3a28e9cd293456001a3a7be5c937c26a03270df07c0576e48859f3a1941aa104

Resubmissions

28/06/2023, 15:36

230628-s1v9jsbb5v 4

28/06/2023, 15:14

230628-smjzcsba9w 5

28/06/2023, 14:47

230628-r5x39saa64 1

Analysis

max time kernel
618s
max time network
598s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f_0076d0.js
Size

35KB
MD5

2ecbe272a31befb5fb4cef797f08809f
SHA1

7aeaf15cb3534a69aad834ec47da0a57ca454eec
SHA256

80351dba116819f679547775b760ecda97aa51bc42e703716c66383bcce7d6ac
SHA512

4470c79d14201f8c5b0c36afc068dc71dad8b60e88c070320eff3954533087fa93e8955a66203a5b03d902a63b71c0d4755e004e97bc7c3b2c0233ccf265edbd
SSDEEP

768:XRthFKqBcSwFRPDABPr1TNaD6CZ92zdk4Qji:PCATwDyj1TNaD6CZ92zdk4Qji

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\09f277a6-8d3c-43fa-bb4b-a94572e4cc47.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230628153815.pma	setup.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2178924671-3779044592-2825503497-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2178924671-3779044592-2825503497-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
3284	msedge.exe
3284	msedge.exe
1352	identity_helper.exe
1352	identity_helper.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
3456	msedge.exe
3456	msedge.exe
912	msedge.exe
912	msedge.exe
1600	identity_helper.exe
1600	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	856	firefox.exe
Token: SeDebugPrivilege	856	firefox.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
856	firefox.exe
856	firefox.exe
856	firefox.exe
856	firefox.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
856	firefox.exe
856	firefox.exe
856	firefox.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
3880	OpenWith.exe
856	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 2676	3880	OpenWith.exe	88
PID 3880 wrote to memory of 2676	3880	OpenWith.exe	88
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 2676 wrote to memory of 856	2676	firefox.exe	90
PID 856 wrote to memory of 1380	856	firefox.exe	92
PID 856 wrote to memory of 1380	856	firefox.exe	92
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 1556	856	firefox.exe	93
PID 856 wrote to memory of 4992	856	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\f_0076d0.js
1⤵
PID:1636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\f_0076d0.js"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\f_0076d0.js
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:856
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.0.176325540\1871535792" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a66fd85-4f03-4b30-bbfa-3f093176080c} 856 "\\.\pipe\gecko-crash-server-pipe.856" 1932 1afed316858 gpu
      4⤵
      PID:1380
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.1.1398003762\317361125" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cddbe0f4-b2f6-483b-a3dd-43acfe78b9c1} 856 "\\.\pipe\gecko-crash-server-pipe.856" 2356 1afdf372058 socket
      4⤵
      Checks processor information in registry
      PID:1556
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.2.1031603273\56949833" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3020 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c2855e1-ebc1-4dd0-95bf-d4070813cc06} 856 "\\.\pipe\gecko-crash-server-pipe.856" 3040 1afefc10b58 tab
      4⤵
      PID:4992
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.3.680324137\1291231087" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ac19f78-bbdb-4217-8abd-8a8ef8463843} 856 "\\.\pipe\gecko-crash-server-pipe.856" 3520 1afdf35c258 tab
      4⤵
      PID:1528
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.4.79547699\2010520550" -childID 3 -isForBrowser -prefsHandle 4864 -prefMapHandle 4868 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07beb812-8d4a-4007-bb3d-c8fe133f3e57} 856 "\\.\pipe\gecko-crash-server-pipe.856" 4892 1aff2b65658 tab
      4⤵
      PID:3876
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.5.1612225939\130671417" -childID 4 -isForBrowser -prefsHandle 4872 -prefMapHandle 4880 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1846441c-5f92-426e-9f29-9952959140a3} 856 "\\.\pipe\gecko-crash-server-pipe.856" 5012 1aff2b65058 tab
      4⤵
      PID:3236
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.6.1384786088\1150583311" -childID 5 -isForBrowser -prefsHandle 4988 -prefMapHandle 4968 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22d0a71e-93ba-4767-8a1e-29e64c420fe3} 856 "\\.\pipe\gecko-crash-server-pipe.856" 4996 1aff2b65f58 tab
      4⤵
      PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f_0076d0.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa73a646f8,0x7ffa73a64708,0x7ffa73a64718
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7dd4c5460,0x7ff7dd4c5470,0x7ff7dd4c5480
    3⤵
    PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18057217107809349761,6533314630403759906,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3504 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f_0076d0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73a646f8,0x7ffa73a64708,0x7ffa73a64718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8077248933101871561,5238593331427175245,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ed9cfbe2b6990431cadc59eee86c6000

SHA1
cb656fb2480b9f2869949be67cbd662d635bf5fe

SHA256
3b7a8f91da1d21e3a6967f49eab6e6e2c187b12c5fe06669ed3d0f9068128f69

SHA512
32b4181083628ed6d5d18ca56c6b79ff8685d8f18cc598f96b64a9070bccf4d466e79b3c5a56d03c265ea303bcc0b76dc1992d725303b0126667b8b93cd87d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3216930cac24bb92fec6d210235f00ca

SHA1
735cb1a848376dd755e5311367c8a837e319e981

SHA256
c8bbb9f3d48d8169fc52a897bdab2c046b69ba51880f4d0d0953b351f5ab6964

SHA512
d32688bc8b3160d7735c1941d2a94c168116e06e3392ab75c4d3707ef563a18a40e83db063cb4b682693e205a31fc5776915e1e6c8a58f244a02a395d04a916f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3216930cac24bb92fec6d210235f00ca

SHA1
735cb1a848376dd755e5311367c8a837e319e981

SHA256
c8bbb9f3d48d8169fc52a897bdab2c046b69ba51880f4d0d0953b351f5ab6964

SHA512
d32688bc8b3160d7735c1941d2a94c168116e06e3392ab75c4d3707ef563a18a40e83db063cb4b682693e205a31fc5776915e1e6c8a58f244a02a395d04a916f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1197c359ed7ca976c63dc996ff338a87

SHA1
bdd984af92541d3885f031815c46f3afa5d9a8be

SHA256
e6aa526268bc5c37bb823d8e163ec6c489ef96e4c149708349b75c0c61b379d5

SHA512
90042d1c1b87cb666407ec3f50cf3ca6598d6880adb8781c3b15953ed1bb912b745d23fd8baf6d07a8ede7b88d42c80b24eb61bd11d94111296616ebcf3ef0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ca2fd4d3f153ea0254bd19f67341ddc

SHA1
49ce3c1814dc32d337387c990f8e3605e56b1689

SHA256
53726bcb4511d81144f85e823416cffe8da31a02c79bd56cf1758baedd8a5c3e

SHA512
d109f8e9f35a4b779ff589866b0887c92d43fdceb2de5d9d305137a5c50589b20ae85fd51a635899b3986d7f86a0a857c7f8a4a87feb4f487c80219e44df7ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c692b1be1bfbea3e3baa1f3e4c65a7cf

SHA1
0e02c201e9f63bed25247c384fe2239a8095becc

SHA256
b034c3b09dc946999d33596d737c98f342368b713be230f0374bf342a382b9e6

SHA512
90a677dc88e3bd9a80450e8f3a4b2741f680086bd2c85cc859256846d02ee3c2402512c3b1f405f3522670649ae7568dabae870f1879a94b8f276f2de94a5871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
b157ade73f994d0463c64458310b2210

SHA1
097845153739dc9795613c18a04c9c02bfba9c1a

SHA256
2441b5325d8c8a36d4ecda8204edd1f8b2396574adcfa3cc1162a248099e0d65

SHA512
ce9505609a9cc8c7dd18094794fbaffd0b86bcc4aa24c7e264ab671bfa2e262306fa44cf76099e996fdc47034c91cf0f3dce9c505e3452ffacad310db570f008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
8ea97d92eb5bb46baff20f02667b1f9b

SHA1
453f3aa9ef3f59e013d64aab1d3187c7df4fcb10

SHA256
b9e390f50d6883523d6a5353e8489cd377b2b754d7cb4205540cd46137df4311

SHA512
18141b5c18be404d0f3cd10296f65c65145ea4f943bb3353ec766c350be3f8e187d634433c08a21042fb8a41547860c13a7aa4f91b0fce1e83579f625f031cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
0de4e480747e509b7a8cb1075878c9d9

SHA1
be132a36fdec390902df98433773b44a5ddc4880

SHA256
adb088a272ed0e5aa88484cf6e64187fe1d2103131b746ed3c4d591a83932bef

SHA512
94223ff97a1d6630a50c3c37b2d39df315e4d8e760dfc3993cdd2ded7dc1dc63d28ff145f11944838f4fba5345c3516d2654b9e2ef90d34685db54af31370f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index

Filesize
256KB

MD5
a1fead9afea107d8729e86121119a935

SHA1
b05d2fd9bd88cd2c1383440a500c2167438a0e1c

SHA256
b2d8d1b40b2634842e7c5da9da60a0a90cc19eea99e831e6f14752d551917365

SHA512
aad22fd430b0f3c01d01da78b17c99fd8d2756771299a2f4e6f05bcecce95db220edf5c3827c684664daa1b1f26e61807bd83c9776a2962cd03036d6944ddfb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
75a51c880d0e9f6f41455e58331f13c8

SHA1
1cb0c7cc0f9f8bea59609288d8bb09f4a0a46e9c

SHA256
6da5445e1b7b046898da0536bef35fb691a8fae7cdfcd300d0ba5e126e66b1bb

SHA512
2dfea06c623cb1c7eb1d7ef214f5aae30c3a4b02c184b44e451ab78b023ccd15c41b09266e951beca616b7700375b469456bf28a57d2685d9ebab7c808405b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
75a51c880d0e9f6f41455e58331f13c8

SHA1
1cb0c7cc0f9f8bea59609288d8bb09f4a0a46e9c

SHA256
6da5445e1b7b046898da0536bef35fb691a8fae7cdfcd300d0ba5e126e66b1bb

SHA512
2dfea06c623cb1c7eb1d7ef214f5aae30c3a4b02c184b44e451ab78b023ccd15c41b09266e951beca616b7700375b469456bf28a57d2685d9ebab7c808405b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
281B

MD5
719ae93e6802784f15fd30690901eabc

SHA1
48c5dfb02459a4f8105983f7720b243aa55cd53c

SHA256
0606ad4ee142227813c6db74e9c293ae99e34ce53f3fd562db93108b68c3c159

SHA512
5b9c17e8addcbe1e2ae8a78096066afe00f3766944900800e7b07b0103631d1cea9b20c5837689c738959464e58981797b218d5e397e57f5002e02b6f7528070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f3da161419d094b4e2867a5174fcc6f1

SHA1
91cf8ff7b646b32a4c916b9b678880fe808271a3

SHA256
f73b21799132ece04fbf3087294ec35405248cd43cbf7fa7209c712a33df8e9d

SHA512
c1bea2fc7fa22ec79398226cc4ab444b833e281d53bd5fc7a8640a52057d87c5f4f686bf39cc11d212932ae5e1850ff6005111081b964fbbe60e9c7ecc0b8a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
12c2201e27e48f073a8defc33284f2bf

SHA1
51e3036a038cf70b2ceade0e6aa060cd683c04ca

SHA256
3556657eaf6faf9019a9c943dd73d8668adefae68fea85f49f39b86d7fd2f877

SHA512
e65be9398d3b6d1c9cc90687830447cdcd375237ced3877ab42da36fc30fe64bb64d13b7a72ded198c07471d3fac6365cef671c0328f72d81f9067d7a6d36ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
c6c431cc6639f97567af97977ee2cd65

SHA1
a9800a724a32099d6a2f706542f79787e1932d0d

SHA256
f001a44c28b457cbbcc1cd4efc8bfc81d40d2106d1fcb83454d7dc26181f6218

SHA512
dcbdbbb3037362b9da3f673660b8c5b3bee645d824d52731b26f80f48115d94e9e1066bd80d09757afa91c98987687b30304a88cea7e629becaa7e6a803e8ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
949B

MD5
3cfd188fe39b9bfe68e964477eae3b78

SHA1
d9943057dcf1131e28673e9afede8190849d1508

SHA256
13806a77e15eb3de3459aefa4cae357c6a1b68e61e60001ef97b72796bd24169

SHA512
8e3a231d2c501b25f296fd43a2b2818f11cc5aa3cd390c0bc14564e90bd594a0d877e86c98ab12392c23c18bcad85895ed6426a8b89d86e81e6f10258ad7fa40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
a01692741e9a65ff99e79c3ba6fba881

SHA1
4d76dcd1fabc323e34b90edd0537d2478ce309e2

SHA256
92f8ffcdca2d29389882d42e452ee92ac9a3815ad6e79d3aeff5d936b1de05f6

SHA512
4598e94e245d78186ee085c2df00fc130593edcb54e2a387c8e5ee57a61334847b14c9fa4ff72806232af4ae016b43d7d9f43b3731bc67fc9d728d2fc0a88e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
65B

MD5
5b233c1d396f9f4a00a509d1b392eafa

SHA1
4560735defb3001aad6f75de9b60c4ba74294b6b

SHA256
84c53be85b06833acacec0634223485ae548d37d2fb3a17b4c173af694c41471

SHA512
f7994c0267244deb4738299d0578c97525a52940a1d529e4a30b4ca4cacdf3dac0af60b96edc69ff83c2c42b42a090bbad4bf8cb78e9bdb41aae5075c2db73aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
ae27ed34230d3706a72a40694d3c80e5

SHA1
2fead7793f0fbd13cae49e0cc1ef8434604724e8

SHA256
0e22fcc2889a670a348b2283834a3e180f2acbb57b55621cd172b03b506702bd

SHA512
b6496634db36600d7d8b2c6ee986d49f6e1b068ed0964d66b742bd441eed0a954b16a26de3b3ccf436fa708e65d3ca2617fda1c37d5d4aaaf471bb65d97e627e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
12008ffb5d756ed20538adf8f4ef2135

SHA1
2a168a0a31717073c8de113f87705bfda072e948

SHA256
2ed740f2d7ce150c8968152605298575ec9de5e8b49972b7299cfed792c5863c

SHA512
d8174426dbb718ea43d4f46e0595bbdf15f21d5f78568813913f857ba6b825faca2bcfc16a6bff8a248cce633be3db4be9a720177ee010562b85243a2a00fde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
990B

MD5
9afe1819d70303768e8792f206df9ba8

SHA1
3b8514ededd7fcfb0a812f8bda9334d7244e9c19

SHA256
d2810b4fbbaa60b766f8a2498860d9eea8e7824ea6205482012b832dff1f55a5

SHA512
c9f08b69709599da1e863ef5ade35d7bff847286c7d77f0acab6b3a8e1fd7a3cb9aa49f09ca519f03da0d3bc337ef24988e485e14cbbbfec0cd704b9611a1022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
315d690c5e03e816e3ba1c0e604fc4e8

SHA1
b15fad48ad2c96311cafb0446fffa35ec1af6732

SHA256
31a214711a36419031582310753e369af2f97175ce47cd65b0de1331703d81e1

SHA512
696f2e32f90d2fe4f0aebd53c0e22e1283e8675e929b228d8e5676f8764db15ffd4e11c3934c89207fbfb2642b565cd6ca45afa5dbc4854ec6ab174969cbc3e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
014e572d4e024dbf8b8556abee9bd521

SHA1
5e3c3d9e0f7081d194446da556d94832bf5b4236

SHA256
9ddeec70d6b98ce21188a2a5be7832da44f80b50fb448d5136bc69665791c96f

SHA512
b3cd867631f582321a11c9d101412dfa284dad1d14d9b8b294514847754b8888436faab0474a18f545d12c336200ea8039356bf7f052564b74c90c4ae0ffa122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
800509d2674ee36e9e571d3edf9441c1

SHA1
92b36b4f1c31e700ab5a8abecb3ca6e7cd650cba

SHA256
c206e4da100fda674bfe88b249efdbf971577c14ef6b7c5a5e22898644263413

SHA512
ce105594bdeac992cc3843ee8d457740e407a807caf9b9b2ee627363d69cd93c5c8c870600ee6a821bc30b6ddcf9ebc1997f44a99a659e876bbc3a075dc019a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
800509d2674ee36e9e571d3edf9441c1

SHA1
92b36b4f1c31e700ab5a8abecb3ca6e7cd650cba

SHA256
c206e4da100fda674bfe88b249efdbf971577c14ef6b7c5a5e22898644263413

SHA512
ce105594bdeac992cc3843ee8d457740e407a807caf9b9b2ee627363d69cd93c5c8c870600ee6a821bc30b6ddcf9ebc1997f44a99a659e876bbc3a075dc019a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5da5403ac292735458f23ef6e0c3acb

SHA1
0f918d4cd69d9a3e455260a48d598cb1e9fb680f

SHA256
ce16ede758f08a76d169a15b0f513c9222e5d186646d74e7b2da4987cf19a6dc

SHA512
02c5b1f885637f4eb93485888a08e4d428ac99dca053abea7d5bb3e15cd54773a7311e37fc35464b0fd0ad8ab7aa1e9b10ba93f3c0442a8e5f11750634831bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb58429ef6bd73317ea85770e40e9d3d

SHA1
999533666cae58f01ad3d25fdb00c06b2d76f7f4

SHA256
548cf086869e665f5f4ef33c3be0e0439ea674d8723726e4b60497e32bd590e0

SHA512
ee2c4a6c6c97de08248a2235b12e1416238a3bf06a30fe8d55287516c4a190da19a47acff081470cff6753155967bafccc5063f11dcfd81bfd5432880abc2dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e68104ba277f335cc191af6d9676cc91

SHA1
d93adb6e7879faab619fc17b465c12b915bc5dc7

SHA256
429d9a3598c408b9e2308b029fc7fdb60b18f41238eae87270fafd0b4eedda3b

SHA512
92327162baa64babd7de83ad4bd068bda9aa5537847f5c6fc5b2b1c2f964fa5660e71072616e3cb650ee35d8a665683498b279b843f97a0294088fb3776302e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c7e3ef66babd460268e7ff8846ad5392

SHA1
1f1df8f52b64d8faf6e7408e37b427828ffa1bc0

SHA256
18adc63cb792f32e070a5ed545bb177e7b8f76d51b877418f487275bc5173941

SHA512
8f768d6190236946db40e647c05c1cc52249c20cd6b3490f2d5114ffe86a542a3e2f27612e6c0486234af8235c7f7f709de37023e5b65503fa97ddc7ac251aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1e05306f1cdc82fba51a674a801a193

SHA1
819e8799911cd6aebacd0d90ce28538e5c4edd5c

SHA256
f78d41f65b348543bbc3b8b64e1723fce63adcfcdf9fb8eb015bb1a70ef01813

SHA512
8a46e69ba3c5d81ed63c91b41e28a7941ae878fbb5117d9902484c519e096aab3943c8e5e635b5e5ba8f36e90328559ecbab36e450d754261c1e94073f2fc74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
53c26a71b972c1bcd6d4572acf689855

SHA1
3f3f2496653999ade6b5db20817b8ac6d978fb52

SHA256
62bd4d4f089ca3562b1991b322194684290de612fe352e7dc7cb128b31fe7f83

SHA512
4b07a50a5313cce26e1b7d764f68b064ee8b2a155de38d51cd1c546448ba3327be56084f2f7dd1e823caccb216b7eab337c65dbaa1693946155d1b4764c6fe38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
304B

MD5
dbd4132b83d29708f1d995d324386924

SHA1
5aa91d6933ca530fe959b4781f9f5b39d78bd010

SHA256
39233f50118696c903a6590e09fdc1263082e82cda45a19b85dd9a0d6b4a343e

SHA512
2e67871a608587d3ba303b63e3339587128b264afc43574ce0f2f839131c2ba005ddcd292da409c168bc1ac8f99b0eadde3f6796f7a4188008fa095225414a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
281B

MD5
f271caadb325df87ac2593342bd1cf41

SHA1
1591d11a5e6bf68ae01d01bc195a21b6d83cc480

SHA256
3de4860450c25520a4c3a26b0a81c6e18ece1976e6d3eba138d564c227b211cf

SHA512
620eeac6442a86760aa8ab15102f35751b0636d9b735c3d5e3d7b09e9254264150761afc9fdc9a5c5ed47f7134581d9c2e3660523dc5dd255b29d576069e25ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13332440442585409

Filesize
3KB

MD5
23ed3c91d1f9d36ac551025500a8969a

SHA1
079e686f6f9d3152c470cc8ee17594d184f641f8

SHA256
6243bd46a61bbab49901f7cecd7404ee146b62c7b6f8aac00c85fbf28a608cbb

SHA512
0f9230e89fc6912b7c10daa025f5f3887ae6115861f799392fdaddeff97f864803a48cad6217f8f4d28716819b80c7759055063ac28c5663a1b3d5bd8bb8c5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0f711af5c7b2f8fa37b867bbeb9a1fb7

SHA1
602a5b427a2bdd22191de685291aadcc7e6a0adc

SHA256
0a95d3ba33635d6d3f25c2de5867122b696b0ba7c3b6898e007a3fe3eae296f9

SHA512
f35337568a61f7b3d684561f241179de66cffaada71f55e2c0d49abe9e0e4d41b3365e0a5e4ecd24bad48ad8ef1be99faee560e75057477b8fd84b3f4bdb2fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
817be5494d49d1036b73de75291fa7fe

SHA1
ae61398912c5fde32be763a9151f7f4f79d815f4

SHA256
ad3d7b3d19dd1b19924fda4bcf4686fd27107e72048e128539c02fc474f258e6

SHA512
ea5b254d4a1521bd7eda62b393c366fa7582730c4c4e28970d8317800f8b744ccf5eaea9f003686566cb1d237e5039300172c5d36b50d79f022479978cce817f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6aaa30767d9e63b478dff5b02b275ce1

SHA1
136120331d921df3cc0bd786e9dac70cb29b12d2

SHA256
edca42b69a95cf293962e8c5617cd704628965860c99896a6f4de1861cb0723b

SHA512
10cffe1ead4b6432b4bb1efcbade4c72546f9fb95fa7f9e2736ffa267e0036e5d93be6bcfe18655554e62d135be4a2b25a77c305b040f63e172ddc1c96f9a6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
6c8231a6d3ec8947c2b5a5180aa573d2

SHA1
cb2266a7683ccf20192904671c4d6f5d77deacd2

SHA256
7966841848781bc876d678b0ac56380585f6576e2a191bd5f734161a27ac26d1

SHA512
89dc65763ca59809506afe181ce124eb11bda16364735cc5a665f343161f0cdd4fb9663f3e497c9bf411ca58be188c00643ffba8ee0304e0c765085e1ca8ae8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
244B

MD5
1ec2ae977fbe2ac1eaa09e3a72cc2c80

SHA1
c82b56f2e41da0f2962c5763ea961a33cce364a4

SHA256
e28e5ef1ccb4ba65c9f5b55df5ad6ab849de9db93d5684cfaef85266b0108183

SHA512
51726fc75ff34610ed963325c7c7652d1cbcb77affe9b3ab4815175301aa927b3cb7c1161439df5839abdfc33e648ae915f9f54330562a5b1626c9f47c62de29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
281B

MD5
be6a3af0eda1d4573c6718626bfd5a3c

SHA1
f91d0ebae8e305e1bddf9a97e3a51a7fbb47101b

SHA256
6e25f749aabf000239252441a6d5301b6ceb7f269ab78118a2f90d93675bf460

SHA512
43f5e56d4178c414196f8000ae74930e3daa6591508680f1d2c5f63d42c4786398f213a25d29daa9322255cee958d392bf6fcf5d45deb11638f9a98b8bc5213a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
531B

MD5
3acea9aacafadfef5001974dd5db6f79

SHA1
84cc4c1bfec20f8dc233fe0f01619b857ece9e38

SHA256
75c31247922610231f9376d6ccdc8824a4bd3b5a1d3db0dee95b3c1240809f6d

SHA512
0c16d67d6778a3f5c685d278ec3191f709db07e553fd3b5afe5a5d8a855f6b656ee4daa10a4fa26508ebbea33866821ddc1fdcd21ad926849d127305d29a18f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
299B

MD5
fd20515e6f32971282aa0c39eded0dae

SHA1
b3b1ae4b18423421e8b2c41c94d3622e3a5e72b9

SHA256
4217b4e2f5edd6fce7df95dbb9a81e8bda115668cb42a1db5b735a4fa1af00c6

SHA512
bf3a533c95e953fe69fc29b51f66d2dea81cf7708d5a945da62bf693b11357c704d73e64865874c161ceca6ad8ed49187e34753bb7e16fac11d9b289ab8d938b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
665798d9f091b2ce09a2003659277dec

SHA1
2d04448630426100920238800cd7a7ae17256c4c

SHA256
549560b858a5eb495bfa400261855af93f54ce411b967339dbc95f0c1fbaf0e0

SHA512
4e02f84668f37748536e36b26270d53cd04c5fe826091b0e17cd11d9e17026cdc1f160c50990f8f81d4cfde0644603c1f0e22005725a2cbdce96012c5dd0f0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
665798d9f091b2ce09a2003659277dec

SHA1
2d04448630426100920238800cd7a7ae17256c4c

SHA256
549560b858a5eb495bfa400261855af93f54ce411b967339dbc95f0c1fbaf0e0

SHA512
4e02f84668f37748536e36b26270d53cd04c5fe826091b0e17cd11d9e17026cdc1f160c50990f8f81d4cfde0644603c1f0e22005725a2cbdce96012c5dd0f0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ccd4ced1e152c03a36338f5e343302f3

SHA1
2aa36a7fe8ef018642f610d4b6c4c39310d352c8

SHA256
d9654406a1ee5de255b92fa5d85675aa85eb4e18053def52035643cd3a8f5ea3

SHA512
9324ebfa9b83c15e69faf0b47eefddd0300fe7af35562d4f2c0c85b6cb5d2237cfbcac0ddaf0631d80daac2ad4e69240c9cd71f70ecbbc86114b081fdbc5ecbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
14KB

MD5
cc0ff11063b0df8152e6b29a2df2990c

SHA1
142a438220741e54228be4f9e6270a751b198ca2

SHA256
0ec4718cefa470c021d2e34aa73642995d995d17e8e639b58e26964a895274f8

SHA512
1b541f05fdf79b347c5bcf7821631d571ade36b0807d3d6d87fea6dd479094afa1f25dd71b676f8ac2e4503f0305dacdd4bb015555dc52c0e15f41e909c1b648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
578d0de435d38221e0cae1389fd54a54

SHA1
2aa83f4427210b6b00338a18e7a479ab4352bbd8

SHA256
7664fdb8cebdfcfc043a7f4a18820aef5d9b1f889cced658057686b59aaef4d9

SHA512
520e076bf44e646158e089bba078b65df76365fab4b96f5202f3f93989875917d63d406d043d10491fbf0d53d6c8fa760faca4838bfcf9188554f3d53d48f9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
578d0de435d38221e0cae1389fd54a54

SHA1
2aa83f4427210b6b00338a18e7a479ab4352bbd8

SHA256
7664fdb8cebdfcfc043a7f4a18820aef5d9b1f889cced658057686b59aaef4d9

SHA512
520e076bf44e646158e089bba078b65df76365fab4b96f5202f3f93989875917d63d406d043d10491fbf0d53d6c8fa760faca4838bfcf9188554f3d53d48f9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7692f92a918f77d8ea6b819920365265

SHA1
7bf0ba2bd7c9e59663b00410002fdcad33717152

SHA256
e47c28a0b34c54da491d04c66b6fd1c0f146e0a5eb23705c13244dd4b91bb3ff

SHA512
590c0a92a62de2f4222de2a69a7a77e21eb6169e219f8767c78d149d7944d0db23e37402bf59c1c6b3cf2c7fa23d5a233b63af4d25e76234dc53f05813ea00d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\activity-stream.discovery_stream.json.tmp

Filesize
145KB

MD5
9e5d5d03335ec65de540d415fd26145b

SHA1
63a9d4c6093100f46f2aea3ba6941a35a15db402

SHA256
08b6381d6bac8cff49042102c38a16e14ac51f463042467a58c96b5601262909

SHA512
2ab22dbad4998f0a2f8f8c5e89b14962a2dadd0741e305c85e09c6313f11a90d458c2c35aa34ab1bae8bf9c6174ab3d4c03f8de56b1697a221a13438808dc0b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
df5203e3472235344cde8f9695a0f950

SHA1
f18dc6e12131ec7189cb344ca043b38204ad41ba

SHA256
e9617c82f172200e47aa60a1a7c0805a33b6803d0a4a7fb7ee5d3fc9ed68ceba

SHA512
85021015b73bb73d96dcfb44669e9b1ae95a40ff179cde44ed2c1a40169eb26a0ec33ddd538d9e49e41918f3f0e24f797bd093b8c9d3674462d180a9330229a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\prefs-1.js

Filesize
6KB

MD5
218eb288516f6cad58717732b38c517e

SHA1
c7ba018701c7ccd85e02ec0c57bdb37798be06e0

SHA256
6ba13505ae5ecba6429535d509aa90c6361d5cfb16ea3c478fa412d33a57ced7

SHA512
081d3624548ad66ef450cf6eb31447ad031c7b9db8a46e598c55bc100dbf1249dba0ca568393199050f0102e84de6e73ee50d90349990281b1c9042752144dd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\prefs-1.js

Filesize
6KB

MD5
f373cedea621c018468ff04a838a909e

SHA1
0841ffb995fe0a39ff43117442e60cef7760d45a

SHA256
6c3d3f5412fd8aab3680c10c9c2cc596a6c05dd620373595438a01160a7636fb

SHA512
78b9f01af7a4b1302788a0d52382cd353e99b92d84be9c03083eef351426a78214010ccd96848763b14551d67a3931463eed44ec12ee557960e3e83fa73fc2ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\prefs-1.js

Filesize
6KB

MD5
873356292e3ba309e2173fd3b6c15b70

SHA1
c780380e6f8b129cb19e828393d6ff463edbfbac

SHA256
7b21506efbdfb9e71925abf70b78acd96cac45ae9695eec1145867e648622f9b

SHA512
0df6d98c955b52b7aad97c8d031b0007a2179a838ecd70cdd3104e3227040d7aff0cb9e726ec139beb4eecf274126460e39bbf133604c8050035443f585b8f8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\prefs.js

Filesize
6KB

MD5
5478cb84c1079fae2a4cecfeb510fd79

SHA1
ac9215531199d1451810030d17b4acb5b74c9113

SHA256
3d47e4e0972f8519d1214da339913e33183e16c9c0a6d57815fa14d60ffcadd1

SHA512
7575557359b7bac3f38760fa8dd9d173754d38e45d0a27eb427dd99b99cebf5b21e99ae80bf148754b9993f05e0b20e70a788f8af36f7287e57a66c6f7c6e501

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\sessionstore.jsonlz4

Filesize
919B

MD5
13753c7afa92214198b13051cafe837b

SHA1
3d9070b97a54d8df888afe57f18d6ce9c5ba1a63

SHA256
3c958fc020e102754198dcad6b720e04e36b24ad569a9c457df8f4a893ef6e1c

SHA512
50cf8d3f76298b9ba3b55746da8571fd4f90b11ba49b6f30e8ae87ca3ea9441d1b494b02465178f14933625d3cf6277170e097c0a6b9485adc8fe908713c6fb5

Download Submit