hxxps://linkvertise[.]com/554849/2xl-fortnite?o=sharing

Analysis

max time kernel
309s
max time network
326s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/554849/2xl-fortnite?o=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
138	discord.com
139	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
266	api.ipify.org
268	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{73FC2A15-5DBA-4674-BB6B-B824CBD62091}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
376	msedge.exe
376	msedge.exe
2208	msedge.exe
2208	msedge.exe
3848	identity_helper.exe
3848	identity_helper.exe
4260	msedge.exe
4260	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 2400	376	msedge.exe	90
PID 376 wrote to memory of 2400	376	msedge.exe	90
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 2316	376	msedge.exe	95
PID 376 wrote to memory of 3352	376	msedge.exe	94
PID 376 wrote to memory of 3352	376	msedge.exe	94
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96
PID 376 wrote to memory of 5088	376	msedge.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkvertise.com/554849/2xl-fortnite?o=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe713046f8,0x7ffe71304708,0x7ffe71304718
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6608 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9409226432022781923,3827429031613967622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe713046f8,0x7ffe71304708,0x7ffe71304718
1⤵
PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5857433699087577625,12887037151940838027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
1⤵
PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5857433699087577625,12887037151940838027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4a3b898f-78ef-4995-bb35-813ec1f554b4.tmp

Filesize
6KB

MD5
1322777039378cc06c012556b73e1848

SHA1
e29d9ecd3c6a711861c52a3d4215a0da80ad126a

SHA256
5c2eae06f2022f7a7f5368ec82def5867bd07d6347a36902391bb849e43b1b99

SHA512
4ceea455cca0df6bcfe2d01d0906786df4a2b46bd51481548ae40fec3c2328cd8b326758bf90554c4c75c919cb1dfe21c6f4ea39b8ffcb710f46a00c3b0cd580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\69ca0df8-6841-41c1-ade9-da332e5d18b2.tmp

Filesize
7KB

MD5
ab964fb66acb23ff0b0c6a53e5024350

SHA1
c964062573e458e69f47bf6746a726435b237faa

SHA256
db03af6f78acd89d197441f49a8f4bc22d0a49ab75532c3b3e94e39e360096c3

SHA512
335473d58d0b457eb20b763302b7e1f995b2ec5ac2baef0f140fcc03bd2c9912eb71b996f56fef6ac365eba066b29f385b43583fd432bf369a8926df422b9188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
30KB

MD5
48adb85ef97903293a5861889eab859d

SHA1
baf83fe28bcc18ac1b369908454752a5f0bc05dc

SHA256
f11dad2f08f59e9e88599d69c4fd4969822527812703b45152fae7931d9d8812

SHA512
dfcf666ba7656752371ae48e7ba46806a070f5fc612f9e8687ce5e97effe3f6597180ecf7f5befeb1e2951e71f0b7a200f7abad222270c7be6c4210cff282a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
21KB

MD5
44129a82842153ef9b965abfb506612a

SHA1
c0964eb2ee1a76d48e4e09e31915415d74e18bbc

SHA256
8a3908fb32a414703eff3e435566b1e5598eb3a5d50c500e70eb1a5c20d003d7

SHA512
77d149f19343d765834f2bcaa02bc160c75bd42db1fc431aba87f78257a83c4c8a7e5953c247cb7cbbaf4ae44ace269eb0a5194dfd7489d66f69489ce5dd78d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
598KB

MD5
d7e1eb7613e6794c265309acf2e42d8c

SHA1
4e79d890e6e0d6232f0b47776b8ac9062eb05de9

SHA256
8c2e8c23666f4dbb53b12935baac28479bad22e5f487cf4a202493c24512d589

SHA512
7c8fa7fd03f6e5bfe7f0991cf72a0410eddee14690b967220d661740a4aa7c8b6f8d86f6d1eac9caf6c16ac4833d7cdd192e464f3de2adcb3dbeb91e0be5adf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
67KB

MD5
60be201cc9fe99bf746b147125e7bb01

SHA1
9330f81f2dea095986d92102a9b73e51e198ca6a

SHA256
876187e9e4aa4e40ef3cbbe82ecee6157d7270fc6f4e219f68c79a0d3bbe96e3

SHA512
91ae70643ceab31f3fd45394dc548b330ee129daf5404be47c6101f5927ed4ba573ebdad34250cab03a4f63613b3e853ff4b2a7be901df79eb6b560885942d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
28KB

MD5
a862cbf7b12a59c045d8f1c4225d452f

SHA1
e23507d83c2d9a714c5b1e04eacd95a8cf4017c6

SHA256
3c9d18966e55ce2ae193613bfc16aa0d869a0c9119886fc2f8afcb360f9d690c

SHA512
e7e89befdc914fe8f49cc4865965291794d592de6e6ce6905bfac0ca104a5a2230d74aac9958f5f61446f9b727f69414a2de6ad0cc8f62fcbfec07edc9de6319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
68KB

MD5
c1132bd208a2cf6da71f3c4947ded968

SHA1
488d2a9d698f306f6bf70b6b9ca4bcb9cafae15d

SHA256
b70fbd5b464bded9b1e5216363ded434ccba0f03be9e16d8dbe5edf47a005059

SHA512
c897ff931037fb88c02749f8526df4d7f354039f4831153b465b9531c7f64a73446cc434af8494ab0e3e3a728536f3cfbbf34981eec6989a4224b34c5b95eac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
50KB

MD5
cd2f3074326840d55a3c3ea1e99e83fe

SHA1
3a2e1d1a93506526ae3ed2b44d584af7771ff8d0

SHA256
9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51

SHA512
0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
106KB

MD5
f26770b24b033958f9f6d6a280fe577e

SHA1
0122938019cd4a1e2c9d8a65190e7ff2946f4df6

SHA256
c6219ebb423e55147a3841b8fd872f9d43b28ffee29bc37f0208ce3361354e0c

SHA512
bd9c0f5a41911e7c25703e4b3a726b1d948629b701d921cb0e029febdc455cfb79e0ae98df4e3a51de8bb65101f9d6e65a2b4de11306704c31f22603b68e5069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
221KB

MD5
e88654f7c1c47a11046ccb492d593a4d

SHA1
8109d9bc3b030b5e4be0f511b7f3a00b461e969d

SHA256
19a5dfae560d5c4410b5a53d72cc5c6af880adeacb9ba4d430ae148e11915b1c

SHA512
588d6b9c5752ff55324e1aab6897a7ac43200d14955046e4a400cad2a8e16c1380b5b591d4d24dbfd6937b10373db0f28cb14b1e7fcc83267afa595141735539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9f41633d1415fa43c333e2cb58403521

SHA1
b5acf11503612a839307532b749938b00b9f6513

SHA256
e08105b723475be254c6009de9e1c028ff17eaea884ffe8e5a1102d07ad30aa5

SHA512
9b7847d6c3c043c76dba9b7152131e5785f81ec609422f9f745c79625aff0d75c5998282f6a6b14211c12f37ac1d24dd958876e19a426fbdea8954a1172ae943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b114e75806589c8a1d9a445554d2403c

SHA1
f4d2f46faf0623dd277303dc38acb9868a233d6c

SHA256
5c4fea386c0c68d9592f54f17e8c0d6d11e5b0e0b453519a52e0438695bec3d4

SHA512
1b5f81c0a16d15e87d9ca254fcf758bab29bb4b542be21f22153240889c3e67aaae9d22317c5cc0f34a3b487ad5e3facedea593c8ce86e2cf24f16c8a668a9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
f562a23f69908650ff5d5f2754140991

SHA1
85f06b85d3aad051f38d0770c55065b47e935f04

SHA256
f628635dda8194e64e61354ada4a0dc21c09ec02d1b7d203b8ddc86631c78d5b

SHA512
a4749bce3d1d9a9b472c3346478e600367e5b1f0846bb49d08503803fa4bca49b095b525566af1bc6f650d1c030b0ccd468fceca8ab00868ef2650183953ef58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
531B

MD5
7ddf6a9e9de14f048435a3dc851b5c9c

SHA1
12f7a16309e431f0e2036a24e717c040046af405

SHA256
71f1e15e383221efc15f7dcb6dd3db42eca9c122651bb5a15b2a5e9296fc120d

SHA512
cb68d1b16557571e461b9806959cf197800b719d882b75d9662e0f76983c7901c306fc1c713ae2773501adb81aac2515f1ba0d2d50cee207669993890827055d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
33dbc444bb8d298f492722262e6380fa

SHA1
973cb997900d54026fc2942951371c66ce6d1ba3

SHA256
41aba7465558281ff41f3a887a45ac2b122f50ee4fb845c1dc4b2cd9c3c4d0e9

SHA512
4a53b46f0dee3a5c527a8c4e9d769169997453106a26aab43bc7b9a289812c1028a4f2108946d2260a6d2f98f18904c493e1ace9b275a009c3dbdb91c47a541f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
849af23dc077145b11e9f97a34ad1fe6

SHA1
9f56bfefe48fa39cc0c99923a5eaced2a3ec00f4

SHA256
c9d94d18fae52ae790a8a9b0e12e5c09461a0183c9987790f379d4c9d1338f19

SHA512
8847fabf453393e3dd6694650a4a51e2f7303440747cf8f12728c5956f61832b574dc894a5d674a0a231fa622a3d099b9860d13d434b87947ff9400ec079c864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e4d30bbef6240d1f40bf908dd8b13930

SHA1
eafe888052e1c8e9aaf7fc3f5c6246729749c513

SHA256
525f77551f72f4b00d238b3803581eb903100079d06f0142b3607f7f15bbbe6c

SHA512
27403aa1e0cf3070a0e60ff16d28430d25a4b0852ecb554a17877616d4ba5dba62ef51ccda8b4edf4c8502e1185d0342de1360759517be04f041e27e3eca54f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
223651504ad21227f2aa37a1e5ef399b

SHA1
a9a8e822657aff1daecdb209e2f0ba65d04b2a89

SHA256
e12d61a1f64cdfe15fed16534a3e4c238c0767bf9b63b7a6aa4ce107a681669f

SHA512
4f7d805b32689f9d0a2bfa456910bd608d0880d096aa9412b0f1081a974749d8f3e6c783f7d2386467d9a7b9e7f9355d77a7541a4b259ed823bd67b952a56ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5f9a34c21dc5189e23f0b83d8ccccb9

SHA1
2e89e87cd8d8cbf2c1adfd504701b14f14da3574

SHA256
89492ed0043182621c1958b00422ee78a95a98c440ac457124d4a37172f3e2e4

SHA512
0e1f8f03e4cdd4ea32e6ffac621e92c716e526d8bb59d680d50cab4f154b63f7468d5219ecb56c1c61066a840b38f75b27748e8439b58bcf88847d4554b1e52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9da17dbff39632f6fc598b5b997cd6f7

SHA1
e1b274decfb30af6744e98109055fe076c0f16f0

SHA256
6b567927d2939a6f1ceeb5bb3f45ec438e4aa5b17673c02fe11508f12f261cbd

SHA512
2c53eb2eb6d919aa34385a80c709705d78c51fc2e86aa5d8e1994b1206055d89312d2d818880e911068fc9ed3e4a96a75bed12f3549c6b3d214ce79050d84efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d6d2210a03336033221efe757f80e64

SHA1
b498ffa38e5b3c1656ced618b16df7d216f28b1e

SHA256
4d8bfbfe9dc7097307c1a827fa561d4a474f0b627911dc9c91b4746f03681b88

SHA512
227e95a27d8bf5e910e445b50cc0f10c38a49ab0f5388ed47f6ae6618fbe9522e5e8d4a970f2ff0220197ff32187fcc5f409229e883341003be7c92dd0f5e1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d8a009dd8f4b8c1238b93b81e99b7beb

SHA1
39c22bd2c875f94148efd7409868cb51f564c8c2

SHA256
3d95792a52880caa45623ee72977cf98ec647897b3af1eb684457a51c5299655

SHA512
e0258859c3a3e35ddc8e4ebe2e5d411d2c1aaff8bc7fc35072be034cec4b417a4d4d678aca585354b8143ed852298f4578afba18f8e0369ae8e66c4f25fc7c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6e1137d5b5ccd7245c3488b422a9821a

SHA1
b29b2066afcae3aded910fa0dcac58d2222c680d

SHA256
83996a9e19710128ba2d9122d69844000f8a00ad19e4a800e7dfd9939ae5cd6a

SHA512
be5ca8b871c11c61f5fb9a9f6975666d8f07701941a2a51b308b6d0d7afb4550af58ae650329a14320eae98883e6378291cf01c47849eeac8544ef0fc6c350c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
039b6a35aba4d03589072237883b134e

SHA1
b3eaf1539338f477db7cbfb12bd171e693a117e5

SHA256
13a7c496ce3c70371bd5362a85f38fe1105cb21025716df58e56939ae93ac04f

SHA512
fec72e5c337703d1258793e98be5f796b053072a3c4b8ff1e06e7e74197eea3eac7d09fc466930e07656ec7507a8ebcfc3be4b67e5100e4846e3eb298245bdc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
629f3a91f2572e4ecbefc43b37893dd1

SHA1
77c500cba1150abf0ba7db80cef3076049dfd721

SHA256
7689fa56d5354a953c73dc5811bcec55d0894dcbcfe9e15720642847913696ab

SHA512
5997ce422f12ce88d7e5d6b4f9de405f255e2d128705d253956b4addde9a88b06946038af3f8fc844f7e5d5e0194b7d19f2135de10eba01f136fadcb3a506c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eefe481c6fe021587907d20d16fe60c5

SHA1
88d367e618b54cb6d2e6aa0a2ff168cc81891fa7

SHA256
d1d0049ff9b7e970e541c1a5275bd114aa414ceca9b58282e4230bf531c9315e

SHA512
827a9b8dc795bb8ffb46d6defc40a9b1e6d1b4109c80aa76a2acbdcf753c43ad101046d24777df1eb265119c92bf75aca920a83ad473af17c7cdcbf660e60c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15c09cca069129edfab526b8471ecb07

SHA1
3cc97c89350024c02496edd22b200ad61da10f54

SHA256
75802bd50d5aaa4dcf223af3efdaf1878acc007bfe6e0ccc24fcbfaa37f02e5f

SHA512
d2fff9cbf3a596b7d8d84950712f309f504aa954e33d06fd214e28d1575f24b11b164d87d3f7e4b6fed1c6acd9e1b14706da41251ed29b0544756d77d1cd9b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76b530fdee9e87958565edbd5d875673

SHA1
d90e925a05c4019c7f9d5bd6c4bb5185529a5027

SHA256
35ef0e95e7ddf175716e5fd7921a8d9f5a63fde4f8a7b80053f75c1944b50d47

SHA512
5d5e7e5863ea4379ce0705732b32e29e6772eff1506e945738e892fc50269dc590d3e2d19e90da9b294425c3211ffa39e0dfb0654d89b64e72300ddfbaac1e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d8068e0659f0faa06f893fb13d1939d9

SHA1
aa5410fe3dacd7f2c9036f2a965b7bbfb2faafa5

SHA256
4cec2358d4a2f63ef702be95b94e9123d0657e97b4ce3eba78e999b16c6220e8

SHA512
6697796bbc160fafddf9fdc3e27c1e4e3619c0f60b2402f1a905267f3581c4dcca046d580fe3a7b5caf6f2b63b88641d667fb4a91526ff6f26eb15ed92c783b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e3de91e481c79de115863d223f411dfd

SHA1
5b15e032d228228487d71e3b8e9b3795b01d19e2

SHA256
d0d553d8ee5f5aff71479f87a09a6bd38480feef593584ac9c32a9858c547541

SHA512
676f276866a9c61beeeb8afde23fb8fdc9ee0bb7ca4eda853276a2f72b018700dae8eb8303d2018c54ab690c9cd29d639c83312ab182b2ef75ab58c7ca8d8818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
5a26a69b12bf447a509c1afa714ccf6d

SHA1
1b4b5133c970eeb06b193ee714681277d4ab41ee

SHA256
c9f7eda69ebd2a7c687b6ef6cb7e9324587b076804746458bf534a20f86f12f9

SHA512
3b70f554edff18c81d971af0cb368ffe0c778d6eef075c44498ecd6ecf5ff4c8130b2c93dea87a70eddb6ea8b1a9a118307a5c3795b7af03effb39b473887b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
239b47366bbb59b6e11a270b78cb9890

SHA1
b8c80a9ba63790c21d91a5c2324dc6741dffc265

SHA256
29cca2a6f1bf17d08b1aa20a5911f4c2231d725421d9155d10ae0aeedfdd3501

SHA512
a28ec725cefb140fe46f7183230947d9456fac95d5a889cf8128b75218740e0fd88e48fb87de0bd5d84824d146a5ba13f061e27beda5c424e70cc98caa825dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04adbb75b347ff075755b61f9f7346cd

SHA1
a39769f34fb25bd85030eb6ef56168bd0be794cd

SHA256
6533e08652f6a6b67d199fe6a3a7ff2aadd50413603df2a48b4989d6b8a2ec93

SHA512
8ab57ab6786f7c26be35e19e18adb2f87f5cd0eb95ded7e62d62f4b5be2d68932b4daec6eeec3412ba1e3567dde443c69643d3fc35d677638d4ff29e308f7865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23c0c4e8ed0ead88b9777e69e5f669b7

SHA1
4e53ab2180e4c43a43c3dd5aebee986eb13a519f

SHA256
c411792691e39b76ceb5758c5e1a475d0ba17ae9c364d3da252f8b10bd4d532f

SHA512
1e8e99c47ab33ffb5be54a713cc56d328d41c4f55e08e4283c03770e1f490cb9e53255f23053874f179bc7b08ee81c56c23fdcd6127ba855a3906bd7923d9fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d712a9b8fd9fb20f0ef4db3a9a185111

SHA1
6d8f3e323c2ea3de526e5d8d90aec77ae8a5e2ca

SHA256
913382740bd7986e1c4dc04fecdc8514d9ce1c29d161f24df21ff31be9ee1628

SHA512
305969dc94c48105d004a8b201f40c86e7c142d11fd5712deb12660a7bc6266b63fff8ff0809960f7b83e55b50e08632ec75255df3f7c60ae02d60914a024a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0fd5817a2a0e7525f630b3cd61278c4f

SHA1
9905b908f7223b69d97d07b4cd6f066da5e32997

SHA256
1578b577164ad2b751452bd27d8548dc090759b4cb29d350f997d6811052b4eb

SHA512
76a4da432186eed5b4b1b092395d895eb619330245d5fd9da4b70e0551e9f1ee115d1798c76bebeeaa40af4652a2bf38085c8d2d9665a44cb29ee200f99afd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b89509018a692b933b5a056ac66473f5

SHA1
d0c2c4d2b587e1e0c76218e56928499816fcdc51

SHA256
46c6f23d7d70841db26d059fa4c602347408c1d5e1a13ab191be211834cf954b

SHA512
9a5014907c0134412d791276fd06752efc71c1c88e80f1a985b0a925422febc9fc8669c2c09964ea2808d6f882c2fa9fbedb7164b267a981ce5b2ed2e18d6718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
937c15af130cd51aa1492b6f0ccb6762

SHA1
95d7572721753701ffe7ec05cfb1ca3375b15929

SHA256
4b967b5f240fa08ed2cb9a555d260ca71129afab2df392fc529c292e3c07f63a

SHA512
b1f1fd17eb45894fa2faf1c60031480c53fa1d2255801826ec4118c5f5c83075cf54e6ceeeef02e9ce2716339154495f6e873ba5ff7b9800fcae5d597e04e169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
88af923fe7c00d199565acdc4ae9b733

SHA1
966c76d75ccf5de2334f820e37ad347919e0d297

SHA256
da14f5b315e23b7c802ea547dd485756819259ca4a12b52ed0dd1a5d68a61258

SHA512
14901077c14fdb5258bb9d072570f16d9aefecbe1f9984e890f6ed48b6ab9363a07cc97093cd2cea7706a9f2bf866719c09f5fc5c818b73ed23dc7b4a878df8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f23629905abd2e9d141b6228f76af668

SHA1
3b7d70fba43361fb1935416d964e2d3266f3abe7

SHA256
d75fefa0e4dc4767bdca3caf5b849022d46aa4885aa7e5620b1c2ddcbc744aa6

SHA512
ba8cff8d6377558a717c58b89f76d62812a0193f9dbf1767b0e3145a2591de35d148e74f4df92cfe3f0fea1553bc4d13972006563bb92b9b709dfbb8662ddc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e88.TMP

Filesize
203B

MD5
170eb6b2950ac88b65babaa04eeea1d7

SHA1
cdf49250e41150d250c0d030ff5476b5b3de79d1

SHA256
6cd0867e0ecbc16c5b9fa4d1625a5ec8e8b04dae9e685240c442b2cfbbf5f640

SHA512
02ff0c7f03d0de97c51c66e63e2811f96c994b01d7297f02688378614f053e3c829048d1b692e5f9a1b10dd0755d8c34d4fcd11c0cdea990a74e3b75ad1d0091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a619df8942f9d1bbf7617ec5775cefa0

SHA1
0dc8c0218d27b1967e2ded1b910e6321434ab090

SHA256
be03f9a9e367241ff6103813a44f7bb96ea7967815cd4981b8d04efee6f3c9e6

SHA512
7983f2bc60b81645f8b2cc5093cbff4cc131742cd2346f5ef429540ebd956e6852be161caf0d72675c219bc3cabb52532b4eb883985e94937e8cf84a5a5f0b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d5f2fad4614d5398d85a61a37a2c067e

SHA1
a4eb5912eaecbf90fcde25477b75d89b55fbd3b2

SHA256
da5a0f0f5bbaba4df0c7c41924694f90645dfcc2a20f13b4846f5fb958d8438d

SHA512
a47d4940475e8b2668d0afe0bd08212acb0394224d574fb91ac4f9edce351f3ba7788d333c616f5c43ead3bd0a78cbb3974425318e2494941424ccbcd3e7b273

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
86261793e691ba4d6dc9c8b1ae0bde4b

SHA1
51a92fca51593f2bd9a35164920931f06caccfbb

SHA256
be2f6dac4eb2aa8018f07104466bbd3eb86b505939680440dea90f195807807d

SHA512
32370d929b2e70bf9dd9615c94c55c17081c9199619c1a2235967f9ea03d40a0119362d2c7d0abbc1509d3415b383d62716cf5e3ffafcdbe52194e8711449aa4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0f5cc0663e2109d23d4d4e3e862df570

SHA1
c812d7d6e48d5a1f298b722c9f2d11b4e75b8141

SHA256
96e94855b559da676b672417cbcf776c331be7b609fd51a1b059fcf933079df2

SHA512
ab5bc22cb1852e883b57438879a89548e3c0960f22406fdbcf6d873e1fed99f78ed78404381a57fdf4532bbeac7a7d5217c4d3d410fe6b6158d1443f37b60ab9

Download Submit