hxxps://www[.]mediafire[.]com/file/hbschotjd586j3p/KegaFusion3[.]64[.]zip/file

Analysis

max time kernel
356s
max time network
382s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 01:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/hbschotjd586j3p/KegaFusion3.64.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe
4380	msedge.exe
4380	msedge.exe
3088	identity_helper.exe
3088	identity_helper.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 1612	4380	msedge.exe	88
PID 4380 wrote to memory of 1612	4380	msedge.exe	88
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 4720	4380	msedge.exe	90
PID 4380 wrote to memory of 1196	4380	msedge.exe	92
PID 4380 wrote to memory of 1196	4380	msedge.exe	92
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91
PID 4380 wrote to memory of 1048	4380	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/hbschotjd586j3p/KegaFusion3.64.zip/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff575646f8,0x7fff57564708,0x7fff57564718
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,3263845746744113875,9754452334593318607,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5e30c69e1f45f1bbc9564241eef9bd49

SHA1
4071571f755771c41f5a445fd6ebf301ac285ecb

SHA256
e6e4efa322a1d570190f96123cf9f03e3538676ce64488b7b2313de79157698a

SHA512
62656c675b0817423da2ebbfa2b49db300dae6240b55bb4eb55677c0f5147a9e374564456aea24462f0cb3bdd0b9588650a470bb50fa7e0414b28f89a559aa50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4a2346c669e0135a741cbd3ddb2365b0

SHA1
f12078f5c0f2039981e0ba027fc3711b3232cfc9

SHA256
8b0362027f0123e224b0d893f19a44b81608facfd81fce749e165b645369c8d1

SHA512
c34ec478aa13088ee67dbf4feec9ae94606519df7d95cf44431643e64c79aeb57ba95348da7513bf1c4df94d2669434c86a2df22081dc192d2dfea61c677d795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
4e05fc70f817c376dc33ac707e79ba7e

SHA1
33ff245af3c99f5cf3570d6d2dde4cac5355273a

SHA256
7cb2bd824d8a11fd2c810a2d8197293667bc1918a38370d00356bbdc22ab8105

SHA512
04a4b3ae44c36191c26a81ea9d3021bba78687c7c544bc555fc096b11191bfeaf1ad4e17732e1bae48c11ba7eee4521d419dba2289a389750e64563636c78b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2a2a89e15880458f70e119fe1192220d

SHA1
488fe137703a1af468fdf1a116fddd88023edab2

SHA256
f034f5b1a6aea1c141570881917a2a7cac856a5677edeec9ea0641d284c07a2e

SHA512
4030d78b87616bbcfb28fc61b00832fe5b86b7967f94678c90f9b6121de7ad7466d8e31ebef4f8f6bdf09a0aad1d6c436944fc3ab23393de832809d82ab1d4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5f352f5cf5336eba95f5956d569285d1

SHA1
9d25fc867c09e9634e065db507a1bf279ead1d81

SHA256
662804c96234adddd7fee48986ea0185de02ff692e67dae50326251d22842bae

SHA512
63920b925fee5390ba727c1cea4161d883ddea50769e28e2d16711d760ff7407c3c2fbd08315fc808b1c8830a4c76331297e310b47e080c9b02fb9f06529ef22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b8d83bb131254ab438aadd79db87af40

SHA1
0944abd108e11fa2862f540b7551082dd8afddaf

SHA256
9904369010d36f2c4c318eecc6f0516eac312892806310369e46346dedaff38a

SHA512
5b63f8f664c916fec3ce5b58f2614440058653d89a1664bb41616dc3eee5dad5a388a83197c3dafa02769e0fb45e8996637b05e9e7b4f7cde771d07b8a727c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
33de168eb72f5abdd266c10d8158f8cd

SHA1
6f648fc11ca88231fbb564f4fcc79aa5bdc04bbb

SHA256
30e520d582d132cfd0efb26e7ee1e3ce07aa518c9c65e4275c4af4c527e35346

SHA512
e4ca4d3281d6299d8902284ca9ec30677a9986f224c52a878362013b2267178cd254a2c5c858548ec52e0c4688652bdd0be0dcd43f75465e210e6d1b27a6c1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9882a30507a5fd964d3c3c6fb2be69e6

SHA1
c92550ace4fd3a0f38c69a2699d091fdbd6e994d

SHA256
75a6d8701045c2efdb017d0135666a8f0e6412e1711b4a6798a9313f4d31d983

SHA512
89059b436d944f3a922bfa2b1586856ef5f6c6a49c9559e542d5aa99ba478846847b2f0e0d3e512daa65e03a9e064f7ccda4a15bc06e6345305e4e2c830c9a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a90a895ad027a7c3b031dacce57d7670

SHA1
d0666c26c9e817a718b57e09248dcfec8545d52d

SHA256
d0f33b1b27c39f7509e2e3e12828093887837bee7178d0a16021abdb34077a06

SHA512
73593ef8fbbef84ea288e41726a0057c944e8f7c665111affecb042064ffcdb64fdf25e0728e9accb6bec8a9f462de6ca32c103fe699ac0fd8186f128484c96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
939408341586e6377a8bd346cd20c9f3

SHA1
8d91f19f3afb04b1289d6f5374dc206106a6805e

SHA256
0bbf2523a721b1d360735127026906cf9abc6383e22199f925d5a246038ffe68

SHA512
bc2482cd16ffb7515ba809e3c486b1fb43dc68ce5e21007cd413f40ff8d48ab8a49913c492b90a7a648c59b689feec0bb646bd21085bcbb8c6798f80cdcc2fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52bac62cb4bc8aa06fb0daec81673110

SHA1
1c9634c6f17e13ed4710c6fe1ff67f2275e35831

SHA256
48916b095bde8a4444544988945568d38b37e13aa0acac37c676b8c449b7bade

SHA512
9ed5c7bce0370fb9c483559990dd4faf8497b35e42f8feb9703d747f821a25908e9561cb53e152067aa2c11ffef6a3e11e908c15a4aabf32f84f2e348f07edeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
31fb81bd3f9c43ee17a3e75b482f897a

SHA1
5d12c1d8f9a33639b13a9e8a657b21a562c66048

SHA256
492952385c31c987ca0617370c49bebbcca07c46a4149a93e00e000eb2b0fb0b

SHA512
4ee0e3203ba7987069cbfbcfffe500a4f1546e25883f9f9e2829f7807e4a65de171914aa00a5ec09a39e34d722b305b0d255f66c867131bcc715865703a91412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
34bcd13307ee8533e1004a997eb1ae87

SHA1
20939143c186ae1fcde18bb0e78bbc223fe7fdb4

SHA256
3947b2911baa401b2b30a14a68875fe17bf33233bf2b7ba8447018ef6f28f816

SHA512
31374f90c7b64e3560205cb194d0ac0542682e22cdd891515950821860fc6d0e17015cb2583b60eb0cdc76423763ed261534d6852ef3459cf7e36b244c0e45a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
889f2270e65c0aac1b331f881b64a8f2

SHA1
8dec1251ead38773e8f99288d10d274f857bdf7c

SHA256
9626110bb54bc2b1974c6848e6bf5b787cc766f08e5a25c513910b5c345a9e1f

SHA512
45f16c79bf56c40752249883d6d28b890b8da4422a3202b2ca6f62c19b7f3a0dfd9b819deba775b8f513a0eaaa7c3523760950dfc838cb8fedbc3ea192ff0a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
9cb13b1ca0e34a56296929606e367ad7

SHA1
513c0115ff67b2885b465a8ece2d1826dcbd309e

SHA256
60923f74dbd6e03aaa3173c539a57d116acb99d4dbd0ca35120647d7b33b3e98

SHA512
3ddf739b88c4ccda1786e4a1a71cb7796725f30092f48b1a7dd1eef09783fa1bf9c3fc276f0972b7ddde6f301e2a7ad7cc59e7ccbc1868164250e040d3134ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b0607.TMP

Filesize
203B

MD5
fb766e3e5c73362aacbbd370588b7370

SHA1
14acf5e35f156d2b4e4748c299c19e408916855a

SHA256
321cd62abb590e5320b0f45ca2561291484e747d171216de74d2c96f7f0927c7

SHA512
8c69fc8336585ecc445e2cd8c0261b46ddb813412571ceaf64f03978513c5421d1891ced941b3c8160511d14c9714899708a33838fbe6b904b758d6f0a20682b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e62b3bcc6c74ddc36dfefb429f81ba87

SHA1
5b3d7135379059fcc23bf26b8e0bc04d9d603611

SHA256
dad54094ea372049d852f863e95f8d4eb883183b61ce347c572ad2829bc66ba9

SHA512
e1dc1571da889527ecface337748a044487a129a2d47316dd733d1ca15f9c86eda7b6b821bc5e1134160fd80dcdcc53cffd8fbd74e9dd476e3949328caf1a7d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
22b7e0a6833a927c6db398388ac67eec

SHA1
a20aeb0e174869e275fde0c1c3c93635392c1e0c

SHA256
fa61c4cbd38e06c2bee97589433e8e20a2bc37b6653f4620064862d10f0fcf0e

SHA512
3825d24cb557dd20cb25c403ff056dd399ecab58536b70f8fba8381695515561b963d4beb1e72ff49d3b21f5a63663dca28c15304c56a6ded6ba51372c337bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
e30e26b42328744b79505391fa6162a5

SHA1
cf518807dd19200ff5f919ef39d7cc754de11fb6

SHA256
3eddee973358c81368a38b33b565314cfc50eb9b9b819eaa2fb58d6435ce612e

SHA512
6d3662c99631de5aec5dd36f9e64d5588c34408148c6ac0103779a42c0b097da559bb2f8cb847930a2f904bd291acdeca6e157a107cc9cf8b292de0109db0bfd

Download Submit