e11811051baa4b8010aa790f6f1e86e7275647a70901a31e30b20140a635bb9e

Analysis

max time kernel
208s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 07:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OnajNitroV1.exe
Size

6.4MB
MD5

ee518bb6425bdb8ab369d78ced89bd9d
SHA1

ba54b1c5882311c342474434589d0be7460b3e26
SHA256

e11811051baa4b8010aa790f6f1e86e7275647a70901a31e30b20140a635bb9e
SHA512

af9903309f8785aedd31750115d0075ccde4e25ee79ccf24fb56c9511b664a60d78e3a2f911d263aec18890391128d38d45d3955029a0e7db08542bd5981a09a
SSDEEP

98304:k1SPf3FHkDx6hzb71QGQCPDbZfzuOqV6l7ayCb7BJ5mjwNwwMeZYobSr+h+I0x1:k1cflkMFdQmRrdA6l7aycBIGpEoNT

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 15 IoCs

pid	Process
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe
2652	OnajNitroV1.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
93	discord.com
94	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{61C70DB0-FD6A-42D4-88F2-DB1FAFA66885}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
2440	msedge.exe
2440	msedge.exe
2016	identity_helper.exe
2016	identity_helper.exe
1828	msedge.exe
1828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4792	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4792	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 2652	4628	OnajNitroV1.exe	83
PID 4628 wrote to memory of 2652	4628	OnajNitroV1.exe	83
PID 2652 wrote to memory of 5756	2652	OnajNitroV1.exe	86
PID 2652 wrote to memory of 5756	2652	OnajNitroV1.exe	86
PID 2440 wrote to memory of 1144	2440	msedge.exe	116
PID 2440 wrote to memory of 1144	2440	msedge.exe	116
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 3172	2440	msedge.exe	117
PID 2440 wrote to memory of 4960	2440	msedge.exe	118
PID 2440 wrote to memory of 4960	2440	msedge.exe	118
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119
PID 2440 wrote to memory of 5844	2440	msedge.exe	119

C:\Users\Admin\AppData\Local\Temp\OnajNitroV1.exe
"C:\Users\Admin\AppData\Local\Temp\OnajNitroV1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Users\Admin\AppData\Local\Temp\OnajNitroV1.exe
  "C:\Users\Admin\AppData\Local\Temp\OnajNitroV1.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title OnajNitro / github.com/onajlikezz / discord.gg/pBFaCQQVBV
    3⤵
    PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc539146f8,0x7ffc53914708,0x7ffc53914718
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3744 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6644855414154398482,392586444761040593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x478 0x42c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
08d4912097874ea0c2316154b1e261f7

SHA1
c8eea234a5366542c9718dbda8964b6e4cc20821

SHA256
d216bbb106211212321ff04060d56407c2a35bca6dbe27fcf827b22b9c3c5265

SHA512
97de738fd853b86a1f6a27ba397745c5d8ec233e06c812f1cc160a21c2d71f79a50c963119231be265fa46ad5967cffa642e4eb8927ddc37531115057318bb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17ca948e587edda02cc8e8d3009e2ccb

SHA1
51addebd8900fe9fb9ca5c8681222a59ce6492fa

SHA256
e6658d6306e62e26ecc6c1029c0f2a0524b1571b56583920cb425f4ceac5c021

SHA512
fd3ac7e0cc3c7731e9b740eb995ed08bb33146bec474fedd1d187bdbb60a473cc96099fa93eca1e09515a79b0f3677777f117bed9306a9219690bfa93a079a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a901bdb19eb6cb5a5ceb061ac1cec57

SHA1
bde67fd4fc1287e13de129d5052df74cfd0a320d

SHA256
f442b18f27776a048dabb0efbb3587b4ea19ca8b58e7d99d20dabe9b57ab2bd1

SHA512
616f5c89d7f15d8b19b0139a7cc9b2df51a9012bc0b1b8e4ab16360806ef5a392b446cf202dab2d4427b850e35f6409f281bf22b1fbb0dbb1e6d596ee8af1c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a2dd8.TMP

Filesize
370B

MD5
ad5708f9ad6fee8b47ac1c57344ea5ca

SHA1
8cad984337829849f7fe10ec40c3f0cef55f5031

SHA256
bf4cf1f549a3da470ae18af3a318104d0a1e6a5b35732dcb721bbc9233866833

SHA512
bf16bbae9cfbb4abe70b9db8a5b1fe1b8e14bf4060f1e4bc5167385d0642bed68f3f57df630fa59676d2bde0b09ddd25a83131c3af5d6bbd6c2b0f677edb7431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c79f3a32092fa2d20a2133b8d8ac6ca7

SHA1
1d1efa86d9724e72a03b5bb9df85ac648c086ec0

SHA256
4c925d8546a092a5552b4e3a3a0ff8de66996f3865f0fae25fae757faea77daf

SHA512
66b750956224889b0e53c0eb5d41c35bb49a6ceea77e7e3296426d63fffca0a080b2444c95890c0aa3735ec2d13d74bceb1a0bb36bed1270e816afa61b8099f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\_bz2.pyd

Filesize
81KB

MD5
bbe89cf70b64f38c67b7bf23c0ea8a48

SHA1
44577016e9c7b463a79b966b67c3ecc868957470

SHA256
775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723

SHA512
3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\_decimal.pyd

Filesize
242KB

MD5
6339fa92584252c3b24e4cce9d73ef50

SHA1
dccda9b641125b16e56c5b1530f3d04e302325cd

SHA256
4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96

SHA512
428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\_hashlib.pyd

Filesize
60KB

MD5
d856a545a960bf2dca1e2d9be32e5369

SHA1
67a15ecf763cdc2c2aa458a521db8a48d816d91e

SHA256
cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3

SHA512
34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\_lzma.pyd

Filesize
153KB

MD5
0a94c9f3d7728cf96326db3ab3646d40

SHA1
8081df1dca4a8520604e134672c4be79eb202d14

SHA256
0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31

SHA512
6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\_queue.pyd

Filesize
29KB

MD5
52d0a6009d3de40f4fa6ec61db98c45c

SHA1
5083a2aff5bcce07c80409646347c63d2a87bd25

SHA256
007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75

SHA512
cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\_socket.pyd

Filesize
75KB

MD5
0f5e64e33f4d328ef11357635707d154

SHA1
8b6dcb4b9952b362f739a3f16ae96c44bea94a0e

SHA256
8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe

SHA512
4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\_ssl.pyd

Filesize
155KB

MD5
9ddb64354ef0b91c6999a4b244a0a011

SHA1
86a9dc5ea931638699eb6d8d03355ad7992d2fee

SHA256
e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab

SHA512
4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\base_library.zip

Filesize
859KB

MD5
22fee1506d933abb3335ffb4a1e1d230

SHA1
18331cba91f33fb6b11c6fdefa031706ae6d43a0

SHA256
03f6a37fc2e166e99ce0ad8916dfb8a70945e089f9fc09b88e60a1649441ab6e

SHA512
3f764337a3fd4f8271cba9602aef0663d6b7c37a021389395a00d39bd305d2b927a150c2627b1c629fdbd41c044af0f7bc9897f84c348c2bccc085df911eee02

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

Filesize
117KB

MD5
494f5b9adc1cfb7fdb919c9b1af346e1

SHA1
4a5fddd47812d19948585390f76d5435c4220e6b

SHA256
ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051

SHA512
2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\select.pyd

Filesize
28KB

MD5
c119811a40667dca93dfe6faa418f47a

SHA1
113e792b7dcec4366fc273e80b1fc404c309074c

SHA256
8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7

SHA512
107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46282\unicodedata.pyd

Filesize
1.1MB

MD5
4c8af8a30813e9380f5f54309325d6b8

SHA1
169a80d8923fb28f89bc26ebf89ffe37f8545c88

SHA256
4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05

SHA512
ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit