hxxps://mega[.]nz/folder/cVhyTICB#uIWlDLkiZNFPaCZk1JMh1w

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/cVhyTICB#uIWlDLkiZNFPaCZk1JMh1w

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
1580	msedge.exe
1580	msedge.exe
3932	identity_helper.exe
3932	identity_helper.exe
2900	msedge.exe
2900	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 1568	1580	msedge.exe	81
PID 1580 wrote to memory of 1568	1580	msedge.exe	81
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3256	1580	msedge.exe	82
PID 1580 wrote to memory of 3388	1580	msedge.exe	83
PID 1580 wrote to memory of 3388	1580	msedge.exe	83
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84
PID 1580 wrote to memory of 1872	1580	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/cVhyTICB#uIWlDLkiZNFPaCZk1JMh1w
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff83a3746f8,0x7ff83a374708,0x7ff83a374718
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3724 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,12239217976198033368,9507586617696673705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x3ec
1⤵
PID:2092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
92daf92a4d9ac08876aca1f20ce4c38c

SHA1
02677410d89d1f405d343e1bdd8c4cf7bb4f45d1

SHA256
58be3f2177b891651f03176249db466e7dd0140ec9dab0a7c6dbee225d76e3fd

SHA512
e64730c641fa49d7d4a8ee4300a4a819fa1b4065f5b660f33e87f885d301bde0112987c9ff71793eeef908b01d1ccd775ae0cdcc882283da5e1aadfba20c87d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
702d7de04f400d00c9ded1240557a0e3

SHA1
3666eb86a6019f3b2bc20733b1491a5948332c3f

SHA256
d198bd9b3dec3c8717f47f5ef81d6e228685e5e06b69b9e91c37b46989b85c10

SHA512
9aab170b670d11e9c22823d2a4b89d4d2cc48803cab8461d1a381d091831510993a617eb983b4299a5a1d14a480059d3114bbac86c7abe1afe8246f7ea16ab9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
504B

MD5
b146b4a6a6104148d2ba366e4c75dc6d

SHA1
d9309b1c38a2c6022df40df41aa589d11733824c

SHA256
f83ee93e4d5db711a2248173b93c1207984cbbc9bb34cc7f64e99839cc439ed4

SHA512
ea6fd884804a55b42e4eebd8ae32c01c3cbe4e4072c9182befba987c114071fd507273cd400d35bd9f7aeddf47fa642d5e2e7214239c1ba20ce48270c9cfe20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddfa2f31796de8a7746f80751564d0f8

SHA1
e45d856c6e8552cd6585fa8ef130085bd97fd6b2

SHA256
bf482a47c5783e34cd6f14e2e4c3ccfc6959b83e816a7e19fb840a02d588d875

SHA512
0fe516b8b8669daec257f171aecbd6a73c305eb7c2b47b36260851cf6c240b6a015e01170b80585120b9e63f7107653689ea61658aaf19671cd1757b64d308fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
930ed5c8c6e6ed49c81fbeaf9c837ae0

SHA1
d7853058d1b15aec27eeeaf6ac72735c45747cf3

SHA256
ad5e679936f3c841a2fc6f63550a65f85a87e45261e39ac453ba49da7c4af3c6

SHA512
552657a6e8bb9d480cbd5da1d68e87ca87b504855d033cfd5f49644d03b24eae77700040174bfe61f59724ef6351b5b53c19a45e3eccce2e2abeb1b192848f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cda60df11abb8e12302435225236542

SHA1
89eb5e768983ce106cee8eeb986b15985dbcb63a

SHA256
b35ee598f14fc67300cbfaf0c73e50408adf75f075e3873bd604de2e058156b3

SHA512
d9217b145e9b7a3562cb1fb00aea16fef90ec8e8a7d13d2b1fc9ea8a992cf12d14e778a1ccd946dde344f3974be5913e41a59d299e513095309a3c109d898041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d330b75bb8f8457bd01b04eb89d7fa45

SHA1
99ed251303c3e1101b409afeaa7faf8610c2fa7e

SHA256
ca0c0e06fe160c32b080e5e550d4f0cb9fa5ee798a5e3fc9589cc63d5b672ea9

SHA512
9ea2820695abe0ffbfbad3cdeef8505bc848040d4106f6ed6a90ddc4811f3aadcb7a08887379e0620a8d2645d8279bf98c91314d68da6f947f7ba662c7a64c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c5ac1fe259358e791608f6855fe07fe9

SHA1
e962c8f4c289434d30e45f4e4aa126c1ea29b334

SHA256
2eb734d3cabe5caae60273f0dccd60711fed59bbce2120f41555e69e908d5e8d

SHA512
e4ac8cb9631b7942de6fda70a377af4f78c0b16fa6e8758efbbfc9e28608ca18084340b905c709b7387901429ea51d8df37834421ad0b7840db84b3330696ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7a9d62f58c233f7a37280e8ca80df9dd

