hxxps://mega[.]nz/folder/zaZhzJpD#_ECfbu3M2eKEeCHPv_d5ow

Analysis

max time kernel
1192s
max time network
1174s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/zaZhzJpD#_ECfbu3M2eKEeCHPv_d5ow

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
3264	msedge.exe
3264	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
1852	msedge.exe
1852	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe
5800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 2204	3264	msedge.exe	84
PID 3264 wrote to memory of 2204	3264	msedge.exe	84
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 1596	3264	msedge.exe	85
PID 3264 wrote to memory of 5052	3264	msedge.exe	86
PID 3264 wrote to memory of 5052	3264	msedge.exe	86
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87
PID 3264 wrote to memory of 4188	3264	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/zaZhzJpD#_ECfbu3M2eKEeCHPv_d5ow
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb14c246f8,0x7ffb14c24708,0x7ffb14c24718
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12558067326259336157,2036717350755647241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:1236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x4ac
1⤵
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b094a8bc3468beda3856f585d65876f6

SHA1
154c73b78a99bf0fe2bc258a02f8e132db22018b

SHA256
84cdf62b3c743ab3ee45042eb3fe2d78b503336404cfa37c87aba1f951567ccc

SHA512
44470402574412e39e736931ed28db2f89b049d42dbb2b0b90bb1ff68f46f5f9ff25eba5f14db876d10caf75e0c6d0ed9a017333ef97b7177fbab92abccf6ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
4.5MB

MD5
538c79e7b1707457469974b4ba8be32b

SHA1
63993b1988ed76005bb9f9b38c099f4a3e6c4c73

SHA256
73500d293dba76842b63b5f9343cfb81f07efb730670eecbcc9f830ce5056024

SHA512
ed3e43ec1362ad8b830b7efe4d0a6994c998a11bf55bc233ebd709a52e4bd66d462aa52d798ac9f9a711b3d2dd37927338731791ceccad691f5ebfb403112933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
e08735d8d04f386ff229cfdd8a901096

SHA1
e90c5ea41031dec6fee120cc3dff12883d030394

SHA256
dc42a69331760dd72e43c530f6bfe4baeaf1e8ac68edd7e6ac80d131afe9c0d0

SHA512
a1459dfe83ad0ce30a3c50bd9de00e56a57f66b6b96eda248288d5de02cb0bc5c22797e0a33188bfc09a66a0695e6b3c57ba5f0d743abf2c6e5a4b66bfd75386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4234016dc990bdc959d7867c3889f65c

SHA1
66138371f54950ba19a3fbc2ec2d2a76d599780c

SHA256
5a15fba78f8dcdd82ca5cf5609b86b58b6ba87a2b5f2441dbb0077d3d380b755

SHA512
51fabae23295d7cb9b1cd604ecac78e12c21c7feb7e674aab5820b086f4a64db944d769cb1fca09933b891f7c0ee1959358d615b658fc40ec236aae5012f1f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55463ddb9d8b6afbe29343ce3b4781e7

SHA1
a852ee1ceb8797fd82037caa00ea50c8fc604e7c

SHA256
b0354079e5e3fc55192a4be49ca4fe620e83506efc1e512c5efd224e73775be6

SHA512
915e4d4bca1caee1499380520be8f9411986e7ff0fc62a9d9f359bbd0abb6bc42dbd371acb42d253a6c973e7bf8925f1093fc9b2ca4e4e251a76265a5e98fcce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a2c15a614863fcaf23536df936e9ae7

SHA1
72183091cba165d3cd9d14db1488700487305cbb

SHA256
6c48d8c0f4c9bcb79082d02622a942e1c136102772fd9c519a257fa3ff318625

SHA512
1fa0ac89da1820c35b9277826a94f86f2fe82469a0a4f3ed5bc60ffb0ac1a8f216beefa1c33ec10c8b994b718cb2ffa9efe5576488da06ed54e6902636f00eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
de2764701475db5b0d08b3f2a478a8ba

SHA1
652c041e554ca59ed62e52717d8bdbf4b98e5d0e

SHA256
35d0e0ca93f8b4abb77325976e183521047b9c22231f6024247368472697558c

SHA512
793e323b125544eee7e77b014fc4a46cb79457570a2b67b005340c84efda31fa812f50c4fbf9ffa47656ba797972eeeca791d9d98da710e374fd7ea700775601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e762.TMP

Filesize
48B

MD5
97e78dcf56dac2e4deb04a1a7b41e247

SHA1
6dbc43243d032c75757c082a60d6e8c3959073f5

SHA256
6e30d155d783c85efb182d9866f1cd2f3c484b35a4b56f212de60ab3938d338b

SHA512
18f7b5d6e233732de92d111cd5d8d309addc2caf277afe499553e9ceb4cecabb7b8c9dc04e9d74b8d28fb9baa24c2fc6140feccef3a646028fd9f9beccfb531e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5732ebd84c01e16abc39b9ca50a1495

SHA1
879ef13d46cb2972497b811da575e8b1b9ac2f4a

SHA256
dd69dc939fa16decb6f6b674046f374d418c9aef7b0e74994e57dbe485fe3462

SHA512
e5f27849209924bc6cf48c942ca66f94bdb96f384d6ddd6f3d63957786d6c35358c5a1f5a62892d450f4f3162b820d993ed62b9edb531169cdd92dd7fc2a82fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9711e707aa9bf977e61ac7ea8e160dde

SHA1
53b8b5e18efb58f1aa26a57988228b7c57977aca

SHA256
e6c9c9bacc28007e9b67a2866e5c469b6dbd38d4cb5a0d576d0256b06f58bd9b

SHA512
1b52fdf1696c15ba8ea3415c259c0b6b057cc0f49f39e1398f601f4d59eb605839a3b3c4c9a6e2197991dcf01ef143a8d04c0bf12bd8ab703f8bdb75b7a6bf97

Download Submit