hxxps://mega[.]nz/folder/LhESWKjC#1Gn3yqj6BwN9xRFfkdZA5A

Analysis

max time kernel
586s
max time network
575s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19/11/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/LhESWKjC#1Gn3yqj6BwN9xRFfkdZA5A

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241119193118.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\acb6e98e-79b4-49fe-811c-85d1a01e9fd5.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
656	msedge.exe
656	msedge.exe
1780	identity_helper.exe
1780	identity_helper.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 824	656	msedge.exe	82
PID 656 wrote to memory of 824	656	msedge.exe	82
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3132	656	msedge.exe	83
PID 656 wrote to memory of 3680	656	msedge.exe	84
PID 656 wrote to memory of 3680	656	msedge.exe	84
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85
PID 656 wrote to memory of 2608	656	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/folder/LhESWKjC#1Gn3yqj6BwN9xRFfkdZA5A
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbff5346f8,0x7ffbff534708,0x7ffbff534718
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4596
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff70f705460,0x7ff70f705470,0x7ff70f705480
    3⤵
    PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17639727489268818591,7661620540157775854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x3f0
1⤵
PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a134f1844e0964bb17172c44ded4030f

SHA1
853de9d2c79d58138933a0b8cf76738e4b951d7e

SHA256
50f5a3aaba6fcbddddec498e157e3341f432998c698b96a4181f1c0239176589

SHA512
c124952f29503922dce11cf04c863966ac31f4445304c1412d584761f90f7964f3a150e32d95c1927442d4fa73549c67757a26d50a9995e14b96787df28f18b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78bc0ec5146f28b496567487b9233baf

SHA1
4b1794d6cbe18501a7745d9559aa91d0cb2a19c1

SHA256
f5e3afb09ca12cd22dd69c753ea12e85e9bf369df29e2b23e0149e16f946f109

SHA512
0561cbabde95e6b949f46deda7389fbe52c87bedeb520b88764f1020d42aa2c06adee63a7d416aad2b85dc332e6b6d2d045185c65ec8c2c60beac1f072ca184a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ae9e8609fd9b620777507595ebd24ec8

SHA1
51866eb7256704f270ac81915d650f5798da441a

SHA256
658653d97de926097094009f81dca94072f38a58b8ff5e4c15a035d9c6f7fb97

SHA512
1406032a7876439496dc948c76a091f590566aa5697e29fc38904658ebdd84b2c3ac2eda5564d48e3ab87e3f87214b310ee84939a306992c5f129889cf2cb77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4de412decac835a018d252550bb821c8

SHA1
a87980b710f26402120e42caf7a936727625a030

SHA256
2edca18b58582e708a8d2299d0a14bb84c1d7f33749fecf5d3356d196e0dbd31

SHA512
71697a544ab74c98cfa1d77a3ab759a970bd30272b8bf1f0f3438e37caac004682f4ea1d756f290697feace88483e91eea20711334229b924005bcc4e174d193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b06ac97bd08c80d0b8367213592fd08b

SHA1
e187cff7b48d95831f052e588c40718afcacf01b

SHA256
1fb3315edd571652c13ca6a0af57f76e51b2edbf9b3cb024acd01abfdcdf515a

SHA512
1cccfd3e2b2e0d837d5c99fd268179215251f3cea59e8e07395f9fc474919d2ae1f613bf34bed4f4ef75fe3b5a3576bc39443c34a311a7d6ea2242a519db62c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce3347228bfb702f6fe5a97978d60f7c

SHA1
4b1bb84bb9713d2219515b0904c62281b8b4a447

SHA256
293a6fd88fa8a4909fa9d30084f95bbaa80320987a199baa5d829853b0d1ec9f

SHA512
ba0f0661acf30b90feed25eb4cc97d363c4e3b5464a39dbb866caca21c9b8904bd2a4e0cc9684cbc6308ee14884feac3db429b7b182f276dd780ff0e2aff38e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
664b2e7ce0ef182b8b539d9732e723fd

SHA1
7f3593b5b96d03a464408ee63883f6e75ba6ec46

SHA256
17d77bc79ba41bdf5016f409791338a72acedaf368b198d4e6f8bd3ef5191e34

SHA512
08c300e1fde8665135fcaddfc6f7478ba7e73471eb4b620059f2589a60942354b931b9f9664172c4f989a70c44c34c8fd43a3e0e9740eee45454943f16ba4e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9010fe212d7da97a4e9cf63a903ee7a4

SHA1
8f124a736d045eea3c50a9597d18c9af8b128e28

SHA256
c2956b77f9af9f4d79e0198d8a7e0a5b6f880b4d597dfeee25a3f56c05d11834

SHA512
f763ab3261592107fb19b7d6134c7f4d02e921258b1c72f1e0c69a95ee8ed9cc20498259a279cca9648bbd213a5234b965a9196865d465e1f975ee9242e36326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
21320325bdfc20c6f4e4d136228fc9c5

SHA1
7e96950811d7ddbc1daeb7341ddb9768980bf2b5

SHA256
5e7ac2b978206a07d8b1841a2bd89eae4b466bcd8a0df3a62ae2ca0439b8bd5e

SHA512
ee78316d5b8edffdc83e3431bdbd28ae05a481d2a445ddf3b7c58bf0f01c6c42aead46a4d91e7fc75519a5ca8a7e2bab78749d88476c7a2fa0a25e8b3592bd43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b165282879f5fbf1e2f543e9202acbcf

SHA1
9e0b84702457f7e96cc5125ccbe414a67ca1b415

SHA256
95e61e792171bda9c860bd94baff5117dbcd54bbc0201018e2a9f36e07cb65fe

SHA512
85a6b37799862731727714566b52398f32842c0178e905bd57be4e2d0e0dc1aeadd27be2d50403dd44bff146d63e5d0df7433a86d0058756bfe22704d8dd6ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e995.TMP

Filesize
48B

MD5
47179e0ab6ee97e571cdbaa9d97b5e8a

SHA1
5ed20f5a94691a53c73cb6dc16525d55aebff7fb

SHA256
229353ee9139a3c373b04b6aeae8616336135dd701148766cebc2ccb24e0d807

SHA512
b318ccf45a3f960f18c94d292be837d4139a351b3e77f805e994eba5c3af2356f53e060c8fcbc47d198177cf26c4187ad93fbc471f882dd8ff6a1b3db7f30d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4e9d08264905e18146d8e9c803a8b38b

SHA1
5e42ad26c58fb29b2f40838fa9d80d9fe17838b3

SHA256
e334f682bbb345787f40df9e0383f9ed0905ee6e36dfafef6e5bf5d6e32bd0fd

SHA512
4e64f62b5b33b3babb10c7f2b53b5f8eaa9a9c9387ec2f3a8cfe3b6a6efb1dd2845151096a4d34abc2cfafacfc830b04bd64777572259df4446315a6b26c5861

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ab70c41943521cc2963dadf41c9002ba

SHA1
26da76089d23af4a7523944d908874e516482b9c

SHA256
fca9cff20b4c7508f4a9890d19e883c5b84af5caee8ba8f45c6ea548b5dd4847

SHA512
a464911d763bd08a35f1121169c66375ccadc6b928022a9f71e117fcb5ab3a8177631533b5aa1d049d7be4862963b273121eb86646980264bb665137c49e7bbf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
04be3f1344bf322a79557e9e76d4df03

SHA1
5315687fade8fdc49b4e62bfa6cefd3cb0418e14

SHA256
317d9195ce6b9b4b67e206e28366c7aad732820bc62980055f5c93d368019299

SHA512
33eb5e2543a40fb11e71562510ea1ff625dfa0ae76f2361fed700a81883a251cf3f02d8c800a88ef18027e072a4db08b23a4d8b32ddd868798e8c33df690e3f6

Download Submit