hxxps://gostream[.]to/

Analysis

max time kernel
69s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gostream.to/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
1520	msedge.exe
1520	msedge.exe
728	identity_helper.exe
728	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5440	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5440	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 220	1520	msedge.exe	84
PID 1520 wrote to memory of 220	1520	msedge.exe	84
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 2944	1520	msedge.exe	85
PID 1520 wrote to memory of 3132	1520	msedge.exe	86
PID 1520 wrote to memory of 3132	1520	msedge.exe	86
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87
PID 1520 wrote to memory of 3680	1520	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gostream.to/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa228f46f8,0x7ffa228f4708,0x7ffa228f4718
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,9077976987914225240,6974966084216472934,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:5388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7e0af440db94f9fce239f364ec1b10f1

SHA1
3a60a22ccd78edc2e9f4dfd054eae8a097b42abd

SHA256
6a32432948e2e88bf1269db686edb245c941027947d739e2201d34e452e9081a

SHA512
7cb621f7077eebce19c104b02f335dd074e0ebba0e7e4bde8ac2371ad3e7a5899887afaced596456bbb9ea32445f86427d3d42d69fe8b9e74a657e27a1a836fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05cf63cf89eed41b0b110fb15a404451

SHA1
5d3bb1ffab843de8a378b7335bffc5dbfbbe7c2a

SHA256
4d697523318254b03ccd29c5674cab048be8ab82cba4431b233dd6a959ef46aa

SHA512
7dd78a137ca3ba05d7fc08235422a678cd91cb71a37cd070f62ef7c08157a8acdf6c9bc3adf1635932f43d3cd98be9edc24244898d663f87a029ef8b12fec1ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
908662b9343eae9faaa48b51b0bbd620

SHA1
e7a309015b8a4a73de55c742856af466a6cda8a3

SHA256
e3a90b27cf7ed0d513ca458ef97f9b3ba995906da6ce5f264d1888c5b4baf462

SHA512
d2dd76f11273bfa6a18072e11f1f850c7f2833783daeb057369c6e7c5858bde163fb438a466aebb198fecf48f2dd873695c7c49fbcea07c8ecc819c2181791c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a891078c1b3a881126a12b52dff5b13

SHA1
afbeae3e9025c5de750588c544700f6c9b4f6dc8

SHA256
586ebb50ba3149749cd26aad92ed7e8651829b208bd0ce6e0ee0dab5640f2108

SHA512
1bc761ee7eb84f2fc8077907835f86b10ba58e70871bc5e6cf297cbc84e3ea1a81330bfecbaa2a210b984b1dcddd7d67c08c93990ce31f5a0fbdea0f284309bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f5a09b197f748d60611dbcc7a91d5749248e62bd\index.txt

Filesize
87B

MD5
c8988133a8ee2529667013081ef2dbc5

SHA1
a9ce192ec0f9e2e3dce0f6a246f017eff4d9550c

SHA256
17c4361fdb9942e2cf8cb251a660a7d950fdf15854c0e6c03e5afb787c3f62bf

SHA512
9a5f628583d60797ca06fee3af577876b5d6088858e5e3ff94f32dd200be5df1455a6041dffceb748e584fe5ece8adbaf13a79d11cd57e55b4ae4b5990f0b91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f5a09b197f748d60611dbcc7a91d5749248e62bd\index.txt

Filesize
80B

MD5
13090c4097fd19753c6775ec59b726a9

SHA1
d9fcbc101fe53616097d80f50d7c5c067de3c4f4

SHA256
8e20437a393f164414c78e7f068b5f90422b54034378cf683fa4f5dc4a44941d

SHA512
ea34f11e88c0caec920f19dacc0918b6951a6b7862afb988ab0886978482364c0057f73fd6a9e326d2c91ef25d331014b130c22ec0c4278c449533301a727453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
273b9a83a9c2e72ea3badb96c71f780e

SHA1
6ee039eb6b6cee9b840d46cee9bfaf1e7ce98800

SHA256
9782c53aab68c9be4258ccc59e9bc7e5a2ca4e8fe2e4ca017ab1c01870d40671

SHA512
562e290ffc7f8b24020acfa8354df99df3bc390921a4059123b9690e727c6fcccf31ead10da68f71dd2387cf076ce9e94edb59be9bbb23060b0a14cb120a0bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a9fb.TMP

Filesize
48B

MD5
7bfe4d7199525a7ac4997d1bcd86dc47

SHA1
b026737ed4d937bf72de578d35cb33d33268914d

SHA256
f4e68924c8fee6a17e56b602ae5c2d23dffc5ff7220ed24aea7ef09015ea7186

SHA512
93cc21fe67a3146bae1680b9a7707791bef446ac3c07bb4fe776f2243163d7306ae104fb67ff0a1753810dd011de3f43547b56bb56244fa1d5b6c63918bcf137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4d1e014c3ad12f24dc2cd164759f8905

SHA1
b55a72bd8863b067c9bf61787f92b120a88f399b

SHA256
f35b82b70ffd863874eda4b07a819041775281dd1f4836bde662a04a2e3918df

SHA512
88de1ad0423a2aa20829e49886e20f63b79f258ad9cd709131068a33027c00e051ea05041a0af0354fb8278cd95a46309f5c9f07a5372a042d35c1c93a732b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aed9ef951de0e4eb542032329fb452e3

SHA1
6039db80c33de9b96ded79d0b0b72ce4b6c45199

SHA256
a50959e6122b2dcae3e027bb5df60adb674ef4307e3fd38442fd53a0aafd327b

SHA512
d6707eb62f08358de057c55437b85587fe923eb93a65af7c1d20089f0beb004f40bfe22d1ea4a6473c6b77f263689aac4858802c9ba1404e147cf705fae970e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582ca9.TMP

Filesize
1KB

MD5
0d8f70be31f860f342e9f525c2a402b6

SHA1
946f2b9e685095a088b334a18ca7c00eaa515159

SHA256
63965203b580334bf149b7052a394bb321666567ccaf4d9bf5df0c65c337c410

SHA512
6c167195d554333511bdd662bdfb3e1f923c06f43bcce786250b3acefee6f85dfc8a58b85eb6cd8354c16f7c02f64ea211aa56e112ff8b86de1fa1039ca55768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4faf46cf0e73394ad25621669341532

SHA1
0855ceeaffb22ac58b9aa4ddb6de7955bfb6ab70

SHA256
7dbdeb233d7db63215413e330b0e9db40547ee13ab5996e30a9a7fa3a0913a8d

SHA512
87694d1bd69ca0b46e2975eed28599d5736fc8baf449478bbdf44d6cc83e7656ef66557e8f6b136d333a40fd9f41c9c9a7ca867595b044c1925b8ff2d3cda4cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit