3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Resubmissions

05/05/2023, 12:47

230505-pz63waaf24 7

04/05/2023, 21:52

230504-1q4f6sfd43 8

04/05/2023, 20:56

230504-zrfwtsha3v 7

04/05/2023, 20:51

230504-znmvzagh9t 7

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2023, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230504205744.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c289e8a8-e394-4464-8b25-6587448f185f.tmp	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1320	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
1808	MEMZ.exe
1808	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
1808	MEMZ.exe
1808	MEMZ.exe
3288	MEMZ.exe
4664	MEMZ.exe
3288	MEMZ.exe
4664	MEMZ.exe
1808	MEMZ.exe
1808	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
1808	MEMZ.exe
1808	MEMZ.exe
3288	MEMZ.exe
3288	MEMZ.exe
4664	MEMZ.exe
4664	MEMZ.exe
1808	MEMZ.exe
1808	MEMZ.exe
3288	MEMZ.exe
3288	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
4836	MEMZ.exe
4836	MEMZ.exe
1808	MEMZ.exe
1808	MEMZ.exe
4664	MEMZ.exe
4664	MEMZ.exe
1808	MEMZ.exe
4664	MEMZ.exe
4664	MEMZ.exe
1808	MEMZ.exe
4836	MEMZ.exe
4836	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
3288	MEMZ.exe
3288	MEMZ.exe
1808	MEMZ.exe
4836	MEMZ.exe
4836	MEMZ.exe
1808	MEMZ.exe
4664	MEMZ.exe
4664	MEMZ.exe
4836	MEMZ.exe
4836	MEMZ.exe
3288	MEMZ.exe
3288	MEMZ.exe
1320	MEMZ.exe
1320	MEMZ.exe
4664	MEMZ.exe
4664	MEMZ.exe
1808	MEMZ.exe
1808	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3360	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3360	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4120	notepad.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
4924	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5472	mspaint.exe
5472	mspaint.exe
5472	mspaint.exe
5472	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 1320	1924	MEMZ.exe	95
PID 1924 wrote to memory of 1320	1924	MEMZ.exe	95
PID 1924 wrote to memory of 1320	1924	MEMZ.exe	95
PID 1924 wrote to memory of 1808	1924	MEMZ.exe	96
PID 1924 wrote to memory of 1808	1924	MEMZ.exe	96
PID 1924 wrote to memory of 1808	1924	MEMZ.exe	96
PID 1924 wrote to memory of 4664	1924	MEMZ.exe	97
PID 1924 wrote to memory of 4664	1924	MEMZ.exe	97
PID 1924 wrote to memory of 4664	1924	MEMZ.exe	97
PID 1924 wrote to memory of 3288	1924	MEMZ.exe	98
PID 1924 wrote to memory of 3288	1924	MEMZ.exe	98
PID 1924 wrote to memory of 3288	1924	MEMZ.exe	98
PID 1924 wrote to memory of 4836	1924	MEMZ.exe	99
PID 1924 wrote to memory of 4836	1924	MEMZ.exe	99
PID 1924 wrote to memory of 4836	1924	MEMZ.exe	99
PID 1924 wrote to memory of 3436	1924	MEMZ.exe	100
PID 1924 wrote to memory of 3436	1924	MEMZ.exe	100
PID 1924 wrote to memory of 3436	1924	MEMZ.exe	100
PID 3436 wrote to memory of 4120	3436	MEMZ.exe	102
PID 3436 wrote to memory of 4120	3436	MEMZ.exe	102
PID 3436 wrote to memory of 4120	3436	MEMZ.exe	102
PID 3184 wrote to memory of 1404	3184	msedge.exe	106
PID 3184 wrote to memory of 1404	3184	msedge.exe	106
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 2100	3184	msedge.exe	108
PID 3184 wrote to memory of 1544	3184	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1320
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of WriteProcessMemory
  PID:3436
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:4120
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:5472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec1c446f8,0x7ffec1c44708,0x7ffec1c44718
      4⤵
      PID:5260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:2812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
      4⤵
      PID:5816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
      4⤵
      PID:4144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
      4⤵
      PID:5596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
      4⤵
      PID:4244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
      4⤵
      PID:1768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
      4⤵
      PID:4400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
      4⤵
      PID:4052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
      4⤵
      PID:4452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
      4⤵
      PID:4296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
      4⤵
      PID:5248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
      4⤵
      PID:5372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
      4⤵
      PID:5788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
      4⤵
      PID:5912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
      4⤵
      PID:4964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1136 /prefetch:1
      4⤵
      PID:3344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
      4⤵
      PID:3272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14618141520999212077,1227730797929032786,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
      4⤵
      PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:4004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec1c446f8,0x7ffec1c44708,0x7ffec1c44718
      4⤵
      PID:1140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    PID:3460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec1c446f8,0x7ffec1c44708,0x7ffec1c44718
      4⤵
      PID:6132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ConfirmSave.svg
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec1c446f8,0x7ffec1c44708,0x7ffec1c44718
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6c3285460,0x7ff6c3285470,0x7ff6c3285480
    3⤵
    PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8843054713494671828,1326033993166683416,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:5152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:5968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x520
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffec1c446f8,0x7ffec1c44708,0x7ffec1c44718
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e068076538743d62dbebbbf7d7e2499

SHA1
12c776b76f9aafee6e1e3acb8f17c397d92dea92

SHA256
f14a4d84df6dc971f79343a4beab6944f2e84c1b86f02ed3ef3b92fd201c0e71

SHA512
f59481e8381089246c347229e95046a80d546bcfcd7f47e8dda630aad363265516b5ed006f4fc7d2d1a7bae3ff4f8cae5f081396f791c8a3b5c073ac3d3b6526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e068076538743d62dbebbbf7d7e2499

SHA1
12c776b76f9aafee6e1e3acb8f17c397d92dea92

SHA256
f14a4d84df6dc971f79343a4beab6944f2e84c1b86f02ed3ef3b92fd201c0e71

SHA512
f59481e8381089246c347229e95046a80d546bcfcd7f47e8dda630aad363265516b5ed006f4fc7d2d1a7bae3ff4f8cae5f081396f791c8a3b5c073ac3d3b6526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb17d6d114d03ac2c811654defaa97a0

SHA1
656de5d80f1d889ba1c4f7bb968c94b426f08576

SHA256
7f0262e3032aac35747818fa5a4fd12e1516199c5bbc71573b12cdbb0e153385

SHA512
188b6f8ac827b934ad1d07a294708a100273dc6ff5fbef263375e4bc1cb2fb33dca8089a6da2885eac46154078669716c3181f6d215de4742b3555d8dcd50d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
fa33f1c02b94bdb0a78c62ac2c5cb612

SHA1
0f2c67c2f16c75d4424d943a276527abaafd7115

SHA256
56f5e2d921848e33a0fb0972bdc894f9044b9d2f35c1cf3e9149a54360c65729

SHA512
4a20935a5bf758302bbd43014afd3b7b9579ed7574a944517b23549cc26ed76557d5aacb330741c00e0ca1f2872a1f42ed40654e78ff41d763baab940b10a100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f4e028cd95083851798792408bf77c7b

SHA1
30388a712b6c36094b4477ddb810502c69d72130

SHA256
63c1a7e5a7815c3bcdfe5b26e78f31ac691ffb780ff51eea4faaef52d4b2e738

SHA512
4110faa82b3c3fa61c145a5b3a59b04b4e12901d5211782649ece1f5a30fe7b5497f39118882fc593814edd0baacb8922118db2e365ccf7a5d9229f0b2d5f338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
b9dd9390fbaec071720b0b6e1adfea01

SHA1
07305022545de2c7108d8502d80ebc726df60e7a

SHA256
3ee277916c55a570caa0d93d559d4302712b5c1f53e18c9fb9967717f2a0bd95

SHA512
329658919a0c935f126541965ab04c8c754884639724734fdf3ce9b1186bb2d16f35cc1227b3822b02985a11b02fca71869aa77cd28b4e7526330afb3be814ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
337KB

MD5
50b0b2fc63379ffa41defa04b3a6991f

SHA1
edfbbca9304a263e4c019cad7c4958331bca7a3b

SHA256
8f3148ceebf73ca44f483a5b7deefbd413c41d0c7940cb9519801605374fad5c

SHA512
051d10bce652d2753ccbfc020a67db1c5667f907e8638f8a6b4cabbbf69f12a6f5da4f7a25dfd275c4cb657e55b2729625f9a39afce9231ee3b528f4941af7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
74KB

MD5
56f09d086a3679e67227f2895810f2d9

SHA1
600c79efe391b163250e491a5cf715cb81cbb40a

SHA256
defab7824cfcaef0adbd39eb1f3d0f9c3924e521113fd7ecceef264c6f0b4daf

SHA512
8b6fcf3b33ea387ae9b171d5d8cf17eecb190e06e8eab6951d036b1103fbfcdbcdf3bdbc6af9259904f6a4e0b5d806c233cbe0a2b3387afc889fecb0f17583e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
076e8bef1b06c261610aa35aae1d01fa

SHA1
51f02f27b6a9d827bc04497a317e5942930f5ba4

SHA256
40346a6a96b5370e0142b2261746d328a04ca16fa73a223ea521215ec792ff68

SHA512
e42477f5f80b39759615d66b3b59420560c1f08399263884c61844021b2d1a407c571a67742c399d73958f79f7b4776ad1592b0c58fe139427f1f197c8769bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index

Filesize
256KB

MD5
d5292f937c5ccbc0941a7d64e74f1e3c

SHA1
4433a2102bcafbde1a1e97620386c741ffab36ba

SHA256
54782adfd00e6bfc17ae3c2e90ae0ac8f07db5373898dc2e456df7e6042aebce

SHA512
478d8a04f9148b482f25a29354c7632eaeb06f945b6791d338850e5253c8cc0b16371b3d4dc2453eeccf4df7bc6e729dfd86db4557522c1ae7c36325f29d00f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d7ef66f509aefc8027ca8e066ad59058

SHA1
54e6d4c88314129ac2a6fee421a5c12925c70293

SHA256
bcba38a55ac344d54717e9cb3d47fa3e2376a503104d45faea68ca5f37f9d22f

SHA512
f805a79b692228e55c0f35e24825a6e1e0bddafa7b6c6a6df37100951127e029e7ddc882fa004647f6fea28824fa7342ad30857710a3152e9909ba6755468fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
a5b2821e338aea47ba97b8f522eee9a8

SHA1
29af3683e8e342c5fc15b663b78be0ba49a550a5

SHA256
ea9543b34698996eac563a6d0fdc2248a2b877ee1a00ac8ab8e25b89a6bfe24e

SHA512
48ec8d6b4dd9dac30c0c65212339dd5ff097711f4fae7fab97b1eb91a54c80714f4770e962c3ffddc9dee01ba1e50b23508ec5abd132da4eb61be9aecbd0f4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
d7ef66f509aefc8027ca8e066ad59058

SHA1
54e6d4c88314129ac2a6fee421a5c12925c70293

SHA256
bcba38a55ac344d54717e9cb3d47fa3e2376a503104d45faea68ca5f37f9d22f

SHA512
f805a79b692228e55c0f35e24825a6e1e0bddafa7b6c6a6df37100951127e029e7ddc882fa004647f6fea28824fa7342ad30857710a3152e9909ba6755468fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
279B

