hxxps://app[.]mediafire[.]com/4mnoy8tqbct4q

Resubmissions

15/01/2025, 05:06

250115-frrhsatnfj 10

15/01/2025, 05:03

250115-fp586atnbj 3

15/01/2025, 05:01

250115-fnk7latmem 10

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15/01/2025, 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.mediafire.com/4mnoy8tqbct4q

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1384	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
4868	msedge.exe
4868	msedge.exe
792	identity_helper.exe
792	identity_helper.exe
3232	msedge.exe
3232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4924	4868	msedge.exe	78
PID 4868 wrote to memory of 4924	4868	msedge.exe	78
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 2492	4868	msedge.exe	79
PID 4868 wrote to memory of 1744	4868	msedge.exe	80
PID 4868 wrote to memory of 1744	4868	msedge.exe	80
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81
PID 4868 wrote to memory of 2488	4868	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://app.mediafire.com/4mnoy8tqbct4q
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd36633cb8,0x7ffd36633cc8,0x7ffd36633cd8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5212 /prefetch:2
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17570651697565391090,17328880993338935264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:3392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4532

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3232

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3cd191d0-e458-4df5-afd3-ccdbd4684a7d.tmp

Filesize
4KB

MD5
4f7b845ff5476458d287f626378fe440

SHA1
087e09c7760ed23d30ebc905b008a4565ed927aa

SHA256
5c925d4ff2b287577c0d139fdcac3bdb585f1a35d245eb787f2ffa84a267a3b5

SHA512
a42df3e2e67146e1899e4f27f34cd07b2f2d56f59618515c5e12d5050d6718831bf4df45adc7596ee3a35384e8f2bba9466e25b0dbce5aa65ffc69d26a953cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
e4601d7ecedcaf343bbe663d822367bf

SHA1
181c640040f0db14aff0259f164ea33c66664273

SHA256
ed2ca0e2e12c2c7b3b33fc540315f5029884ead8b8af45ebc65bdda7afa8cec0

SHA512
dd3282e97121c70d35cecccc5310ee4be5df89fff84cc1d5817f234e39eddda09123b105ca0491379fb67d765b3245c0b3295a0ea354e75325affbe101d3551f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
740c0008064beb6304043f697c0da794

SHA1
6bae8505d3e37fc824a8054d09d8c096e736dfd1

SHA256
d7a905259bb3c2865947480fc8a793c20608bb371e8cb44265dd9db5d8d526cb

SHA512
b73f71b26e5a1f4e0e5171f9bc4c8c14edf3db982601e54f93b7e2e35ff82bb3742c678f6be1d528dc7bffd7679539fcb586708d5f69c6a3f3d552a9fb0fdc36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
c4d127343b744f4420ec3d46e7ea592b

SHA1
2297028d1221d4bd4759412194622d5c63c9304f

SHA256
aafe11f0dd5cb889c174a58cc7b5cca16ac20afed842799f7bf45007f6cb9b04

SHA512
88ae64e0b11fadb291b08f6b6cfd3ac7d51e08e7e2fe35ffce68f047e4aa90e03ef5175350b590f0c654b0271ae1f617648855ae042b63f019048baa9f64ba20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
72de818c87c4fa97a4e520e4cf2084bd

SHA1
62a2e1a6c762e4fa941539489d9440f604300b5f

SHA256
bd3370e68cbd2d31605cb5c30bbcf8a51923f2e1b26624c4c7e7682945aaa7d2

SHA512
df2b015065cefc61e37e0d1e3e18ba5967a219e25a3037c159f976c5d1b5ab58e27aaa89a8e614d4d83676c464ec8597610e62b62f032a438f41c224f5c2463f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
cb04feee38e6aa774f1e33802e4716cc

SHA1
a51aa99d9d5aadf2cf98c59ab59cbe46a0e38386

SHA256
5acc78bc3f28ce7304544c6444d55e06bb71a0961b79133870b8fac01beeecb8

SHA512
36c6462ad3f8094f9d270feb4d376d9e4502e11dac29788ef57cc6b657b4fbe2ec2b2a920edd413681492da38f84e8c4d6fe29d216b28c0d188804f80ad8a3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
53c9cfbf17c09d576f4a309bf7601e49

SHA1
b5a70c1bd1ca9914a7e3a4ea3a038f17604a3e74

SHA256
7339f1ac5744ab5eac054a1a507703c8eec298a4645c1bcf79644cd1169fed59

SHA512
dc8421efa1b433d0a5c733e9b961e95013359156af151130cf82dd13d719d25a34a2411f5a9306d72fa92666856112496ee18aa25b7344833ae1bc14130f0ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4158dd59c558db3084a87f79a724f36

SHA1
0db9af3ebfde0a5501da7b708235579ff4a680a1

SHA256
a303882a7c230069d6c91565483cfd86ecfecab8730b7986ccb15234d2e95791

SHA512
ef62b0b13e3568195ea7220a8f21bc22eb3704df44928a3adfddfbc92a7d4c2334cfa4c997b4611e5f357eeb9998803d2222afc0be5a094c09f25210237c1734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00660e4e372aca26ab156e9a6d5d1658

SHA1
2df635fe05b91504d6fdc3cbdaf01d46d025679c

SHA256
43079fb82dfc173efe6420ba22f45067be57a8b1c4511df7e8e553d13cb783c9

SHA512
699893755f06667d14fc7498ff2eef665d83341489a0d5985ff2042e86835c20c5682e93f64d1439e1dc003b5051aff5fe858b89425802c474fc806e3381cab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c2af3ca791cc639f9c6a4091859ac18c

SHA1
54cc40bd4e70941c9eabd0195c3685cd2ad319fa

SHA256
67c47bb61f1d2307961ebccb28c9145aa9d9c2ea56dfd416aa865ac7f8fc1cb1

SHA512
484805b715c24c81c934294c08ecf6e9d99ec928c540c835f4479727b768ffb9f79199ecd87f52e1e0b94e5f6cc849d2750d132d233236e868fb8054e85b59f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0db62ae95dc9b5a0defa55ed3ecfc51

SHA1
bdc0aec552431f131827af0a1bdab17f7d7098a1

SHA256
47624e7605662640a41641d104111df8d2c1c8211dd369f55423c9725fa948a5

SHA512
6f39a607e66b6a1fda8d96465995ddecb5703ea721980088ec6164503982a107d9211acb1fd14d4c9f65592232509dbcd39aaa92d7f70d2c98631a307adb29e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
17ea25a24ec021046d545138243d936f

SHA1
7e98a8433ac37f39e80c757564524c7fd84207ae

SHA256
7fc1a92f7699fbf716e1166b3e9137166f16ff29f2124494863e082a2fa0065d

SHA512
83d219d80a216ebd6f493a80534bb402f24abf5f7d1834e5f882d43907de105f965ae5ed3ed22d2fc6d0f85b07f552b511209241c93cb3c4ed86ea2e84d225e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5800d6.TMP

Filesize
706B

MD5
98665e179e21d937b79ad29542eb4f97

SHA1
419f8c768ba827bb697a941d5554cbcfa72b33e1

SHA256
038e0adf8015040f8bab00ea0d8b222bcdec95ca8fef2c40273f820e0bbc1983

SHA512
b23fd289754abddfc245d4198f84ad1f9e4ffc27395df2b776b1e9cf70e8257e16f0b13225f3d4b75869a9d21e930ce6d57798125e6e010d76628c8d40560d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b851038c4672e09aedcc3d30ecea9f87

SHA1
63a988bc45ab6d817ff21d8a9e483fd466557db5

SHA256
917f5a0997f832eef5b2758c83caa3d19df68d406d7e5d17125e793467245772

SHA512
d8bcc182d86dd7077a8743e23191d3f701982ba5056e41052d204a32e011886f0a3732132c3a82734d9830b2fc3099503bea734f208024733dd2ba353068ed0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4312ae1651348acb291e16caedf9fc3e

SHA1
f47d25ce0d58f72af8752910ab15c8d2c7d70c3d

SHA256
03b8898affdbcde05f0153facbab315034a20f6c0ff28d7402caa9f3f4590c8a

SHA512
c99af7e3824929feaeae60e8a2ec21f46148a83967ef98ccd889aedc48e67b0d357cbdbe6d9684e80a70564bd48229e9c4773ba02efa5047ff83d04218034013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
286c15bafa6e098e3db961cdc9fb46a3

SHA1
2e0cae5180772d9c0dc9832c69cd4c91b980ce12

SHA256
91c55598d01c44bdc31e1ccd6244d20e1cc92221587bb7d3140671e3237304e2

SHA512
fd6ed073418e0b97046f9d1f1112b42bbf19a64754dad2d7c39d08b08a96f83991cea61e02f1c3706d0df664c21a65bce5bd9744b036036eeb962cd8da06115a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e72822ca01bdf0f4173d68eee7db86b

SHA1
8e5613276ba6adba3d18a92d27e94577a65aecc3

SHA256
c73175cb7779f1c020bfad1a2e2f1c5662072d504ca0282fefa1ecb54c913e3f

SHA512
618736d92a32cc656948bee8142372969a973b0ba84a4d020fce24b95930fd29af7c16045618b5d439ed8b6b0e06f1a7f7b8726c0bf7502e72071eb5bd50b460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
00bfa1115d91ac0f82e7a7357be925e9

SHA1
d252547490c278c4daa5505c94637cccce473b9d

SHA256
8e5f056d05221bc4198cbe5a5d59e86c96d561ec41c6d95656c1a97a2185e341

SHA512
22a84ce2d683155f7ec13a876ca5342f704bc8f70668e1359966398dc3167914c5a0870d2209f555a7902df61f6feccbd7c6c00e308f139fb1b0eccce72e58c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e10dd783-216f-4a78-b827-9bcd5e66b69c.tmp

Filesize
11KB

MD5
e32b5d1aaa405f8c43d2b7439319c873

SHA1
39f574063345db3827196a58ddc0be915a445222

SHA256
7be53b1bd69d84dbe19eb90b89cd420231a5f0cec8b4af6b48cf83b0937cd16c

SHA512
3f69c4dadaaf10f9126fab29d8ec281cb40b813d88ffb218cbc15370f1b74e8ed541292ae6da8e3e81fd29a21f1226172b9d973283712baa6e08655b96861b4e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\71bfee10-4688-4293-9905-bf7c541b44d5.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit