hxxp://klgates[.]com

Analysis

max time kernel
293s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://klgates.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
2212	msedge.exe
2212	msedge.exe
3156	identity_helper.exe
3156	identity_helper.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 3364	2212	msedge.exe	83
PID 2212 wrote to memory of 3364	2212	msedge.exe	83
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 2024	2212	msedge.exe	84
PID 2212 wrote to memory of 3748	2212	msedge.exe	85
PID 2212 wrote to memory of 3748	2212	msedge.exe	85
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86
PID 2212 wrote to memory of 888	2212	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://klgates.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffc194746f8,0x7ffc19474708,0x7ffc19474718
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8920838026067249587,822888151820776596,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x470
1⤵
PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1d67b58c-9eec-4dd3-bdac-789ea7f287c0.tmp

Filesize
7KB

MD5
680cae626dba880e95353903cc5fe335

SHA1
8f56f8fa4146b19bd9e82c7f7f4545bcc702cca3

SHA256
99eca53091b61d5473a8e746e936d979cf51b868e0829d51ccd60ae970809624

SHA512
1896a333cf089393b067113c94e6b91ec90a6e4ce69bacae18f01d029a964373e7e0b988e8ff77cbbda759a1e7ee8da35d9d9ed0fcbad6e8e2b4bc752f021fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
81KB

MD5
da8cc9847bd948b6490d74f0adf78fdb

SHA1
fe637dad5989720dabb6ef185b0d02333d5b30fa

SHA256
6a64ca657235bf59a9fba55876db68ed44afccb0900b21b39dbe1b0d183ea4eb

SHA512
824ca3cfec0b0f2e2496788bfc9b5d74818ee18dbb824c70945f9ffdaf0d2a6a42f99dd44a1541fd9232241cae2d9875a20c4f4c571c75fc31251f06670adc3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
79KB

MD5
b27a88f5ada1ed7d9b6d28a89f2d20bb

SHA1
e6889172ee2924344477ea9dcc212b14c6e4c25f

SHA256
8a2ed1cbc013e844516859c603d60232f499f55deb8ea5e303203422d1ba01ff

SHA512
c4dbff05f219ee5a1ec215f356309af57837e6c2a516e6329386e826623ed11c5452f2108ff56090de7d48c5defe58f49184daeb06d05913d6b24e3eeca3b44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
101KB

MD5
7799dfdf88bb9b6f0f00a2de5fb109bc

SHA1
8b8ea9ce7a951803da4fe5d1cae462ab36889c1e

SHA256
4549e2b46148978cc9fa69c1bb3b69c18d6ecba18fcabab5fb30b366fc102240

SHA512
ca231f4f262621b4960f7e0cb65833dab30369ae55dbcb673640dedde5aa462d6ba9418c62d8edbcd8eb171c9953b65225f484b71c9b2eaab8dd9b6e9b7976de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
55KB

MD5
5ad67628093b90d7b09f19fea57ebe1d

SHA1
c983290e8692fe0d4a5a6f7354c27ad4c61a0221

SHA256
4c79b51c58fa56da28c18b94f01cd86596fcceeabe3f7e624cfd355bb966b63c

SHA512
77831e58cad399009e784dca517836ed2a27237890f5ab63dda6409b528952313c33f76b689076162f239d3de2da1aa96d369c19a3a328da431ce712642574b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
f15418fdf27f8ed25a2c0f34f3fc4b1b

SHA1
553e198d3534f176aa27a31121cbf1502dbe4420

SHA256
17178bd6c41cced026ef32ccd054ed50da795e5daa9a256d787d540ef255f220

SHA512
460124d5a85f0befb9d526479cfe3d410ebdee9e26f3c1a6da2195d2257f1de60610f7402b2b4326eae2bbd38a0f4cc2434d249902af12b920e7bc5f0dabcf07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
030d504d54c42827b5b20d00555f4ce8

SHA1
aa0b39ea12e60a9b702b9df66ff6bcf81937eb05

SHA256
ecdc516a69eaaa085b9f5f05c455b34517ec112c18fd56ecf160ddf223479b9d

SHA512
bd673569d2a4be2e13c12dc97186379cc619bc1a673608669c117346fa9a84e7447c89484555bc83dd45e5e37f39ae557d848b3c8985ec2465940053f95bdb9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
600af7a39b0b2dad425db7cca454b631

SHA1
e91e5de0a94afeb67f0131c27419657a39431beb

SHA256
595a286b0a15383882c876e69d431769efb8aa38f8f4eaae03d75ec9d4627d92

SHA512
ec10e940686690d0374549d436ea342ee9f6dc7575806c82705820c5ec215280ad608080bc43f6052ecb1e4bfd384c747d910245caa78f19134ba391aa058566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c7d82632de0d960770a0b57ad0ffb197

SHA1
fdc259f985dbf95f1659da1e66fa341d60ddc95b

SHA256
611a0ead5f2ad43dca313d9c384f53b7567fa2be43887584bfe2987a5f06dba8

SHA512
dbfc5daae2581333f9f4aaca0b260fa506a16dabe488429dec43ce20efc5a4fd17b3f36883ae14f3549e7f12b68a14da4a4c7b93349ee29f588a0b3b81ac222e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
828095d49a6a0cad3085c4977bc794f9

SHA1
2000e956a2aa65cd2253ff9b1fc8a81f1b66680a

SHA256
4ae43d29d3eb2a6b66671ab6afff026919b30678b2fdca4b13003c2d429b45a8

SHA512
2f1158a0bc5a7d7263eb691a337a21a161ec36244e81367387a49a9475c6eac8246de385033a7ccaf66502de18d6aeff7ac55a3ac42df2c0b04598ea9148f96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79fba03afbdd780aae39562ce0707a84

SHA1
2eb50e342811c9cb694aba2ab178b2ef69cfab84

SHA256
9b6b7b60173aab002b2eafd345cb0b3a599a997296ccd941c4c795cbf88beefd

SHA512
e20a0fd8b942be66178c41cc40c7bcf17cf19b2bff763f46ac409badc66f921d633131ce9c4ca505cf4f2126ea0bd4837ac88b9d20d42345cd8b4d7fac105451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94b48945fa729d80819f832fa7ad36f9

SHA1
05f714a73b9c9e3406fd9f74a5da3d84b6244916

SHA256
0c4aa613179d16e08836cf0e7ef7acdd557fc9497ec9b5a6277749b89884ed50

SHA512
858b036a66333370376e786c628f189ae1af337c1671f389ff7e99688d9cdeb7cc883640c3d95791170195b3cd12fc5f3c438dcd616fdfd8d73d269af191029e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
392461e72c9f9ffcde8ce52445112b49

SHA1
3c3d58c62a06b58abaced229bc64bb6c3c9119dd

SHA256
a0037ce5e357b80884b8aa35f27a4045820a135f1cdb60c84aac110830dbbd46

SHA512
73a6116ea2e66246e7a5db7d95140654e4a10c06630cd04db5d1441c096d25f97b7021e80359251a9bf0ea30aa565ba14045c39e22871d5c93b5680e8d65bf18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
806c45a5552100b4911b444712ad5c96

SHA1
5b82ef3175e9ebce0616458d2434bfb0234215ff

SHA256
0143b964fa6a7473fcb6ae737fe34b0280d606354eb4566a44aae39433c4fc47

SHA512
bb1e3d2b7b86d922aaa3d5e9a49fcd5bfb7ac74e28d852c8a24618a2bdf6d2d35ce8f253cc5c6f124e27f4b6f2f1ff9b5ae675ea21528109cc0a8dc8e49d6b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4431d11fafa05fb45d29bff3f8f7e206

SHA1
ab9a8960548362ec6d8b53995b2e3ff1f385649c

SHA256
ef057cf02d52a819e04a8956998f6e2f4c44862e799b4c3896737121e086f252

SHA512
067a0984500c4b7d55c385a2532e76978bd69097cd084e25913eee91bac948dbdcbcbff1541a5326911a11f34b8ec0327f8900ef82605cd61294074bef0bf7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
804cbc00ee14f34102c93d504311d858

SHA1
45885748c317f5e18c7aa57814a89827fb729244

SHA256
4edd7b4d14842412b3163eea1a7ca7de87e3aea28ecf72273b9ed832dbb0a60f

SHA512
73508fa3882265e486978e753af6a3e4d4694e3639af5167c2d73cc5fe8f6e075dba8ade384ce3d2104a6c6c6703a8e0b10f47380aea83786c8d165a1af03a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08f903933eb11ce62b60fb2942d84ea4

SHA1
79cbbaeb0309902b58f09371697efcc07d0b5dea

SHA256
e8712852849f2dc6d097482ef50b7e9fc00e408589f0a7a817a97a0c185268e7

SHA512
0f87c271cc4c8c8dbd5cc0819322b677b88fce04823414fcb08cb4903a6458f9cffdfe711746c7e89c254cc4b68ea5c0a96252b12f44f18cda3ea9831178e2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
62f87c01d1e852a20146f87597226b88

SHA1
af404330a7d9cadbd3f92af3862ac5c43c76a63e

SHA256
acfc623d6178daa2a780a1af939ac6ad964ec0255dd72fd62aff026b6a944369

SHA512
5cc30bd3be2974fe46bd22c6ecde8921e4fe099ef9c13d7e4d49ef6eeffe64827333800955896909ee752d697a197a40586aabf80fe5ca41541b3600f7c85a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd4c.TMP

Filesize
1KB

MD5
4b46ff864d471805c181daa3ebb87a46

SHA1
c932c3f697c5450edede60897ac4e88c2e1ae819

SHA256
ca32f2efd5abf36caf35ef95ccc5c7641c595195c5853ef3d52b05d179e7ca38

SHA512
4473e3b4375a4dbf51537d8f0fa8a2a95455f90fea73fdbccf64d734c6a08f4b3b191910266c58ef6aadfc22fd06e2d6c42c6aee29e7743472327d81a6c16d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a70d2d95-6600-44f4-b48a-93c076d39d3c.tmp

Filesize
7KB

MD5
24392d7c68bcbbc933e2808d10acba6f

SHA1
12422c23b90231e02dff9b20bea998d9b09b6941

SHA256
7681ff930c82ce39dac2bd40fac3058d99cd8d595d5dbaea231c83c15769a87b

SHA512
61ac9161f4931c3e4e1c7b04baa393a91f8ca9f6f4c210d5c32a8f7ef0f9233abfcb781914f79d63521b47a9eb7422e68d5c95ac52022222ee026c4c6ea075a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17a2a0842c5d87dccb9e2d70ccf7cf13

SHA1
447a599f724fc676e319f2a8a17e019ca04828a4

SHA256
96cecc554f36d99c0e5115e9ec36a10c17beebfdf920570245392d5859101a0c

SHA512
613d4ed3f66df402b2a17095b71f2ff2002ee42d79b9ba6abbd1d465c515d0e80301bd812fa04f7c81bde655548f935f4a5714cdf37b7ba4de0f0a64dfec1cfa

Download Submit