hxxps://github[.]com/Haxhom/malware-leaks/blob/main/

Resubmissions

23/02/2025, 15:45

250223-s64g4s1rat 8

23/02/2025, 15:39

250223-s3q3ls1qct 10

23/02/2025, 15:36

250223-s147fs1qav 8

23/02/2025, 15:32

250223-synfxssmfn 10

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2025, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Haxhom/malware-leaks/blob/main/

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
51	3020	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
3548	Mythlas.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
50	raw.githubusercontent.com
51	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Mythlas.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mythlas.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 50374.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
1180	msedge.exe
1180	msedge.exe
3648	identity_helper.exe
3648	identity_helper.exe
3904	msedge.exe
3904	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4880	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 3176	1180	msedge.exe	86
PID 1180 wrote to memory of 3176	1180	msedge.exe	86
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3556	1180	msedge.exe	87
PID 1180 wrote to memory of 3020	1180	msedge.exe	88
PID 1180 wrote to memory of 3020	1180	msedge.exe	88
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89
PID 1180 wrote to memory of 848	1180	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Haxhom/malware-leaks/blob/main/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd054c46f8,0x7ffd054c4708,0x7ffd054c4718
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Users\Admin\Downloads\Mythlas.exe
  "C:\Users\Admin\Downloads\Mythlas.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1501492617175886168,17091185000875168139,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3cc 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab283f88362e9716dd5c324319272528

SHA1
84cebc7951a84d497b2c1017095c2c572e3648c4

SHA256
61e4aa4614e645255c6db977ea7da1c7997f9676d8b8c3aaab616710d9186ab2

SHA512
66dff3b6c654c91b05f92b7661985391f29763cf757cc4b869bce5d1047af9fb29bbe37c4097ddcfa021331c16dd7e96321d7c5236729be29f74853818ec1484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fffde59525dd5af902ac449748484b15

SHA1
243968c68b819f03d15b48fc92029bf11e21bedc

SHA256
26bc5e85dd325466a27394e860cac7bef264e287e5a75a20ea54eec96abd0762

SHA512
f246854e8ed0f88ca43f89cf497b90383e05ffa107496b4c346f070f6e9bbf1d9dc1bdcc28cad6b5c7810e3ba39f27d549061b3b413a7c0dd49faacae68cd645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7f884420e6a39b16cd4e9e07f9cfa9e0

SHA1
54e2b7bc596b434524342ab857d2c223e4bf9b52

SHA256
af9f7c56d9dbe389689f4c9acd4f4bde61c9ce745892c29e38d21edb0ab5b67f

SHA512
e09135da7725903c1bff5eb7ffee81106ebae7b21168f96c40942de21464a6a9b8f078acd95bd6610d15ffeb38b1e38f5b90ea1076193bfb6dc0ae1dd2b3d0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
bd614c435f494d5fc00cdc4774dc1895

SHA1
23e5ab611e10a19d98d2f8b00b8f08f0bec640dd

SHA256
5b6579f8c324a0bb9667f1b3c5ad761f4de38cb4b10737dcd3de08dfbad790f9

SHA512
9174b8c1c4a1c9acf762de779e3a3a97e51206e2ea19e9d53f6e7c1bd8b3dc163dc46d069e75919bdad87ad626780c45262fa3af2275b1edf179b55725c758d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50270be03c471742405f00e57d4a589b

SHA1
98addc304179cfd74dfdde967b40e96e1c8cf3fa

SHA256
8646ec659916f92c96d008b44ef4c5f64a2fea4505d43568ee376dbc13ef3f79

SHA512
8dee011be324e48452e924f29bbf84666f00c6559e96a56d1accbf712ad300e24343b132c7ab9fe07dab8c7b9486ebd5e5898494fb61b771191c99d9eef2f501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1be749a002470ce5b83045f8aa1aefc7

SHA1
1b53fd6afe179a0bcf02447e267ad3f6dab1195d

SHA256
e097edb4acb3b2cd26a30e833f4eb3fc38774633b328fa3f46fb8c56c533bc55

SHA512
30baf91b5ac94c431cef874a6d963eabf72989bc08daf49066fc17f10c6106d2518e03255dab022d9012c8a70b52df61dbd110ab4edc2b29b376c0560cc45d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b477d9c2ba6655a976aeb695b96378b8

SHA1
15a9ecbcf8d1ff889f793a04c50225bb2b18b723

SHA256
0c538f8175ddc2aab3cd786728e352901535ce8f001bcb9a754d9007698583a2

SHA512
f90be8d27e1b4dffd9b1d9026ec6db46f39e2b50c220ea04d445e06da41096a18c043f8330aa91e53836ff96591deb3f4be86c2cf62ed9e47133ec2da4965fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30f9a7104ad464aea30cadc69fd4199d

SHA1
5e3213a7aad32f4d7d8415dbf29965b06f431fd5

SHA256
8bec50a0cc3bd1c3003980e8d6199d68af73e3b0616c17700173301d58a5534f

SHA512
99bf37fabef0a5af476efc08503371a1d79ecda3baa52a39c24ecbbcf43c1f58c33b7c585d4263bdb0c556d4a1a523a43f82394850b4bc115e087958a1c816b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
238bb924fd41f040b1218d9a8d879154

SHA1
3545c6f4bc7d7fc8d92ceca30dc6521ea214ce7c

SHA256
d0b25bfb0f337c75d045a754e146d4037e0ba6defd7b0470c2cdc42a489c4195

SHA512
476ebb57b833e46bf6184633b58962ce64acf46488702585625d294fc840c17476ed9137c390d663dbd237648ed60e81695e80e6a548f25df2b4ba9837035f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5fc9754ad7b941cca74b3d9c262662a5

SHA1
624c24ac76ab68beda6c19108f2d178fb87d32f2

SHA256
3310e0d19f21d5bfba0558415b10f7ae2925aaaa3865ab748ff3847f56454172

SHA512
2190454b7d6a0fa8208ca3be494615794a967058b863d703b12407ab84b69eb871215e2ff950d8a14710ecbfa2f6bfc7ebd8847f010240218579af9158342776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3aeae6f53886748aae68410688a73da2

SHA1
effc0e0e5b3ece328e228996a8547390332b5486

SHA256
31c0357033d78d850ca9865b0a7cd4d2d1f3cb5f6fcf985d8c03277772eb2f59

SHA512
9bfee1825379333b65131b1e60d646a5b49076d15c74b4431a4abb41a80354ab324692ef9a48f76eaa66aa80438667f3ecc19022b234f9dac06492573b23776a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
079b71c80d2c7b2f70d2288e52ca0dae

SHA1
01eac399133ead4ada625f0db81753650c45355c

SHA256
0c598fbad4e3aa45a351e29eaa0455577e9261eba33e91ad1f37978db70a490b

SHA512
f34dd2ff9a49c4e65c81a4435cbc81e9799e1f45322bf429ceb7d297d843d3ebfb3e2a165cb5c2ebcef467e878022a07807dacd3a083ef10fa43c29b15d266c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5842e0.TMP

Filesize
874B

MD5
7ea5cfdecf38145e479eaa0bc7c0b7e6

SHA1
766eb32e4cde9aae95bd298e403245bf380a572a

SHA256
83ee204cd270a9f432f8fc43596bca5bbe7a6092f8932658c0188116c6aa5933

SHA512
f834d4e6a4829f2157d2e765341287c699390418dfe1adba3848a9d7eaafa0e4d58058414ba51b0f0960c841bdb5f48a27e5877ab382b83594a4250f7d0cf7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
35f824d091b2adf923033419304cc574

SHA1
3d9aa63b3c7d65c5b97ff86dddbce499b9f6b583

SHA256
99a40736f4633cf5977dfd6aaebd20fa92be1ea17b4d32d5c02976a01438823d

SHA512
299d52ea3bae2abf78799bda75de1885b4e37a9560f9bd22e30fdc803d2b39bc3864bd87eff018ea21169ce4125ca2b257fe07e1540013f17c22ea862371c15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f7d4f7583cc5ace58a58699732c3ca5c

SHA1
9f67eb8d28e79338475a2409888dabbcbc619f9d

SHA256
64a165e18a868bd1a7660486782c265d009cf06fc452e13065266bc48cf43b4d

SHA512
f3a8581a81537834ce141085e528dba259fb9fedc99af807d4a0736e679d73cd3fca93a9e3cfd931245f992c478c4ea497010d3ab20918ddfea4c416a835c1e0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 50374.crdownload

Filesize
125KB

MD5
1bccdb1cbbdb299f4053dbab4236dadc

SHA1
baf7c15c30c705fe99c4b5cbada6a46cd92cec22

SHA256
e65c793a31137ae75a6f30ae2933bd7cae74fcd4330b6c8770c14466bc3a878f

SHA512
c32b746081cf17dd1e29bf132350f753cd10636d37caddd3d3b8714675710c67420d08ff27e3d0f7aa71f0977316f62261cc5ca40badbb5d2bf76ee3972bcc3f

Download Submit