hxxps://gate[.]sc/?url=https%3A%2F%2Fkrosnoth[.]online%2Fuser%2Franwakeawood1982&token=d824ef-1-1713535421999

Resubmissions

19/04/2024, 14:15

240419-rkh4lsfc7z 1

19/04/2024, 14:13

240419-rjkaaaed52 1

19/04/2024, 14:10

240419-rg5hfafc3w 1

19/04/2024, 14:08

240419-rf14mafb9w 1

Analysis

max time kernel
90s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gate.sc/?url=https%3A%2F%2Fkrosnoth.online%2Fuser%2Franwakeawood1982&token=d824ef-1-1713535421999

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
4296	msedge.exe
4296	msedge.exe
2916	identity_helper.exe
2916	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5628	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 1628	4296	msedge.exe	86
PID 4296 wrote to memory of 1628	4296	msedge.exe	86
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 1528	4296	msedge.exe	87
PID 4296 wrote to memory of 2748	4296	msedge.exe	88
PID 4296 wrote to memory of 2748	4296	msedge.exe	88
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89
PID 4296 wrote to memory of 3804	4296	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gate.sc/?url=https%3A%2F%2Fkrosnoth.online%2Fuser%2Franwakeawood1982&token=d824ef-1-1713535421999
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6afc46f8,0x7ffb6afc4708,0x7ffb6afc4718
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,3373301298812647355,15137201439093799605,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x38c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
94KB

MD5
54322fed505345128683f1d324608b71

SHA1
7dd56ba6f6a60c7ec537c6e6fb51e2583d1d3e38

SHA256
60dc662df463ede4ecd32c9f99f6adc59713ffc9dc5bb7cf35733557825bf32d

SHA512
b13f2a9d2b099d81963539c4f4e3c5d4fe15670868d82c15206a1a64da012329a8daca51db855717b5f7ad96871039a5db5c98572fb7da7b5a42c16f57a3b9c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e5be08780ca43c49c1d0814767ac720b

SHA1
db5e5a827f7786df758d59786e2e398b7e2dd1af

SHA256
ad5bef56232f2266ef0bcda6a019f7f3efc65d6b79c4a52c58a4387e9c5ef216

SHA512
1911004815bc9cceb13876485bdee0521070039dfa281626541c558ccfcf743cbd81e1af3327a351cbd7e61fa240752964d442575eefe66b6dd00ec8ded4c905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
081fe3b703919ed52dbf7d287ae4fa38

SHA1
58f9929280925a482d7f9223a946d166d18b51df

SHA256
2240a14bc7b10bf4dc6debdd572a63d162ac1fd46da23837644e8edf2fbdf0a1

SHA512
24e0d9b5d3d23c22108a595264015bff981a7fd09b262148377a520192741690e8ff81ab79510e459fd098967000119ef0879b6ad3d07bee40a0de4e56d7a167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f03e329ef8874bcf0bcfce7a021dd673

SHA1
e6c31b6b9c278ded21437e5b8ef56bc328261cee

SHA256
cd1411ada0c2367a0d5a85274208b5f962eed2ee130e3fff897d8057163e68ee

SHA512
0bfac7d004e84e1f54aa1c14cc8af6e4a570fa3141717279a22923d01854cde71af57b7c888f88def0773d56a1a6cec6c10fb3e6dbc59f92a08d0b4fc76f516e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1c7e0a62a57070dd3fc53a50a514ba31

SHA1
c857a93fe586dd5f9dcaf2f957f5a28d72acb030

SHA256
46347e5032e7769889a0db983aa8d2932cd49e52da917dbf0d9a7c4a0b8d3386

SHA512
3b05a0e8a750df254850aa997148591c8d18049135796427f83aed4861f0a279fe3f4bd519236486af7e6e4fdba8740bb8c27d4563baffee0226238fc132e843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
17aefea5338c7eb24b60fec679f48c89

SHA1
c635dbfa2e63c70303705d68120b5228a3a1d278

SHA256
47f350ff0b5a6c6b8ca07cf09731eee2f5a217b340d0bd489f325e4f2d856959

SHA512
2f68e61e20f0fea3f8a4417974b09bc5acc56a5c40dc3fc59af5ecec81d9f465f4d69c227ef9b266a44d37be54380dc898c612ef16e85bb042c9c4154eb69b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6fee90173e5569124151adee0b96bae0

SHA1
c551f1f4c22f34b01fb4cd058c661e397a8f7545

SHA256
84a4064808066bf42966fe8f7a298cb11b25743325dde29a85cad2848e3ee2cb

SHA512
e330637fa72dc0244c8078336048261dae83b10a4f68d482e3276fda4307bdd9486afdd59ce8a90b9f8762d84f503d2ba27749c4cd0eb35495091acae73564cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
afa771c9d5d26bcc9bd0a3d1eb2a7515

SHA1
aae4150309716f9cf072fa4c73283f582c670de2

SHA256
60e317cd83c2502d0b3d1d6585e5cc144dcdff14a0da2f45813f64500049853c

SHA512
97e217876ac7dea5ccbf4e92b9d10986552d7798061d6bef63c4257c9a4abe8e75ec4d832e1a705430606b32e8d4a99cdc9e06cf42766f02026f0d3a3fafd743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
682da4f500e3b84a879baed25308169e

SHA1
19b8da43974a53a96f44b959d523e347f4e3cb40

SHA256
1a6af5b11bf0d4abc457b1524220829fd8885ca7d58a560c62fbb1ec622799f8

SHA512
e3dffb997f209ec669fd912a1246840dcb2946058db022356f9dd5683e0f4f95ea295ae1efe008a14affd01ff3c33f9f969602e835ebb3ef9b2d127d95d61d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c5b6a3c994abdeeafbd69ced97f1ba8d

SHA1
251e182c80bbdcd66caf20f931bc8bacfa3a1704

SHA256
d923e9c317ea43442fbef004c4826023394fa5f92faab8a1a3dd0b4ea92add68

SHA512
2f5e330b3c876e5959cca38b4557f6f9b24e4544cb5484ba32d3506f8e91537409a1424ae517212288438bae9a0dc8d65b090013797d7837b71839f7fff997a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5879493441cb8f580ae8d3ed84f7f558

SHA1
5f4f4f39d100d505d3c2b515a6b99fabc28cff8e

SHA256
260dc3c23104ce5f51e91edccf2623c4e70a92a044446ba814e257705419113f

SHA512
9ad2aa528051ff2aa9d99a54d97a3603eafa708e15f1c4d10a0640619deaeb0c789fd2592c9de56972eba72bb0e89ace19e6da403058fc072609ab26a351095b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57947f.TMP

Filesize
48B

MD5
d78da96721ce7d6b58607d2e02c6fa48

SHA1
29f83f67dbb69bfe7e1d44754acf19200162ac6c

SHA256
a6b01102aa97af219c617b9c6bcfe6b0ebf39faaafd04adf554058a5b6b548b4

SHA512
08efc2d41ef5282079ff3d4b9a2d9d1b0a0a557136befdd777e83baa050a68669c55de91e273bc14675da324e8524ec1de4e209c0c762a6fc4e934a4be432121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
7b7c50fefe4e5596a3d2eb0914b4503f

SHA1
2720a5f3626cf8cb348badff706bef443730bc47

SHA256
0b93eb4d9a4e1c50a079995d28916f28f2a60e6c2472f06e819adcb9991ec40c

SHA512
f641c2c79fde1d8de72f4280977aaebfac2d579406d67189bfdfd2808674bb44e7c59b3663555d11a80bed65b59df70718412480a8fc822cf43e6bcc41e1364f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe577f71.TMP

Filesize
707B

MD5
679a6e2f2f3aee3615ca298e5075bb2e

SHA1
4f62f2c31b6f92c9cf43da4a8823bf4f1dce87fb

SHA256
46282587dbbb44d3a4ddd369f2acf90414d872dbf8ef9cfcd73c69171faa8d51

SHA512
5396cba37507b80385a635a1b4dff89eec7924864d7cf841fbaafbecff2d451b4bfc961d366a8517706b1198e2069ee5d36fd8cb6cebd6c2a6d667c8e7236b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f5a869d1-c961-4433-a151-028c69bc0f1a.tmp

Filesize
707B

MD5
4049a05d2ad18f78d44f8802851effa4

SHA1
2b786317981256da1d1dd33d8d897941c371a252

SHA256
406293c233b24881d2700abb5c2601722fa22ca74df80c5188f92a46e2771b92

SHA512
59d693a04ab6a10744284f200f585755e86ae0749d99e4cb87faed84dda65f70b51ad86e97e4b64388c790db56dc0b04c6206fae82e0fa333ec9c616ea47fc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b880187f1d2620d2e0b3bba5fceff0d5

SHA1
ffde049bab2f13545e85f3a4892944c70c66a3d0

SHA256
99f0181ec9405a5a6f7ca2d6026cf9cb9b5cb6c2a4e3858a9f88e9f5bf79fc0a

SHA512
a5a6fed3416f35c31c0e0d832631a7e21f64ceaa0140bf5a8b6a83be34f2aea1caef04dd48309228f437fd97de91d2561662522002bb2f0fd47a29964a2eedee

Download Submit