hxxps://kekma[.]net/

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kekma.net/

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	7	https://kekma.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8be97016cfd74173	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
3832	msedge.exe
3832	msedge.exe
1988	identity_helper.exe
1988	identity_helper.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2464	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3832 wrote to memory of 4576	3832	msedge.exe	83
PID 3832 wrote to memory of 4576	3832	msedge.exe	83
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 2148	3832	msedge.exe	84
PID 3832 wrote to memory of 1928	3832	msedge.exe	85
PID 3832 wrote to memory of 1928	3832	msedge.exe	85
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86
PID 3832 wrote to memory of 5044	3832	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kekma.net/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff815d46f8,0x7fff815d4708,0x7fff815d4718
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4329896952521253697,9565753600066922495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a8 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
559KB

MD5
2a2ed5baae3af065b7bdf08e711f1053

SHA1
082320328fc5f4df66f6e2de6d59083eb9cfb94f

SHA256
dff9452032bd71dd68ec63440ab50da16ff3e937c2348c6260bc8a8114ff7c87

SHA512
33ff1568a68601f592eec9122ed1872f4fb70c9d4a4432b84070d59d0872c3968ebeb5041f3b5370fa4ba249c3b35c285a3241df4af4848ee2f80039277c9220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
1024KB

MD5
cc215d30498d66e1799ef24be8db88e1

SHA1
cb5a6b988724b270cfd91dfa0bbe532fde3182ad

SHA256
a6c6a7eceb6193780d0bf0d607f2278f585a3054855f644db608584cd7616e27

SHA512
274da9c02709b3384c3b7e9bb0eff78be5694e862b8246aba88fa1058ee0577a0f4be402d7d50c51b22938630b1887defc676cd71538a364d11193b7df49482e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
469KB

MD5
b6331c7ca43fa957d049bf47eed06062

SHA1
62f718808defb11c46417144f5f5e7b6ea95acfe

SHA256
779e7da22ddd687f2133fffbd3cc921732a0411f8d59d7366078634e3700de8e

SHA512
d2dcb9e571ecbbc425dfdaaf99baec734b073055be3d2e54e45d074569af4720351d7a3affbef2ea570293199aae6ad249a9e113dce8289084c42c6e92419942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
1024KB

MD5
051482f217eaead7addacd6d95535301

SHA1
67d39ec3eea02a896d79e420c6045845239aa3d6

SHA256
75062b55dc4a8fe04eddce6b7b843f2eddf59c696f3806c363c19b3c0a67d596

SHA512
274b7ca7e5b7e00bea75bcd70e9850bb5a7a52eaed06d03322905c4817ba5e5e833ef39eaa4a5cf5e4bcd5d477e718c8266192e76362cae0da2586094dc0a226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
4b90e8e31c2a170113f95999c4d19709

SHA1
1be3c5c56b0de0f66beda9670b74b37c9b5d41e9

SHA256
a722906bebfbd2e07eac9c6568e90a80dde18f52800094d3908cb00f826008ee

SHA512
d4675304d2868329cad4534e40093b581e4a64d7217c114abf63b3713a47c0f24f3a14303581fbffa1d98cd1b80b87bce3b4ffb505f7a7f74d0db4d93546ad20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
d7e205b4ca3ff42f2ebc0b7a1ee71c36

SHA1
1283d7ef4dea491b722c971f11240766256ccb83

SHA256
b113fbabeaf26861192bb623bbe5d22587bb92725ea527dd698f82fd70ec0717

SHA512
53ea9901e0993e725bab3a101db274810e52383b346c511608840ea198cba07952d3f89aaa7115b6a070081d8627746c87ad819627321fedcba66857926a9bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
771B

MD5
0b05118cac7a0a5ef3ac0cf5836f2974

SHA1
e7f8732afb70679bee3b914f8bdd9aacb68735c2

SHA256
1ce04d92d1618d7e5d8c0b29ab867dcb6622f7cb8d1a6a2c466647d765a14eae

SHA512
c47103de9c5503947d68b148cebde9ff18eedbf80696d23632cd76c91cac9f9cb9406cd670aacfb313bc25c0858a8cf45db5aacf4bbcb046c763d7cb59ee762b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
771B

MD5
e9b8aad8dd77b57312129cfb5d422a52

SHA1
5a1d2f3475f8a661ef44c5d1d77b09a58a278668

SHA256
f94ca353b4fce21f995be101a0abfb088e750033501fac1dfc22bf588fe73dd8

SHA512
ce2c736170bac0ba94ba9637bb712ce7c8021fecdbb8b44deb5876c8046deef952f749aec4f48076e8da86b8501c698258991619e07bb2b0911ba4154f459242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3d00db60915a855b48257291bd5423c

SHA1
38aacb7f62ea438e1b250506e3d3698620ccb9ff

SHA256
fc6125b7207e9dd7e0cdc48809fda282b19403643de87939a0854511e4640ac7

SHA512
2e266ece34e96b8609737d41b4821a4eefec321e716808cef9dff4281a21e5b1bb1f925ff07cce87365b01e3e6e655aba5be5d472da89d1d31d3253f89a06f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
037826639a3756f6923bcece5e9e3e6f

SHA1
492b4be9b4cead890557058982ce28a1f083dcdc

SHA256
2478cccc0a42e53df3d9a271d99620b418dbb7b1577d4f529b8ac0bd1f0ab05b

SHA512
5b639c4dc5474042fb132ea5c141d1bcd68e7d7c5c3d6f3314eb4eb796b4e0de07e8201a33f16fe92a936832cb054c67e09a953e12a1b172ec2402dfa0e98e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07fa3640623fa102ea60b031f322568b

SHA1
4fc89596e779b2a627220224d5ede287366cee4b

SHA256
f187649572073c8e922c7c57abbc8a16431c8915a3a9018ea636ab03abee80fb

SHA512
4a41e3d8780c4b798dc416c7bc4871dbdce8ca9624dc2c0733f63afa343fe5741c5fbb8642e458d92432b2f25e76c34995e04f2c5327d255eb19d1f43b8e1219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\15a8a7f9-bded-435b-b1ec-717bf0048505\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\15a8a7f9-bded-435b-b1ec-717bf0048505\index-dir\temp-index

Filesize
48B

MD5
a6ca1a3aca32f82b3f0492c4bfac6bee

SHA1
1f4eb77d696e42922f7217f0215599fec2817713

SHA256
9388d1ac19f85b68f8fcc178b546e9dcbf0c98418665cb1e1f7759f275b2fb74

SHA512
bc753a7c111b2d9aef978fb3927f6849625bc8443b9bc1eda5390cee7985823224a3eb0cd61d49b1c4d68439b9281bbb5fb503158a8449ac453848568d16b63d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\e1c1de58-951d-4258-80f0-94669f5d7b6b\index-dir\the-real-index

Filesize
120B

MD5
e027b9193c17dde5b71340e4764104f1

SHA1
490ed4158ae3829ad862b648464d50627464a749

SHA256
c61ca4260e5f22993241c446079e5ce20c45cb22c4f65a06426749e42b12b573

SHA512
18b82b69b70d817cf1bd9627fa85cc63c2c6104335c073b180d1ab320805fc6cf5ac45ea1b4390c8afa445f9b54dfb9a22830d38077e5fcdaf5b8701a0fc09bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\e1c1de58-951d-4258-80f0-94669f5d7b6b\index-dir\the-real-index~RFe582f0a.TMP

Filesize
48B

MD5
b9d0ce811632fee149324ad086e3e935

SHA1
f7be3d8ee3a4ce773c7a0111d3b50ee084a9f0b5

SHA256
0ba425ba8a80c6742625469cc890e2742930d1f94c530a3b3bdeb1391c0e5e8d

SHA512
ec548f35a64808f1b80763bb09fd0dacc98f816841d5e4c771f46a6f052071742ca4908b5d1149b3c31ad78bac843d43d69e6d6526df914431139b6c5ab0fd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\e6448b94-2d8d-4a7e-9808-a9bd23963238\index-dir\the-real-index

Filesize
96B

MD5
3dc0ddb23116aec009450594cc11f191

SHA1
0783153698f9af6b439cc51da53728e69a5a7943

SHA256
54f996ef5ca77a1d02ce24c473158c997f24979f9ae5219186d15ff1388b1e98

SHA512
6b8dcee506c68aad12f4b85191869d3287573b3fa12df96798d06be86e6561928aa540d711739c4315265f744762e93729ad958153644a5f8fdb0c69e7742d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt

Filesize
113B

MD5
34667fa1966ac4e87ff8884f25374424

SHA1
8543dc3ce734fd161547ccabf82afef81d86a01e

SHA256
8f1dd88c9c0d52c7f9634c946938cf963df3e3bc944cc27302b8ab1de6e0cce7

SHA512
6be1fc49c90cc19c7c07459c0d26c5a0271af6f4e3162b33604b16bfa8e95ad54c1f9674b43b8f8e9c7a38abc6ad2642057a311b6c60ec0b6e4e1262e81b9513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt

Filesize
367B

MD5
f523d6cd9addcab7138b2bb6b54c8509

SHA1
4752cc0290716e1d12643b2ee7c0e273883fe2c1

SHA256
3dffe0e7e69ea683687b993f9d687fe457abad1adc442ae6c10ea18bc6b72a50

SHA512
04f17e56135fcf70ff75882eab3640921d8db2a7c97d9af2de7b2fc7b2a6db9c606b071cfb9463ce10a48457f17363c97fdaf58f549d2469b7ff31b19db340fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt

Filesize
619B

MD5
2c1f754e0b453f4a3cbfe91b3e628246

SHA1
9f6d82b97137154518a294f029913f272ab4a498

SHA256
b9794468592feb518eb514d86ef27fb57f5a4e123409b6da12890cab16b26986

SHA512
f5d00a89455425f289f1d4e911335ce59bef41283ce5422eb94d361d751709ca46137c6f1afb0edb9ab3d0b901a169890754c2e139252fcff42f5e5f0349daf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt

Filesize
495B

MD5
c8e94860670312cf191033e490107ee6

SHA1
3e0b2507cff00759ee400d843a53916bd47040e0

SHA256
781fc3c8b60251b2d79e965e232671ba998c08d06123703980718d2b427a500d

SHA512
6c85085874dd9d9f7004b63864a408a02bc520d5aae73a2367017fab7bdd201b2fac0d3e5767b6b0ff5e64962c0499937596c082a9765ac6c34dcb8a672d4701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt

Filesize
625B

MD5
903026f0f83541c8b2b616da08b989e9

SHA1
3752bb3a1bde68cce0ced2a072c52ffef09b8095

SHA256
066d7771d2d32616f8510ffa387d092b200cc2e2d0007e5a8ded043f859474db

SHA512
0b1e431637d617030bf29e8bd09a1fe412a33e1e211e9521b3b2d30ccb99516951942b41a41c67a845950ded2201e3e5a2a53de7573a38beeded1d247a201f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\331b2f96fa7e13f557421be906b694c5dd9e7334\index.txt.tmp

Filesize
240B

MD5
d075889604f3943d9d82550dfee611fb

SHA1
f34f63307112b6315e6eca9862fc631d02f4f9c0

SHA256
48e46eed393dfb2c5c36601b17827941f37135f5b3d6f014892e0f8965deb21d

SHA512
a5747c2a9196ccf6aed03b7f9c86b78aabdcce656fc8595cc9c39eb7ad464b1eaaa82b88b91e0abd18ea04baeb630afe8f1a28d02ed7e9318b4b0fa3f3b33c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5c331c97a6e0a7c78efcfbf076ddef54

SHA1
54f7d93e68142706344dba63db743e80e97db9d1

SHA256
69a9317b19546dd73edf5bdcbd359949ba04c945d2ca2ce53a16f12cf2203628

SHA512
b78750821d5530169a6335682ce84c82ee4e532e69fd207f14e23de73243ca4e73fee66e7712a09f9affac8422291e4de1fec08a92076ddf1502d198fdea5504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581a98.TMP

Filesize
48B

MD5
eccca242ccda062f48216dfd3b6ef538

SHA1
1c707ae8fedded2b642989e08feb27aa04271623

SHA256
ed72e5b592aafe53e8031fd1ea2247d19f3461fa8ea7dada53408a6f93359dd5

SHA512
d56a75abb32958a6cb204c4e81df55c3ff5ff66c833ffe2a1e24c303bff0b7843d07fb839efdfe14517c233e3399506574b3ae66a63e7b6d4173019f121bdc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4ee4f5dd72b9b10cdfb89709b692ba6d

SHA1
682bc4cdfee711523ef3c24f9a8f9813a4d80ab5

SHA256
affc29f68a2a73bc02f279b0894f84f41df71b27cc443a253a03ca4f12282bc2

SHA512
37191f4817bd113c3902aa90dffda14418a7dbd8aec45065d852bf72ef21b578e27c988098965ceffa463028d1f7fd95275097440e65412148345f31aafa455d

Download Submit