hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3[.]0[.]exe

max time kernel
136s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2025, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3636_334099986\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3636_322419376\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3636_322419376\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3636_322419376\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3636_334099986\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3636_334099986\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3636_334099986\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3636_334099986\_metadata\verified_contents.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133868000005768078"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{3C876158-F64A-4BD1-9083-DB03770F8670}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 6044	3636	msedge.exe	85
PID 3636 wrote to memory of 6044	3636	msedge.exe	85
PID 3636 wrote to memory of 3668	3636	msedge.exe	87
PID 3636 wrote to memory of 3668	3636	msedge.exe	87
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 3484	3636	msedge.exe	88
PID 3636 wrote to memory of 5660	3636	msedge.exe	89
PID 3636 wrote to memory of 5660	3636	msedge.exe	89
PID 3636 wrote to memory of 5660	3636	msedge.exe	89
PID 3636 wrote to memory of 5660	3636	msedge.exe	89
PID 3636 wrote to memory of 5660	3636	msedge.exe	89
PID 3636 wrote to memory of 5660	3636	msedge.exe	89
PID 3636 wrote to memory of 5660	3636	msedge.exe	89
PID 3636 wrote to memory of 5660	3636	msedge.exe	89
PID 3636 wrote to memory of 5660	3636	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x250,0x7fff3b82f208,0x7fff3b82f214,0x7fff3b82f220
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2328,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2444,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5444,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6140,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5996,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5192,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6552,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,5250167250945842870,6835103163456960153,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3636_334099986\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3636_334099986\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
73d4bdf058d1bd7704ef906174f2e2e0

SHA1
c9ff9b5687776a4f086fd913fd7f7d5775770f62

SHA256
4c46125bf83878929c34d6a5e0c593f02b47c2b22cf4250fe642f90a0c014240

SHA512
8b58a5feb03371a401030627063936459b3c769699e2b6094189f7720c1de855523d348418423a65a0ef3bb5a102faf818a46d7fa111ae88706b16117f6296da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5810e3.TMP

Filesize
3KB

MD5
0d026103bcc1e4e3e3053e442d5f8657

SHA1
dbe98fc2ec92ab1e101144338e48295591eb3e78

SHA256
443e44a01ee1f2f4652c37f5ce277b80db7fe3b457a668b0afca03f801db0dfb

SHA512
e6de03105a9663f731519f4610e22d0ddf18a727d1509e522fd836dbcea9fef3ce1761fc0495eca253fc2b969c93fc4676461d90d69c321c8a3812be18bb4572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
57d631f804362fb7d6ff4bf47b49ea73

SHA1
df983c40052f5533e4410608d9a7db0f83dae1dc

SHA256
38b3f9327b155a5c00d3e7ebb20f6c0b6a35d7b595e3071a2a52f283c380e98d

SHA512
eb92b3f87018ebf5624f1b5617b2e2c2b4d1ef86270a9739086348d50f47ef06441814540d0f7ffa2b3896caa66e6b173fdb8342b9290b1c7805497123e7e029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
703a3509b6ff7f556e235974a372e63b

SHA1
61c58feb4a0939ecb961c378ba394660c528cf46

SHA256
847b74b9be5b6c68de5da39f5af71d396f5b4dde0996fe96bf44961d3a637064

SHA512
ab28a7b79643df905feafaefee2e37c61e88cda5b8f71bde588c95020d268acdc2971feab70196426ce36721001103a600a76c11e6438afc6b8d83526bcd1399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
a94f8f649ee906f0ad02c48afb120106

SHA1
e40e045ce515be951b1157912f7f431347278fcb

SHA256
94f71faf53d9ecb8e91adb8cd74807efe9aa081684cd529c4d9129835159ed95

SHA512
bb8ec93953b3df60b88368ea528263217a4a1744f517311af99fde2c72f35f58c8ab7ee92095abaebc2d94ff14ecd4443accf8328514f452090f4ca0a3dfc16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0e2d6dba7c428c609dc98633e5bfeb25

SHA1
722678321840d65189d0df1b4942574185931404

SHA256
dd409e4771c160e2e3a367f95b7b9a4b8e2b4f86f449ccc6573ed6c2ffb07056

SHA512
7687c8295a8fc5d372a347f15bcca77fe97b95d75b3c208ee96ffffaffb66e1b35dc19ed001034a215ac8358862650bf3d258e3031647c9c4f482226ad3f0e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
e42f8bc586d2f8cafe0ac38b8de80e97

SHA1
541c97d0b7e638ff393202324af3e430c63cc92b

SHA256
39612242e2f613ed77976de95fca1bf23b46130f6d627f26886777d9b6d1ab38

SHA512
e6a71f61efceba186684b801e980f082608336c7b0fb46c3ff58077d3523c2a8b9e60162be2893c0db81e020eba476d99e14d7a8e09dcd29aa0c4b633cc383b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
bfddf86ac4033785cced5da23f20f69b

SHA1
a43704a58703371456bb1b4af8ccc16afaa385c4

SHA256
8075429387fa0552e9f7e337484397804e9a90af7f376145d741047a37bdd6a2

SHA512
bdcccef2bcbe6a27f025f224e03b984a58f6c94a4afb58c62183b4acfc43a41cfabeecf76b7f88834a37695cd3373b2431e0bd668e26fe3fac7d588bb1c6ec11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
b0c6bcb1926acb389ef9ca0699e724c2

SHA1
73fd7690731e44405d2d260609218047354a4f2f

SHA256
4d05bdaeabbab34a6abe3cdd7153b9542c485de2752d36cd72a8ea0d3b36acd1

SHA512
ed7e9019935512ebd60cb726013261d3988a186414a41633c3ec1d4ed3e386bcc8bc9edfff5341dda5a1d594666b94e50b13905a1e37a65594fd4cfab791d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
437B

MD5
0d7c5d554a2351c4adcfa80942e2a952

SHA1
23669a15d940edbc2aef1dbaeb469d57de0cbc16

SHA256
7d74a04a422eb86300324e110a5aedeb466c3c869d1f27ee7e41e0141df8cad0

SHA512
0f4c3bf000ba4c3018c8021881d0e3e5e2a98d0a905e178843bf0c7ebcc1ac79201f4b3ec1775fce899165977f6c721efbffc413e17a2b46ace4474bfac079cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
528909f88ca63ecb581cd46bfd25bc81

SHA1
2463c11efccb6ba7a01b147b87426f6ee7e98a1a

SHA256
0c86c64b7cba5cab91100dd8a74a69e38560918266fad9dc8d2c39d69261fb92

SHA512
d82e57953a08e125d1eef218d4e394ac7d44bc6d994a78e4538253dc0f42c7e6d6e2438a14aced8e90fbe8052b8d3d6a49c8d8dafac4abe709aa53d81c1cd15f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
4ee3e374a24d0f74710d0f87e20b3e2f

SHA1
317aa8a6f47f5173c59aa48b90f8aa4efb8b6dc8

SHA256
3ffcf935c56babb9f2230c5ac25620935bd5419f50da98b53590ee5bd3a732c7

SHA512
62091b956d85b36432d7373e6926ec8afee4e9505d41427208627f507de31a5c59d942900c956b33e94f8b5cffd3d2ea9f00ac3a780cd5663bd81f1c300e6ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
be7780f99bcf557b119d2560140db4d6

SHA1
8859537d884f1db6fa64cb4c802615b3476747d9

SHA256
9e072284ba09991792cf608c37f21c3c101474643ba3bc50639b81931fe51639

SHA512
5395614c8585878bbc39c4a6e36b0beb94b60de1f6da76368d8a29c1ccc420411479737c3fabad49fc316b12a11573149ee5db4079f2e21bbe04ec8302701f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b3be1ff4aae762de91b2e0009cffdfde

SHA1
b28df2ba77c9a1cf7a779f11e053b40f1c3a7c5b

SHA256
c04252909bc808ac4b5a4d66edbe5b152c73852726e235f71331cc4aa5096f2a

SHA512
af941162a4c84d06add77e3bd9daacc357181fc3a4b6963ed6c683ff43353e11839ce20642dc3d42e66f3e05ad93ba4a6e3eeeac0008fbcdae4e31c49291b71c

Download Submit