442e1b8e90b2f9ca9cf97982256e49edef8baf950a2b419a2f2fabd1c3cbf2a333437654ace69a11c54036729a2ccbe576e7a279134be9ef86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588a88.TMP

Filesize
538B

MD5
1e7fb8a6fae4fb72e09d3de93cbbd7cc

SHA1
56a1e7f3dc5ec7e39e8e8e43c4a967a715d31a7a

SHA256
9d3fdc63706cb4329bccb7a1a544b2b05908101743a5ba6a12dd3f0aa751ee73

SHA512
ec72fd415d3a046e0e1c16125d45dee0b49ede8084bd9fc70a9345c6bef07e6a503e1dd23fbac439abe63269be91854625b4293ad17237fe57427eb33e27ce69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
13453325351d6c8b096557de2781c165

SHA1
d6de2d0f78867d74e626c505a0eb024991bd733b

SHA256
9c557835ce08e03cd9c39597f0ec322a7c91e096393c13ef666711b62f539c44

SHA512
dcf61569b301185cadb1d0000575b307c783a111164d0e1f20a27f3c771abfd3a350901a6f1dfca283b744ba8a772ac0974b8fad66846f3d60a0eada25016af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4fe2485a3fa4738626337f65f950874e

SHA1
9542f9ed20fb28f7b7f76baade11082c70ff4d9e

SHA256
ae070291549a011110a13fdd2d7159a946dd98a30dd1067beb8868d4d0a10db5

SHA512
7e89fbadcf071bc8eb911ba982344d760d58cef2c638267d9435a231727a6947ad2ecf29a145d9191d5bb37c19be241eebc571599a454431186cbc904f09801d

Download Submit