SHA1
ba207c5e1e2d267341a737405dec3a4d70be9ab6

SHA256
ba1ae2d30455800a63ca3e6692e46b993b7975755af5ea82b6a0f6bcbfacb16d

SHA512
8a07892d0890854c3407e2ee6ade9e962726c98e73572d6927b4e11aa7df649d43a5ef0a381e43227129e569e06004b141a1a0537644329dffe6af39845c2cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580f7c.TMP

Filesize
48B

MD5
8b294452effc65e91b3185a229bd5762

SHA1
587768fcc4ffb752075dcef4a3ec881acd2bbbfb

SHA256
c5d0eb6b9bf184a4283ce0d89585b0f17b538a28614e380c27539a8b6fb47123

SHA512
473c4f1bea4db091ee91cb3b5fd92414c90cf408a7a7475a9ed01e5a29487dfd8a8f1371b8c11d7a0b21ba6d8aab856212bb21a8b6d29da544bd7b4aa4620944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d32b8861c9da2273c9e5c2a048383b91

SHA1
a10e25947de729bf6a5e9de2698fcc678b028f08

SHA256
c921a96e79b2a3573af814904b350a2c6cda5ffa5225ae3bdc8bd86bcab000c5

SHA512
d0f3caaa5c65bb2201641ee5513ad1b9f18f766efadec67f578163b4f30ca85043aa17b14e049b049d754a25e4e5a59c4d91ee8089d7266e017618fb1b32ff27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e2bc18aa0e2c7903be0971fb1547e54e

SHA1
85ae160f648201478e9d1c2bc8f1d0147588f5b6

SHA256
ba24f2d3092afa618f0a74a76651b3c7c45a158898ecc1081f0f32cdca634766

SHA512
5a322026484e0a869d71ab3fde3b4c05188d68c1dc6749707aa7521ad2109daf538a84a7bc5633cd4ef69f9726611b2841be964fea9b3dd3018cdf25b8779205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
57ca09abd92a648599a6a47cd23a8fb6

SHA1
9b0adc4d4b8f621de9616fc18d71af7f9f60b1a1

SHA256
c2911851b58dc6c3e3ef792cb4c9dbc4505728141eff519dab65149f2156d48e

SHA512
b86396e44bd520eb5caffa7e550eee20eeaf828787c4dd7fb70f648be2fc94b7449d26dc6e05b98ab7cd09977cb98a8509d02ad97cd328fd0927dd97696d53a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bb0e.TMP

Filesize
203B

MD5
e51533d88ef66c6240fc13cd98715adf

SHA1
c2e17c72c49490afec29ac904c7c1dad76f8a159

SHA256
8bb6f8290f918d4570e57c4b53cf32bc536c2ae200bc0789ab49bf5fe61fdc62

SHA512
0fe36c2e288cf7608e06119f4d8e419272939cb716e850b158da56cead7eff609b5e80176609edac55d8750a1c6e94f491c59375253d09326b822ec179cd229c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
36386c8416e73abd8021ec6e7044fb1f

SHA1
a4ea04815c58bc70c6dd6ed5e927a61402e07904

SHA256
fc2164ee82eb90c5b142c5301d9f93673b33ec39d89b4d250ee73a9cf50d6bb9

SHA512
bab03386424246a5d5222e219bb0cff456b604d23f9b3f606c98b7111ac70e7a6b3ece831845b8b919d7069a57f1f9461455a8e27cd0560dd06ecb71cad557e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4555dc6ab3e4a3051036f705db38bbfd

SHA1
c07800b30cc79cce70161807a2d83b233ef4f908

SHA256
da39286d5011a16ab0ce091361a4b1255e8b11e24875b9ae6775ce612123a59c

SHA512
e8334ad6eaf8595b4f23f63838d2d5598129c02be7338c9b948309ec92845cc670e54899ce4e1fd519a3ba7e7faa621c80fe5b5fbce0c70beb503193a52b9db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9bcd716d4f483dbd719334322949771

SHA1
6d385455ed03513f660d87d6f627eda045c3d732

SHA256
4672ec7a1c4207dd701545c9836e85ea57705092df077611ed7193cf553413e3

SHA512
72e442fa288b7e498f3102c98df2c84a17ae6843f0bb7659505ae6fb0894c63b0187c3cf4b87b2a0bffa0e5aaa121cf48704ce1445646f5600ff2e114cf8f15a

Download Submit
C:\Users\Admin\Downloads\Bloxstrap.zip

Filesize
432KB

MD5
79ac561a11b760aaa6debd8a0b151cbf

SHA1
a4f2cb24f00dc90381cb49c8cd9ad29bafd93cd4

SHA256
775b770809340b15ab06fed978459d883db216ebfa08927f8ef9120bae8559d5

SHA512
d44ef2242b1e4ce3c8ff61e61d3b56a0a20c40ddcbeec7ff5819b1fc4ea89a3b92b7ae7effe6d3b6236fbd346b1e3b122bec43773961e27e77d2766760a28790

Download Submit