MD5
88f7d4ca3159754aee063902dc8caefe

SHA1
fc3807eecb601c21b998f352b068cdacdd3a137d

SHA256
08fccb7dc032ed15585540d34e10d6dcfd23f08b68ce2c94eecf36b1441588a9

SHA512
9eebc6c79ba1a4dbca10df70ffdcb14a5e7fd9fe57c6ed8363dc6839461ecb8bd5ccf6cb1adb34a043acaf40cf1010d0d80ccfe041d06e46c8987a30070d92ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
2a23c0c0c2b9c39fedec787cbb0cf77a

SHA1
c0f8bb001c1ac924f1d61417a2c8532bc6b01be8

SHA256
38f947cb5048794ea66d306be3e3855e4a8cb552aa19f1a35e294a9b64be97f8

SHA512
d9e66fadf158a291ea9964de889111445154eec589ed696c012995f3c891335ecf48428663204abf9b7098c85ea22bff5ca90fd37f84b8af632ee78709263dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
65ba62c887f05eeb1bdda168794d9a92

SHA1
c230572651af7c90a6ab4dd432b4ed953ff91ea6

SHA256
7944a7d173f7cdc20c2980c6bd792de7f93cf8b27efb04928e8a916deffee242

SHA512
14f87d8be6f1952533b8f8eb797c3bb42e539d393085c3150da3aea79f3ad457565f8cebf456ecd72e44256ab5716e54c5fab5c5b48402a5baf79b6217d52587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
498B

MD5
fed0dc0e762a49d7442cb64a996a4b73

SHA1
75a788e7f9ae6dfca20dd424509e6c6e658728c8

SHA256
eed9f2a48103dad100f3ceb0bc389b9aa4090ecfc265c8fce728575e3c06f7b0

SHA512
7ca059b9cd12e763dfc37c6aff64662d89ebd93c204464df727881903d276dc69801b5aaa93e7eb9e2b345f1691bff15310dec47245c8278772ac3fb2ba0c430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
ea5a9f8175bef110a6651f37dc8d10bb

SHA1
92cfc5e46cbdb572df9449d14e68e2f92074a1af

SHA256
fb77606e24ce12344b6c3d68767bb64cd3b6866c2b1636c7fb7cc3b5121531b9

SHA512
00c50ef45f06e6b2d08f6f90b35c26e52daffc6f7ec62acbda0abef9000ad1e8147140a9514c44e0de4826cc6f7173df199068e1feb92cfe39edebb73eafc767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
69c8fed26236899c99251feb2d1d9eb5

SHA1
016f6af7e72baa53951da0cd64771fa777876bbe

SHA256
91f9bfabb2bfa73046d8def0750531821b2726643884cc31f717e36f405b96ba

SHA512
a40443b7e2389d522c74d812979b2c01990452ac2208a6de8531dd980810ce939c450fb7182b8df1ca4d59d0202aca0a72e700aac9ab5ea8e6b91d350df2ddf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
d845aaceebe78e9788209b75a457be13

SHA1
f0d94f456acb905a63878687fd34590e5b104c6c

SHA256
b3055d63c460b605f4d3eef6c632d590852d7714508d36b174b4a54aaca30580

SHA512
45f2c0918f90e289105ffcda5198e0595564753a57f575eaa14f7582d0e515c91be256f13deccdd86003fa0f9b320302a1a981aa5698ac9b21373f9307fea4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b065bef4f842024faad218f4fabb2a1

SHA1
5091e142bcded0ccf2c96940d43fed3ac46baf1e

SHA256
a06f470667ac104c28920c24181d603aa5e01c247053c06eb996a3d65e775adb

SHA512
4f593bcf165aaf100cbae1b4ffa75e5d6086af67b699da9cf65bfdbb815d65467877007dfa8495b9da7b3825ddd0385b49677d6c0ed4f364f8f3791a3d3451a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b065bef4f842024faad218f4fabb2a1

SHA1
5091e142bcded0ccf2c96940d43fed3ac46baf1e

SHA256
a06f470667ac104c28920c24181d603aa5e01c247053c06eb996a3d65e775adb

SHA512
4f593bcf165aaf100cbae1b4ffa75e5d6086af67b699da9cf65bfdbb815d65467877007dfa8495b9da7b3825ddd0385b49677d6c0ed4f364f8f3791a3d3451a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
70e6b2cda88727c628bc8be7d68f5e19

SHA1
46754159d2b33e74d5091da29eaafaae06f3f998

SHA256
ae408f48fabbd048e69a89bee103b115dad96622e7ccf4cdfbff894d009548b9

SHA512
a8e6a339f0e35a69f9e0ff4439ab9d6179e0678d625be2fb7b786c8bb38bd475de235fd1f8f7c186a5c66cce41e33b2379c98c03586a3ef32e40c78bf13e4900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4ab0c4ea941f4f06ce37768132c1f43

SHA1
d1f53fe88664ce33dc65ffdcc9620926e3f34b38

SHA256
aaa6e52b790aef94c2df23ebe1bcb1ba49a98c1fa25b065e268884da29d01924

SHA512
f1104a9157f47fdcb3ab856069bcec973acbe087670212b2526366870f7ebbc0b6815ef5ba2259bc357ff673738b25bc8d59674afde417abac1811325db1046f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
225a3153ee176c3bab98c1b44738a84a

SHA1
d0234e653933cb63cccee614c21678457ee2cb4e

SHA256
e5ec16f2da5f6c7c0103f11ba07714b81937aa0bb2160f629237fcbc210b7de9

SHA512
05ba286ab8b1a24a65a9f528ea92d8d53cf7a0b653f531f43568efe8d666f6ac513d07f4161c4d83e46d80f230a2cbbf3b3e5e31cbb5c05cc60f37bf847edaae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed0e8fe0f9702cf494097142ee452bc3

SHA1
a20b03d9a1fbdaa29c4796bb565d704eaf612dd6

SHA256
1098912c92d68cecf841c8dabc45c05d0ef390db99fa8b0affcb778db7513992

SHA512
caf65406278e3599809244cd2467df4f8c523ec6dbfe4bcda59ccf01fb3aa4ec3d394c0294fa3bf396c21c102a45ce42c0cdba078efd7bc8d4af22cfc0197430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bda2dfe767725b2e776a92823f039a40

SHA1
fc5e2e6f1603579aab6a212a42a957386ee238cc

SHA256
c61174135ab2073d38a0f21006e20ffb683b701aaf0fd1d57354dfb56cac1ced

SHA512
5469bdb4c9540085852f206149af1011e0dae84ead7805ac217798b202afe7e136fa8606536d0a529f96b65c009db44e970b136719c551b3a62aeb0b1ac2a3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
0247e46de79b6cd1bf08caf7782f7793

SHA1
b3a63ed5be3d8ec6e3949fc5e2d21d97acc873a6

SHA256
aad0053186875205e014ab98ae8c18a6233cb715dd3af44e7e8eb259aeab5eea

SHA512
148804598d2a9ea182bd2adc71663d481f88683ce3d672ce12a43e53b0d34fd70458be5aaa781b20833e963804e7f4562855f2d18f7731b7c2eaea5d6d52fbb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
945dc19d27eae064a025fba5c627b4b2

SHA1
2a49253adbcb1696bd12e973f8830eb8a41d9bcc

SHA256
99b6168866ab08089da33a7aa6fef7ac31324c387e9ede764ac81be9b29d3cfd

SHA512
db69c33c2180d6aa45dd93e79a9062dbf4720064efc2f9feb0128feef264faaec28d632e988b1b8b168283704e5650de942abb12f391a17ff30eb9eb106d730e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
945dc19d27eae064a025fba5c627b4b2

SHA1
2a49253adbcb1696bd12e973f8830eb8a41d9bcc

SHA256
99b6168866ab08089da33a7aa6fef7ac31324c387e9ede764ac81be9b29d3cfd

SHA512
db69c33c2180d6aa45dd93e79a9062dbf4720064efc2f9feb0128feef264faaec28d632e988b1b8b168283704e5650de942abb12f391a17ff30eb9eb106d730e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
20d8366e4a7cec4bdc652be18ad8dd19

SHA1
7333ac2784e254df055ca91b239991a580c0eade

SHA256
abdee270d66557ef8e36ed21e02342f0b3e74a8cc6d605b4a81e864334a90534

SHA512
bf82551932ecd6c374d6a6c56decf65882fcbca53e281ecb494ca3f8006ad1c2494f20fb65df0408f0a3bf43c1fbe7160b5a5390898698733ef5b23d0a885239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b9a6.TMP

Filesize
90B

MD5
81dc0ecd22f57c9c2bc214aa60dbc492

SHA1
2fe1ccf390bbfa4e83b017a81822d6cc116ac59e

SHA256
fb9714ac2ef17f0cbbaec00d1c7e7f2dade251254919d0cdfb035538160b2406

SHA512
2bc5b62e6b71c0f863ba59f49524071665c7bb4cd10a3ed2ad010bc0dce91845c7e9f00d841e2b0f429007d4ed75a41aee2df7fad1edf8ded9f772da9b4bf9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
281B

MD5
27028dc748cced83efb24d801ce31a1c

SHA1
26556fc2d1ca305bdc4b0ef05c75e37d80a8a9ab

SHA256
376b6312cb29b1471b06d45f20e8885dbbb45fed025e9edfeac7b48033354f85

SHA512
93201c462c9b6aa5e26be7107913c0db9876116fbd99bfcce95927b049587b1daeb8865084c10508be9da3b15e04d584f9f777f3c83442e508e83899da94b2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13327707459975434

Filesize
1KB

MD5
22df44392b54da4b80dea0b45acb74bb

SHA1
5a870a46f5266b587138560788e576bb4eb3fae6

SHA256
c4b919259df59afb772807b943f8d6f7c9a376968fd42d7a6b35f4d351557a49

SHA512
5cd25836b1115d7b976fd829efb85972e52ac1319f61125b1305566345014a7957797053151b69a6f2f30e021dea15ccff20f3daece4f21eefcad4ce54103973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13327707468464434

Filesize
877B

MD5
63111cea0c7702178b6cb22a857c59e4

SHA1
edb1648bd742c61d65645c03bc81b5f0043b3cc1

SHA256
b9ab6a4617a833d4f09c4bf98844eb4be27a4bdd8673cb1605d0bd8d380c5502

SHA512
2bf9ba796b593ef336e5a03eb555d01cb7101e0bfc581c75301656fc3d7dbe64dc638a15531b44f48125d52a7c0d8809f7b29a8ec2c9d3f8c243bd239458400d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
0e9b1fc469462567b1f64aa797fdcdfd

SHA1
410eccf851dbffe969516c0d36364a0b76f5408c

SHA256
4eb23ca4e0bdb648faba80c4c8721c4e39ccc719993eeae0cb674e448f1f0455

SHA512
551b5aeb4935a334f9287426534694b6986034cff029d9e565978341064bd75502ed4cd9568eb874b1397e40238daf0bd0613854b018ac3e217a96da957a8eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
3627de84e0e58cfe2bfab3c232a66710

SHA1
cf5b382612f9b16ac75b91793a7ca3a9f22a3940

SHA256
7337282c1492a36affaab92dab777e44bd6772034b04b02a1a5a705f09b04a80

SHA512
157d3c28e801c470be6050ec3170b1411babcdb3754bea06c33e3f2e4d6bf510cce0c51d3e35c6341c160f99460cd4123b6cde048e44967f250c5ce3e691a960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
0fbda733ec4a891f9b6e40ced39ba35b

SHA1
e3e8be9651bfd7a703f114823c077660744753be

SHA256
5f78bf90aac446dc5ceb3a764ce7db1573bde23221004efd4d7fe38492cf381b

SHA512
42186ef7a7f0555a4d77087d4867278b22976d099b5b8204ab3a137337a4725702075c21bcba0c15d12d3bbc79ed0f936f11d9eb952f29e76de932700ed62be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
24c6433f078d816634ad82e391cc26bf

SHA1
2b6ab19cad098f30be74162b81e04d856fe327af

SHA256
7047030c1145decd1e900c6e0e3b67eb6dbe953d1628e2bbd5571d4a3feb0a18

SHA512
2ab7f2bb5b58d7398a578e44d31ca67be00c32072bdd036c609ee14c22f83fb574dcf53894daf120f7299a4c88c90db44736177bc63606dccd8fc3a8d350f237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
7d76ba0ee9a75d9723f0b1c5a6062579

SHA1
d42fa0e69d013ddc92197e574a878161a67c3886

SHA256
533f800e53751fc13ba4eaf9403b38cabc226c488ae00f3bb4eb45915932bec0

SHA512
ea0fc59b21b8f8ac226547df9128bbcf9f477e007f16aa348ba9d36c050548581708f3883cda5f50f51e3efdb07ede7265b63b3523b1025523dd6bff9a508f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584513.TMP

Filesize
372B

MD5
842df93b88989c163b4830086c6cae30

SHA1
1ad06cb8be2d8520e7ac972097fc53bfe785fbd9

SHA256
a13edc89c080fb3b1ecfa87fe3b5754bfb1be4ab3cd33afd210f0297d21bd2b1

SHA512
f8b8796e47a5cd29d6ff85d0d181e20f83bcf44d53d6062d2586be1ac8de68e849f64464e7b9d0f1dc385973c863b5ea6468f5cca43c677cd4ec6c72cc2f4075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
9cdea81efe326d00eadc9b4e5f1f641c

SHA1
f6101e09c5f45f97fc4f10f2765028349b36c0f7

SHA256
faa64c11157fd4800333a5ca0e1ac328d130079c042b668586c5c5c277cc33b2

SHA512
7a9254e8c8755f4d420d51293ff8c9d82d9781a550ce45a7a6832e201a14b98908bde618d97b5c87ac051b4ef588de252d7e1a0dddb024f434a4a3dd485077ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d7cf69d2-2751-4e35-a306-d7fb5880802a.tmp

Filesize
6KB

MD5
9c7f6e3c94f04ab2bf855e7b7eacd838

SHA1
5f260ae3def12b6631ab2b56bc069dcfdbcf1e48

SHA256
dcf43dad4f80c86bd1fa4d3dfc19fac9b8126eeac4134b77226e58be3b3d9723

SHA512
061a56c4b917887bd5b44fccc0905c11871006de14c7f2d6fe2aabb53b4bf46a024d8306551f385c5f44730a1d9cfb1cdb73246ce947df6cda9b61f4c2292e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
7b146daee0e9e7f169a12557c240b9b8

SHA1
408d2dbd584d4fa2569422a5dd2f7f2422babbc8

SHA256
008f54e9b34be399d1ab2b4fe23ef687e470fdcade41bc1a94aaf1b58c27db8d

SHA512
044321550c8f6f096d5fa285b337da7257e7dc8052c18123fd1d033242a0ca29e93b4e4eb6a94fb5a4000cbd6bd9b25db3c869be84820c74948a3c5e17ec0ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
d1f25aec3c378eb1d14309d0616b6314

SHA1
cd06f8c86a34d41c1b628a26104092f60195c02d

SHA256
b1260a25f06815a3506806a5e91085bb95717ac0cc6a3b3e162140857ee6bdb1

SHA512
d9c0e7259a85e5fa991f7a1a670d8a2c16b8f1fd109b100881aac4d7a068baf931659f150546ff80d57c724e1501cd6e6ce4b1610b0fb653e7c1e14b5432c6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
570968e9e4a3b9adc84e893b848dc791

SHA1
a43822a443bd6cc66ce95ee5862fb703d6b46992

SHA256
9f563d8c05b3bd4d57d1e04df8c733b24b7a25f6085da57b7e601d696cfebfae

SHA512
c43ec8335df3a25a5c7ff88c4e8ff07748968e811f59bca2c4ff914b1edc60658f07304aedcf72840093d4e62aa3d4fd2eff13a87ada607a673cb2b6858d40ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
531B

MD5
53100910a82c0e43161d44f627fa816e

SHA1
619425f62a721a8a36fa0ea5d0d99209073fd316

SHA256
3d3be2a732c34364087885446f37473b3f2298aea282c86a2420672e06e8d677

SHA512
eec46f1db758b665b83662c94cb2d21f3da756e7f794f7b870ee97ac81e0a8b8825987f87f147a1dc6d4699a9541cb5f85a5ac9b6ff21fcf0425cd25fb8e7992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
749f659e4cc648f2596219688c27cbc4

SHA1
cc90e2a17314f5f9aa46774663d54f7b8c76db6b

SHA256
3008a01e7158f53cea9adf78a08755ebb28013961105163d936afbb8465bcaed

SHA512
4f79ab6675a473dbc50cd360e4655911f13da5e3f6e7aff1571e3adc0da4e27762107a330e7c05ed43ee6069ba11288ef3d0d82d33a365ca866aaeb785b3e70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bdf2e42f8715e744c6bf4e2bab2991f1

SHA1
d5b9ad1904a0533858f2579246e2f29bbf697093

SHA256
655eec42d0f482fc65b98c66135b5336c48498b5626d4a46aad5fb86df1be134

SHA512
94a5bbfa922caf9e82a7bba6fbfe8b4f13711ee7ca82e141be0c90f19fe7b54f3829fa14e3c655ce7c66f4ba5e798872b0efaa6f6a8b6ee097f1e278f816c759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
a146bb05d240af6c858fa709e948fbe1

SHA1
0928e4db7f6dd065d995d78a87ab6e8d1ed6e2a3

SHA256
31cc6d3aadf3a6b752e13ad322d352091615500c108e52869e94b422838d0262

SHA512
e27a164f7fbc5a986473f0a2f05873460e530d3257b75170f68a087bbd2488b56c464cd030dfc94a50a8a3190c37e30e24ba84a3d7ed949260f73e7a83be5152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6cbce9281053c0760b88911ed7e67069

SHA1
e081db49fe74081aa4ef017da11a95d40975f733

SHA256
5aca0266b8b60d6b66e6e4cb8cab4ba683242305320a4d353a9eec4e153b0c19

SHA512
44089b84af7ba9dd2f34831f11cdae39221d02749a8b5ec892018e40f5f69df36cb1a9859bdc3084e3e1d007bb7564559fce3cbf9a8f9aa5bedf14f1798daba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6cbce9281053c0760b88911ed7e67069

SHA1
e081db49fe74081aa4ef017da11a95d40975f733

SHA256
5aca0266b8b60d6b66e6e4cb8cab4ba683242305320a4d353a9eec4e153b0c19

SHA512
44089b84af7ba9dd2f34831f11cdae39221d02749a8b5ec892018e40f5f69df36cb1a9859bdc3084e3e1d007bb7564559fce3cbf9a8f9aa5bedf14f1798daba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6ed669d61c8192adba84078dd701afd7

SHA1
59999fa31748fa78bc0208d79da99d4966dd92b1

SHA256
9996a5d9652e99a9031b62ba590ade406d8ad3b18fb9eadfb15e385836c414a7

SHA512
700ca5c480d91f45128d2a5217936d9458f4f6a5d6f25e7a3dd13dade4c12f752b3f03c957e4ceb2d42636349a48d64ed178765bdb2d5c00a091432d65c21637

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit