hxxps://mega[.]nz/file/4K0wWBZZ#YX1lnHLgIRYuZPcNkOANd8JT9mPtFwxtOyFcMphV8_I

Resubmissions

01-12-2024 15:26

241201-svbb7ayrek 10

01-12-2024 15:25

241201-stmntsvkhy 4

01-12-2024 15:20

241201-sqsexayqeq 10

01-12-2024 15:19

241201-sp74zayqdr 3

Analysis

max time kernel
146s
max time network
141s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01-12-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/4K0wWBZZ#YX1lnHLgIRYuZPcNkOANd8JT9mPtFwxtOyFcMphV8_I

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241201152532.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e7344a7a-b15f-485e-84c0-b14153932143.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	Process
1520	msedge.exe
1520	msedge.exe
4276	msedge.exe
4276	msedge.exe
880	identity_helper.exe
880	identity_helper.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	Process
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 4276 wrote to memory of 1848	4276	msedge.exe	81
PID 4276 wrote to memory of 1848	4276	msedge.exe	81
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 2640	4276	msedge.exe	82
PID 4276 wrote to memory of 1520	4276	msedge.exe	83
PID 4276 wrote to memory of 1520	4276	msedge.exe	83
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84
PID 4276 wrote to memory of 5020	4276	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/file/4K0wWBZZ#YX1lnHLgIRYuZPcNkOANd8JT9mPtFwxtOyFcMphV8_I
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffffb6b46f8,0x7ffffb6b4708,0x7ffffb6b4718
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:744
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6af1f5460,0x7ff6af1f5470,0x7ff6af1f5480
    3⤵
    PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17216806389268325632,8105367681523319054,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d9c9a841c4d3c390d06a3cc8d508ae6

SHA1
052145bf6c75ab8d907fc83b33ef0af2173a313f

SHA256
915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d

SHA512
8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e87625b4a77de67df5a963bf1f1b9f24

SHA1
727c79941debbd77b12d0a016164bae1dd3f127c

SHA256
07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e

SHA512
000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2ac19ac63b3aad0413c4cbbd041b9704

SHA1
d340863a514a4adb2c6b3795c9b57e58dd77367e

SHA256
67ca98ff22aad5fd42deb903d1a6952ba431033d668a5143a4b4bd6e98821f28

SHA512
c6cb0cb188fc18e12d3ffd2eebf0db9585908b7922df5924b83748b85dbdf7793c66b32c405716644b56ea8936638a974ecb9ae6b6fc1697b9bf388b534f8196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e8aab6b8af704bd7f3b5d6aec0bb508e

SHA1
d6ec174efab520675404374dd6ce8048f592a9d6

SHA256
83bf9f2b918ac26b376ad01a5d88c6e7ddd8011ff9bf91116cf0f22d6900eb87

SHA512
a49d07bf8915a82e6783dadecd18771fac82b8d6425912ce846e11364de075edd23dbcb69c7c85966ff5c977c80f06bdffe60ca2bc19a65aa9bb1fd4a1d1a329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
acfcf1ac235378a498401f34b8fb2763

SHA1
07bebea48cb6cd2209cf7ff9c9f358793e582d71

SHA256
41b2e2b662774f96f680a97f95824b6ecbc2a4e34664082690cb9c156cbdf3b2

SHA512
fa4019708c5850727af2d0dfa7cf56f2938d073527920521eed558a0fb5f3ab6b6d4d921dac1eb7559af7ea77b877c4905a45a240657f6dadc0ea443df962abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea5ba89fe9e3c447d64ddb3d0fe341c9

SHA1
d9a0b13c44b72a89b9909741f7305e262c3df6d1

SHA256
e6d98e7bec81ac1a5d5f6d8253eadfce979d62cc19fb2294b0c753e206bd3e2e

SHA512
d0b71512cca36afda09de959d20e30f0f9b4b14b5f302ec25952cb99dcc249c554cf570e22aafb9e1d5d9bab981db2a2010cdc2a8756b4aa1a2696eba825ecae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2f42e95b1ba863fc28c588cd2fb73b2

SHA1
a9ab479682011e2e72f94186075d34835e0ad4f0

SHA256
f8f192d4f4490e2dc28387e3709e6eb0800ac12b046630d4ebdf852ce1d93d10

SHA512
010df98751046c0224731399e3542e4672d2f5f6487964a0afd06d6596e578f76eab33db0e4c66cfa99dbe1421109ca70ebb007102008c8f091a340290a6b4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
137094a3453899bc0bc86df52edd9186

SHA1
66bc2c2b45b63826bb233156bab8ce31c593ba99

SHA256
72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44

SHA512
f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
364592d2cc18adf665987584bf528cba

SHA1
d1225b2b8ee4038b0c42229833acc543deeab0f6

SHA256
bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c

SHA512
0e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
138551d2b0a2a6466fd876f0c89b2303

SHA1
859c7b0e0a905580bfaa32018ee42adf54fd0d13

SHA256
55e2ba5616c14a161d01e416457ee74acbeb233fe42c3004030b28e692a5ebfb

SHA512
471be526f3a0e3cb06c325fa4cae45ce02dab3aef072fe319b0b1dddf7d116009bd3f40676926c34d432fe3d7b0e2d7ec52f8fd8c6d30ed6194c0023db2950d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f155.TMP

Filesize
48B

MD5
7378105f703f9cb99451b52a758066b7

SHA1
822ce6dd08b2123866eba77483d2ff4531587117

SHA256
254b7180670be4147b73ddbad386ae69ca45f6e751b2415b8537cec0715d0365

SHA512
1b19c593af176fa901c67d5448830f3f7c333e0bdb48c31bc2a67e0cee05cf146d7990840adc94ff7d7fc2a36eb0bb0b46a178656ed5d28ce4e7848ea1774377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7a6f31925a088e0f01f57570e80ad774

SHA1
8ad83439a186a29c1ccf8e870448816bbc2318ab

SHA256
91faa132d56269e1288e972b82bd71ff9c02ef7f2dad9f7b031a91c1a0895058

SHA512
a6e56175a7aca06d3f5908b31d0985b81f62d0e5a6cb89ec3ecc149b2df62b969c718a312bbc6cab2641517f5e07bf870e7a11603138078ee6f353107562d4e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0d56ba41abd67f9473d2b2072101fc4a

SHA1
adf1b9cae9fbd290d6df68f7e5957094cb2d238d

SHA256
49792d32e139b1168c11dd24aca5685ca5dba2016908cb8483c93b462581afba

SHA512
1053854d9ca42f2790476ee6d2d9dd12e6844b360777223816693c4975197887366e96350ea0d4a2fd866ab78ba6460bd9e21b93ab6a4cb9b0948094f26d3f56

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a30d7530819793f42162c2b3a845dab7

SHA1
02b53734ae82e44708420885616b76097696c802

SHA256
bbbffd3aef2930ed144812a37002e7cfe890d4267aa2d27ef48ea575eb157878

SHA512
4d502d0cdf530e36c7e2b524da76202a89a6ae1ced086c3f6458551fcd6921aed07be021a5f33b3ee0c4280c8beddec68dc52da58ee2c1270f33c0e939837e0c

Download Submit
\??\pipe\LOCAL\crashpad_4276_UYZRYTUTJQEHUPLU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit