hxxps://mega[.]nz/folder/TIM3DZJa#XS6yTVX_JYldl80D5TAAKA

Analysis

max time kernel
1785s
max time network
1787s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
29-10-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/TIM3DZJa#XS6yTVX_JYldl80D5TAAKA

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c3f52484-d11d-4ed6-a1e1-76ea25d493b4.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241029150344.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1040	msedge.exe
1040	msedge.exe
1116	msedge.exe
1116	msedge.exe
668	identity_helper.exe
668	identity_helper.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1116 msedge.exe
1116 msedge.exe
1116 msedge.exe
1116 msedge.exe
1116 msedge.exe
1116 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1116 wrote to memory of 412	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 412	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2636	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 1040	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 1040	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 576	1116	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/folder/TIM3DZJa#XS6yTVX_JYldl80D5TAAKA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc3c8846f8,0x7ffc3c884708,0x7ffc3c884718
2⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
2⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
2⤵
PID:576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4872 /prefetch:8
2⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
2⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff600425460,0x7ff600425470,0x7ff600425480
3⤵
PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
2⤵
PID:1232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14052420445198364041,6617890421249956147,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3184 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c 0x2f8
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccff51f965f8f4176e4ad112c34c86a7

SHA1
eab249ca0f58ed7a8afbca30bdae123136463cd8

SHA256
3eb00cf1bd645d308d0385a95a30737679be58dcc5433bc66216aac762d9da33

SHA512
8c68f146152045c2a78c9e52198b8180b261edf61a8c28364728eafb1cba1df0fa29906e5ede69b3c1e0b67cfcbeb7fde65b8d2edbc397c9a4b99ecfe8dea2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c29339188732b78d10f11d3fb23063cb

SHA1
2db38f26fbc92417888251d9e31be37c9380136f

SHA256
0a61fa9e17b9ae7812cdeda5e890b22b14e53fa14a90db334f721252a9c874c2

SHA512
77f1f5f78e73f4fc01151e7e2a553dc4ed9bf35dd3a9565501f698be373640f153c6d7fc83450b9d2f29aeaa72387dd627d56f287a46635c2da07c60bc3d6e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
73a25141279621db118ec147b77e02f2

SHA1
c153e83efa8b9bd4aee3bb98206d4977416fe1f6

SHA256
34e38709c4604a5c82389a8287548b5f1935240674d64ff08236c9dac21e96d4

SHA512
13b4a068b5c1078ca287c43f178313e7588061d741152b25103786893aa10e6788ee2806216528ef35ec951b47a1f493836ef6ab85271d5cdc94d8cf63e834d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6e888dd362017615d400949894d6f6b7

SHA1
6d19c31a470b55ebc0f6e7952948bdc979a7a95a

SHA256
29aa93c083e028e1aa2c6597834d8040c1105104c5b414377f3f832856d60b1e

SHA512
c5dc2482a6de149a045cd0520e865ffc3dfd3f0bafad89b4bcffd650aa7ba3168e02ca941661b7fb8d823a06a2d1d91b039edce97bcb09a8acfecb9513123f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe587395.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
49df1e3bafd8a7af66f91b70dc4c78df

SHA1
4a6fac17fdf3cf56181957779e18b00519fa9e2b

SHA256
83b9e8d1fb75ad5a1dda4d6194838478ea1670ce33661d292ad287629f240a22

SHA512
a7acd24f66de163c6f566bfdcedf5b1573533e23dd134ec5f6f8734f27459d90e591bacc1f2c8b18ffbd29d377fb06b9eaf2c86226cbe10cf63feb96d16fb7a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
62d5111a3a0077d812f721fadeed4eb0

SHA1
9c1ffc9ea9c026abd23cc071fcfdf2a3d59c09df

SHA256
2d27e16b025e52f7ba69f954d9d56e455fde28dad0090893e804ac0491dbfc92

SHA512
3c85208856d676c561df93806f35637331c49de70f3d34079a5249c76b31a666c6f79151ee678a96b3ab01454562ed04488426cf3f5f3bf520e4ce318a43441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
57cc202a5e1cda113272dd3813054063

