hxxps://scearmcommnynlty[.]com/miks/redg/ret

Analysis

max time kernel
361s
max time network
365s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2024 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://scearmcommnynlty.com/miks/redg/ret

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
448	msedge.exe
448	msedge.exe
2852	identity_helper.exe
2852	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 3480	448	msedge.exe	86
PID 448 wrote to memory of 3480	448	msedge.exe	86
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 4392	448	msedge.exe	87
PID 448 wrote to memory of 5104	448	msedge.exe	88
PID 448 wrote to memory of 5104	448	msedge.exe	88
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89
PID 448 wrote to memory of 4604	448	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://scearmcommnynlty.com/miks/redg/ret
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a04718
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15054353186603387706,18423388961618076134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
44a044a861da9b51890dd0a1c2d81ed8

SHA1
2a408cf1e8d30dfef3825856994b3e90e333527c

SHA256
4b22e7c0df6f24b998ccd87453e0ac0a2be91b766b7717c899e48bbbbac4fca1

SHA512
85fffc3ef81d9ba8e6050c0c00ce6d1e7f01b1eb89cae5fff74e09768f31ed145beab6fee096dc6c9e2f26451974473d7172557bf2b4f477d9f61149dea4d806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
9bf666d07d0442186f2010fccbb29339

SHA1
3f3bab4a51eb8bbe66d3131ab7fb07db52ae164e

SHA256
5d5f20d86370180c317f16171b652d07585ace59c0a421e96c100bac2bc2c10c

SHA512
ae2306261a1e59f50ec5b96cd50503a6d380a82b2b7c96629ea2a6d2ba73b274bbac6673a5372f091f063203f0e500c2da3a24b1d1d7f6f3f006e04bdd8d3dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e45cd757aea983611acd47ecfa6a4d86

SHA1
58a0c077304957c49a9f02a2f5c17ce68fd3bc97

SHA256
78ee751c890b3154cf3cb5e9cd17fe4a721c0d6495f20b78c0d958181c63745e

SHA512
57f93d88419ac65abaef147e44e073717baf997989fead63957aebca53233c228a4a7abe2cc9f35b6a722f571b08a577fec9bcf44694b6e3186df236d687d7de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0fe8379c1ad628b4c186b08214a353ca

SHA1
9a7a3c8a75f934f2b94f7bb42f2eb9cad6870b4f

SHA256
af5e209a65de32a5dcecb3cff4ea87c8c943deb724dd18d94f33cf7f003d5fa4

SHA512
608663292ce2df093b3cdee70ef8a2483126030c02f09ed2f2d584f3f11eab3820963203ce6dc496a575ccf62c0a4c302d270e9d866e0bf8775d54058736dd74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dbc006dc1d78c009bac7798afaa2fd5a

SHA1
f1e221aaadb1ac4a72f287d014f51dec025bf5ec

SHA256
f0907e3c49233db83e7c44925b8667d004a4953a63c1bcc5b261ba4667f328cd

SHA512
64a2dc53b2ad80a8e3979b99b15379c6bade605baca72b0318a97f22f76308a6fae13950e412a33d455af3983a424193ca3b57dc3b3cf8e51130ae8c2ddb9daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cce7ec7362dca98e44f4137fa1dac53e

SHA1
0c3e935546125832717efa0810f148417d166802

SHA256
66a35d6689785ae356b615ddd31357fa618c2fe6b440fdb71541fba97ac1d7f8

SHA512
2d5cd832f4c1d83b584052eeeb012456880969079dce2c4955606f44918dcd19f36a90946d03572e23f9c3e35e5e0dd7a7ded4c548018ef3277baa77d481d474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
95d435f4326b2cf93bad63e172153efe

SHA1
766516ee2d2d8bbb0a52c0bacaa3fcf3a435a114

SHA256
b32383b4d8d0ade601189a84107c58016a5770ec4b58774ccd650f9fd39d01ab

SHA512
5a51ebcdf595f0f17cf1326d4252e03ac290ea48a5e9a9c5814843f8e0561abf7e8c71fb766d6a47da1a6efaabe007252d61f5015e2e5b40ffde3fd550be0ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd760b61b41f5d5587e68884ec938ede

SHA1
7e9d46a33d83c06947fdfd652e4fb07e38f33eda

SHA256
def42b927cc27a453d3924b6f9b4266770935b50d57441dc1635a1cc7fa231bb

SHA512
355eac38aa773a61e1bea9604056861c836509f80e43974b0fd2a4c904d5ab9b5fa73a1875b7f1520c5d0878919591a9f6c578f8edb3a6af1b3e369316728475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3cb6098e426504eb9e1989e169f87563

SHA1
b298d80b69662188923ba375a1c24fc476e57da1

SHA256
84f77c782ef21471d514cb64aca4f8adf72890f1a39df2e5584c5ea4b6f5b7f1

SHA512
357cba07b8c5f862113dcf37e19f855fbc2e823146e97e6fe40a87ca12dff80f18fa50c086a8b28c8da2fb22d4b99307c727f6aede7a29e6d8dc75425165cf1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
20dfaba4a1ec94ce65ac20fcd35d2eba

SHA1
cca72007137781a407b35e48b00df0d7b4ad5a72

SHA256
f83072e8c9b8fbea17956c185aefb697f33a75e35e016cfe93487b6a79982d49

SHA512
7f63bb56345bc4edf43750f5e41af75416e845057c0be1032f5697a0e5b5c28d1358fff926d319165204749d4e9cdb5fbf95b5ae1af0ae381c7d6785359d2984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d56d8d1e0f64192ee8370a27a04df4d6

SHA1
52b52b5db4f5f998077ba36cb4af666698d0f6ae

SHA256
90f95693b50cc37ecb05f52ea8417ed2b66ef8edc5d2f6854756075d642e958d

SHA512
670ae55afc669e3e4fcae312817a510114c839af35648bbb059cc4f0d9aa84fa359fc2eb80c404186acc759cc662d5963292e54660eeab3cf472ab91e1c63a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e27da4c573b08074c15b66dde82e96e

SHA1
7155c8c487536a4908ef94941690bd33227e1db5

SHA256
04653391138b808d4542e559d1bea8add8ea733a070a5fa6cfe6dd05dabfbef6

SHA512
1a27a233e378ab1813506fde798ecde6ba1b53874689b45baca607a4a3d7715e300557a7ba7acb3e0c02a41a94f36678e63a64afdac79f8a1edef2e4ea645070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
711f3d9de760b7e2e1e93c19f67a9db4

SHA1
2cadba4d8e7350344938ef4e31c02b1877149b98

SHA256
df32371dd65f33ddcf4e2a4403f325e0bb18e0188ac52b4b1241c0d9df1926e8

SHA512
9474ebb18a3aa060a8c376ba05eb4975152cfc7ff78298a8bd9ce66b43d5a0ccfa707f8738f37c9b6a10e1aae3bf37440b47d7d6059e9b8c01f72c1569d398ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85fbeb1c0fbf9055b712ba35b7794790

SHA1
95e860f9bf1d10a1e81296a4eb60cf0b45c3a66b

SHA256
b3d3406c6b902bab120b5ebcc55cb49b9895d007647976df543b660435592270

SHA512
fd8ade29ffe37f7e3583e69f134160ba13b66851087b3d08626fcd2eb28f32624b779f901de29d484ed392942685c466832b1649fdee6dcf11d3ddf2abfb054c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9c8b0c22ba2961eea1d7802207d4c3ca

SHA1
0c5cb8856fd6b3c4a8912c4f126b9db451286ba9

SHA256
c88b2254674013e5e98cfce89864835bfda3fb61239d401700257f239225dc8f

SHA512
3c278e46909128b308214ded47f0d619f82b37ba9e1c2c5f430e34b5b78c30c9c9dd58f098d94bb7029bb5b49d8b0ae1312ab0b934ed7b192fe551e38e21878b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
369c18b6e3ddacf5157a0de827edfd03

SHA1
e044e53a8edb413ca549b37d27979d4721d8680c

SHA256
e75d48b8945396af49e527e8126c70b18b20a445a68e95a76ca139c4e038b27b

SHA512
761b18935349e1c8b459d83ef97e291a7bd35e77d8294706e5c9cec0ec5aed44aceeb5c02eb6fe266efece373b7d8ba2bbcfe56dfe20ca9c928e2ee57e915514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b890ffa1b0f79785e02d8f9fe4d6293

SHA1
e2cc1b4feae55e405b3adbcd8fb4c6cc33c268fb

SHA256
5a673e3e71b8c1c1f1ddfe4e23e6be7f366e4967867e8d0cfd600dbd09a4b365

SHA512
a0aa49b7cc989f19e785189752f87e894de42e9c027fd04f2016b48b8ff88b0e86233add76df678409b70c0cfb3e009fd62f4db7e99073995f9f7707de1231b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64dc873e8ac843afbc5126347d552e83

SHA1
77043224699a71dbe5f8987d123e0065a59c3b62

SHA256
687ee4c6fa4f187c1380adc604de1c85e0d9d71c3d81dca176cff167d14702f7

SHA512
ff132bced8e51ae6e60dc07fa75649dbbba611c337d09ef327ece83e28949d9c121259a4387a6b40788cd89e9f869fbf74a5ceb8fb9fedbaf759dfb560220aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f55f34f060566c9d3963a49a6ed8c19

SHA1
bdb40febfe96a88c0efbda97439eff2c557cb34a

SHA256
317ce6c9f73e2bd9d45f6a464c88f7749b3fad1a3015d7b784f1e9892387953b

SHA512
6a171f29cf805f543c37dcd8bf37c08e14eed5684903e7780d5eb18efb56d2f507c9a1a958d4b0f57d7df10f4e8aecd423d3ca85d3344b629ff2d067faf5be1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b570bed4e8ab21667e947ffd230a8846

SHA1
e7115a73eb049dd7bc9320e12f90895a82a784f8

SHA256
32a89fdc69f3be2a99d50ed9b76386af9d2b2c9d58406fd35323b8e350d03369

SHA512
5ff3f71c079b192f531124f0067c547a523470eba80c8dbf59f0ce292da0d3c4c6eed2d244d6036106a841296105fb4f479df58cecd6c817d072ddfc9e7cd7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5847e1.TMP

Filesize
1KB

MD5
3d11a90a485ced37d742d9d9d5618433

SHA1
a2a3227f05473805806f1b7838674045371f99b8

SHA256
f3b6a6c1eb6a105ab0d4fb1710beef53e65766face011efb64da22da9b13741b

SHA512
58603a7fb095d8a2f6c82ec8ab5889c9ca25347897258e2bf0a68386a75aac94f22459d32ce9ef38a32a7974a54efa1f54f089770b60ee2f4a3d691a43f2cc9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3a828cc49492d2c071402ffe411d3283

SHA1
a543ca683c3b194e30706271659a632fcdf3b313

SHA256
b146cb7b6e4710f0babf7ee9c8439122dd3f61f94e8b5c937bf7e29d4fda280e

SHA512
6c98a846efbd50933eec234221f7df6f558b0cae97cf83dc51861a8e2112ce5805c7f74612417a13f82e5903fc07cf94a50eb16922f5eccd7f74f1f94225007e

Download Submit