hxxps://mega[.]nz/file/db5VXCxY#UtGUsbD-EuA_D8mUAWwPrdr13jKKdUBm10yS_P6UJHc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/db5VXCxY#UtGUsbD-EuA_D8mUAWwPrdr13jKKdUBm10yS_P6UJHc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 197473.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
1344	msedge.exe
1344	msedge.exe
1636	identity_helper.exe
1636	identity_helper.exe
3612	msedge.exe
3612	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5300	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1052	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1052	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe
5300	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 820	1344	msedge.exe	82
PID 1344 wrote to memory of 820	1344	msedge.exe	82
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4072	1344	msedge.exe	83
PID 1344 wrote to memory of 4692	1344	msedge.exe	84
PID 1344 wrote to memory of 4692	1344	msedge.exe	84
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85
PID 1344 wrote to memory of 2912	1344	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/db5VXCxY#UtGUsbD-EuA_D8mUAWwPrdr13jKKdUBm10yS_P6UJHc
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0d7746f8,0x7ffa0d774708,0x7ffa0d774718
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17293120928286725487,9108132524108619316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x250
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e68278151740524a409c70e7fcac7dd0

SHA1
10967a7e9ccfabb9b01e003f760cee1f0c65481f

SHA256
dcc0bd159bb352eec3400de1be53f38f149aed98a2e674648cc4d8f41f7e83f3

SHA512
1f047b88dfaaf8a5aa319e54daa8d37dbff5e988a6f90ebaf8902afc492db59266c4f1f838a38f0c5017d2a936af74e93ef4f825756b82474c401c04d09327f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3aa3b02da935fb3529b0a78b1f798d2f

SHA1
f180457f72ce2a0b1790ddf85ef827c2a10ae720

SHA256
354f226af204d70216134f86b4d5e50cee2f217cb9cceaf144547e360292ae4b

SHA512
92eef1d44c989402a249b6e0ea7e9405a35378b23361b4ef2b327e1b4ea585e4fdccce36e713ea3bab236cf98e04072351ed5ec0e6a404993bbb3aecf87f78e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05dd8c15210d9ae20e110275444bea8f

SHA1
7cf7f6c3f1c77433d447766f4af71516344fc162

SHA256
7a6f59ceda84c0fcc771929ae1e025f116ae6d919d769e57bb506da2834b14fd

SHA512
046b26de9f908e54ba3969031247fc7fd21b8533080d5867b795ae1b21a32f204a1d03f62fbaa7f600ef0ccedc0537f9385673182ea6ce570034046f87a04e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a315c48d0ea592d76d4359412b727e3a

SHA1
ff1f3c00a08980096fd4149c7a2fe9777b09010a

SHA256
6b84cce2f624e196aee9309dbc590158368b9a5d0e705664f4a17bb4d091e957

SHA512
cedbcaca41baafa41020a0e8e26cf33fb71ae04a042902abe857574c2b19896e414de5af197da27fc99d3bb97a2e975613a5ed10fb78fbb51994b3a00203e9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5803e3.TMP

Filesize
48B

MD5
d5a6e7d3806032acad289a6d0f00e155

SHA1
face502a0714445cc8edc9e5057c7dac429f807a

SHA256
0c7b3356742fef214dafbe4ea777f34a30bab253fa8ced9e98b267a7c1fcfa7f

SHA512
5933d19acb92782138a9022b4e704b83cf18d675278a42346ea40c9cf44d3b79548bbbaa62762b4f09e3b5a2a3d413e9734191e58f13385857a33352c7337437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
830931415ce3b09d56d2d20e257f3c5d

SHA1
0d9750200ddf30703949b7793557da3a115df8b9

SHA256
f31ed2961101430e22caa6f399ea23945bfd4097675f40fab61c1401626564da

SHA512
0334325516c64345181dc983af3e008fa0dfbbff0c25f43f647449145b8c5ef28ced4ef543e116417d8a9f0d5fa8366e26405ddc36e96ba5ec2b7eee75318755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cfc281deb35355395e453ed50865734a

SHA1
20625379ce4adb96daa5afcca9ccf0086218ca7b

SHA256
ecbdf78c6344b3004651a77d0a04cfee30f8518b402c3a40947f8d4d775f0bd8

SHA512
005ffba60cba156925e1114bec6286d33476e0277e741d0d01d43367aacc447613252fa2f381c69fa40a5d4efbfc7b944ce79b8f2f5f0e84b9a738df878ee0e1

Download Submit
C:\Users\Admin\Downloads\iphlpapi.dll

Filesize
379KB

MD5
793eb12a07955f04ba27863ad74c9893

SHA1
9fb4899ebb2f93d4865a755085f5ea55c27e1814

SHA256
13e95d78741defa8a34d788319eb570fdc20cd5afc5f58ff2d1c0c4efe84b48e

SHA512
7cc707c754178a9a11094f0cada115f27eedd7b508b51ccf560aaefc8d2b1c1df56a70390c25cf871108d858b91587a60a7ecfbd728461081fd7f249dd9bdee9

Download Submit