SHA1
c7652119d0f0c3596b224f7abcb511ee18eac59a

SHA256
763aada51fae02c2290c269b361336706add3547e0fe96556ff29a1a36d5e581

SHA512
cb726f2adfbd99d94032e0e1ff86757dea4c4e8b1cb29e2b82213acd173a7f5a8d4eb434d2516bda962b3ccbbbb08f86f403503d832cc964dc00bea294d32461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
86aa28ffd286b08415aa197216684874

SHA1
d99924976c73e3220108817ad6bc1d8b1795ca2d

SHA256
a6dc4bc6ade3039e57b538f2620b91602199f1908b23c4a2beb3fd3aa721579d

SHA512
a51fbd1af778d32f2f95a9a863a59f42a7eb804dbb8ce85459297959eea21fbfe9625d74c3f91ad65016031d4b3e26eeb748c1c59e09ac68778fc670d408d0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
26978f38b0bce48572b90b762b7d937c

SHA1
8b8b88012fab1d37fca79575a5db81674b424867

SHA256
b38f05e2e63a1f87026aed06f5b85354570c6f91d28947466f0555276bab6afa

SHA512
501e0de5f46bfaac901cde5c39a321edc411426fd91c83427f36710fa56d20b5f6ab8f2219d963f7ab495c2df7def879652381db3876b7e2a7080921cce78379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1ae53730c6cfd40b9285d5d00a408b45

SHA1
0ebed39bc1ee0b68920fac5826be2ed31d12a46c

SHA256
5a62b54bde9ea6268f8382f4109b4d9e96289d95a99f20b6f81966d1b1fbbe72

SHA512
dd5d68c21abcc4e95311e9079bd28b5579be6374e121d2c0d9be39eda9d5e817cfd01fcdda0c6ea4d8d8b53ffe2285d2e538185323fb0925dd28393d7077abcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b8a1.TMP

Filesize
48B

MD5
479dc0493b5bbb28a68e034617b55b51

SHA1
cb00283ca08e5ac15da0d492c1a4b715a78a4270

SHA256
924a39f6d31eaf650961aecc4aa1d4f01559286455e0bc60049b49a7aa7f4da4

SHA512
585a5cb988fb74dc6757802b544095231bf9e7460ba100a43e92422a790b25587da1e9b53d297622d5ad060b36faca5d17b7a2584554a583683e98db1733a53b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e4c2abf5296739b3ba9f5727d7cfd2d0

SHA1
f10d0e82f154ce13e404badb1d4142719cc7fd49

SHA256
cd44a1b092360027a306c50f1be01fa538bfa129fdd95892fc23e78653a76bd9

SHA512
a0830ba7921164446acb5ddc8a0fa71cf7f21139eb2642518c6cb3ba62acb198a8b241b90cbb4c3035f67cf8e8f5dd250b7802603e0bd58db7ab6065678ea13c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f8cd0579c93a3076561ebcb8648274c6

SHA1
67a9d35c7c4b1dac112eaa58a4d1f67477b3c799

SHA256
e575fa3161426a3c5c8c4e7eb367332b6981d891624cc9e5c3fedf5f1bf07fb9

SHA512
78bf6191b2ccced990c0d6a8df03ec0a7aa4b933c94a5798cf28bf5aae4ca1c2a24ce693458764ad07cb8f83ea2d54a2bb4bcb94f1fffbcb351b61008f54232c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6efefdf7449d501aa732bccafa624a41

SHA1
3d89cf92d51a9a56e35c7cd3a36c202fc6300a7a

SHA256
92ce5d27be2a49f03905b60425890200d770eeeae0148715f6e1574a6dd5b8f2

SHA512
5c2dd93a4c326fb60c26dd7e408b115df41298ab60b33d4ea06a9f696501d2c673a15fa1bbe827414fc6cad81d1f27c80a3e5541cd9cc5a284b4b6fb94ed1761

Download Submit
\??\pipe\LOCAL\crashpad_1116_ETNLVRTTJAVXVMQM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit