redline | hxxps://github[.]com/7humb/bug-free-adventure/releases/download/test1/Win_Installer[.]x32-x64[.]exe

Analysis

max time kernel
394s
max time network
382s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/7humb/bug-free-adventure/releases/download/test1/Win_Installer.x32-x64.exe

Score

10^/10

redline zgrat discovery infostealer rat spyware stealer

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/972-1144-0x0000000000400000-0x000000000044A000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/972-1144-0x0000000000400000-0x000000000044A000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
86	camo.githubusercontent.com
127	camo.githubusercontent.com
128	camo.githubusercontent.com

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 3252 set thread context of 972	3252	Loader.exe	123
PID 3916 set thread context of 2384	3916	Loader.exe	150
PID 2400 set thread context of 3320	2400	Loader.exe	154
PID 5040 set thread context of 4848	5040	Loader.exe	158

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2244	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
4672	msedge.exe
4672	msedge.exe
3836	identity_helper.exe
3836	identity_helper.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
1956	msedge.exe
1956	msedge.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
972	RegAsm.exe
2504	msedge.exe
2504	msedge.exe
4736	msedge.exe
4736	msedge.exe
4540	identity_helper.exe
4540	identity_helper.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe
2384	RegAsm.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	3252	Loader.exe
Token: SeDebugPrivilege	972	RegAsm.exe
Token: SeDebugPrivilege	3916	Loader.exe
Token: SeDebugPrivilege	2384	RegAsm.exe
Token: SeDebugPrivilege	2400	Loader.exe
Token: SeDebugPrivilege	3320	RegAsm.exe
Token: SeDebugPrivilege	1852	taskmgr.exe
Token: SeSystemProfilePrivilege	1852	taskmgr.exe
Token: SeCreateGlobalPrivilege	1852	taskmgr.exe
Token: 33	1852	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1852	taskmgr.exe
Token: SeDebugPrivilege	5040	Loader.exe
Token: SeDebugPrivilege	4848	RegAsm.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe
1852	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 2680	4672	msedge.exe	84
PID 4672 wrote to memory of 2680	4672	msedge.exe	84
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 3284	4672	msedge.exe	86
PID 4672 wrote to memory of 864	4672	msedge.exe	87
PID 4672 wrote to memory of 864	4672	msedge.exe	87
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88
PID 4672 wrote to memory of 3920	4672	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/7humb/bug-free-adventure/releases/download/test1/Win_Installer.x32-x64.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb45046f8,0x7ffdb4504708,0x7ffdb4504718
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5504 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,14706762195926867700,7409221504382390811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4908

C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\Loader.exe
"C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3252
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdb45046f8,0x7ffdb4504708,0x7ffdb4504718
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2400889719027072586,14167148374497097850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\Loader.exe
"C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3916
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2384

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\key.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2244

C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\Loader.exe
"C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2400
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3320

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1852

C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\Loader.exe
"C:\Users\Admin\Downloads\GalaxyProj33ct2.37v\GalaxyProj3ct2.37v\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:5040
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8392dd399e20e86c5b1591480e73525d

SHA1
6360880a9ed3af8e83baf2d5fb68dc2f389445b0

SHA256
68f68478d9eeb7b195f53bb04df017ad084045e3010eb47f01a54ec35ace1c28

SHA512
0e1b04522e12a8b891da59f0536100b798abe95c16f2a48b44d0a31484040163db4177c5ecc4ea700f63ba7dfeb83fe879c770fbedc680ea31a82f22f21cdf43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
38bcaa7fd5fd8c7f5be0fe9e20a831a4

SHA1
e33229c4bd8a0bdb035829b3c5cc84ab48014762

SHA256
d0b8e3bb4b6e319465d6438a343dd72f5211898bea99756a99ea88247a6b2f71

SHA512
11e13ec4b99060948b8747ad0d1fe4659836fb1d425efd25052899c88a26b5529816e605607a36e3383ce0803bd5b9007d4818019c88a9d13773cd5335be59dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
78ca7e08fd4b077c73a4eb94de35e408

SHA1
3fb89012ba8035dcede59e17d4d6df50da1dd6b2

SHA256
f9a4e3fcef261b141492523103af4d14fefee28d2056c2e8241e952afd0eee6b

SHA512
eb51604e6959898f1b74287540db8f43e84830fe135b2ac7f4df49cc252abcf0f164d7e5346e89024bd8722e54dc150ff0d7e6a9f6c1fd4cf3af9b03d51fce01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
35405d6baa34c6eedf7e898385781583

SHA1
a10b10a89bd7406ee949238173019dbae258121d

SHA256
e2396d2f1de64acad16ee49f21b3e75931e9bb8b69f8d4cc9e0f17c596ab41d7

SHA512
d0f3d73f64af21273d48f0a998c477dffb62d780cf7791726164966ee68726b445a054b970fdad3242b243ca2614958dc010d29a2260a8fe6e7eda6a6ea204b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
8dee9e80e042b5b91b4d8b7e5465d393

SHA1
4252a0c20dac7e7456ecf86bcbc76607c0cae8c1

SHA256
9538b02ef0163a194e3487df75a8d526c95e3cfd475e7142d040319e46a7d50a

SHA512
d66779d7a48d5560dbce788b5cb3411c35fe1cf78fb30365373a2c91cda4b69f99ac8cdce9282713cbb3f22cc89491834aa98b94e160f22d775b6b7497130a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
43KB

MD5
c1acd3bc96b5b12bd203624c0c92ec68

SHA1
2b17fb5a5583eb9ea161114ae7744f902e9e7413

SHA256
178730516d150c1aa8ac9573727e47c042b6980dd772fb038b2621831073f97e

SHA512
0ccbd4edfa4c34326f5408551337a44a50c3183fcdb52962cf2ff390cddbafd10f61535b710443d20998848286479e244fac4ccaa96c04efb166c7a5daca048e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
49KB

MD5
e1f8c1a199ca38a7811716335fb94d43

SHA1
e35ea248cba54eb9830c06268004848400461164

SHA256
78f0f79cdd0e79a9fba9b367697255425b78da4364dc522bc59a3ce65fe95a6c

SHA512
12310f32ee77701c1e3491325a843d938c792f42bfdbbc599fe4b2f6703f5fe6588fbcd58a6a2d519050fc9ef53619e2e35dfadcbda4b218df8a912a59a5381a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
21KB

MD5
939b17598242605d4cda089e4c40e52a

SHA1
cb7e96bbb89879ab97002ef7764e868d8536fdbd

SHA256
14d0a9ba41b036d7702963b2f0048a670f138372fbc3644ec4f009cd3184e041

SHA512
d62140ff22453508964a7fc40602adc68b2ceea883eb7e77206a84569b2cb6ffad4b0796371ca28ce1a7110adf58786b374854d5fb1dc53a42588d61c79143e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
65KB

MD5
0f8092bcce67b0b6b4a308c8887cf0ed

SHA1
a12fd75c93ef65aa7d0b6140bd515334e384beff

SHA256
c410d812fc6eeb6e0f02c719f2d26fe81b0b9d931a3aa29838ca1c29ad43413a

SHA512
435c6bfd39ddfdcc47c80d396eaa557843083d00223f576e4de3dfde9ebd64c507678ffb994ad0d9c18b17a0b9edf69238f3976554ffd0118c3ab7c9190917af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
151KB

MD5
da800376add972af643bd5ff723c99a5

SHA1
44fe56009c6740ec7e25e33e83a169acff4c6b6c

SHA256
bf252b560c9cc78dfa63abe0ae5caa03b83e99b1ca5fae3c9515483c57aaae3f

SHA512
292819ce339d4546d478fc0aca22ae63f4b7231f6a0aca3fbe1069d53ad09e1e3c936205cdbeb53bbedbfcbc33f3b6077f84364a150f7627f87ac091de08952d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
efe81e4daef615b00dbe73ce495ca572

SHA1
efa6284b26573a32770851c3ccfc54de3d6642d2

SHA256
8a2115d91ed4df1f74c0bff1d7800c6c776fed3addf7e6ce4637a1bd0c9f81be

SHA512
a561f8475dc2ec744dad499bfdb45b5c113a216d93c3873321e9fbbf22dfdde932af4dedd5819f4f4e0c8bd614efb77e68825561aaf05ec69c19df6eb7271b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
51KB

MD5
49e66c048d3a6607832056d821ad09f9

SHA1
3ce46b6f13966919c0c6c29ba02d9b5fe27a4fab

SHA256
0db0212aa80fa62b4e51c498b8a379d6cef0efe5d12cff4da22318d628988748

SHA512
5135537e703125111b389f8c16e659d4b01fb184c3ae6cb395363b495794532d9368d50b2d2b4ab94552889f5c47634ed0b5c5abf3a76684e4575c77d6fda52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
e1bcbcbff08ad26b8ccc9c0a82c5b703

SHA1
de44d9ba23492404a7663ace05f82147af193268

SHA256
8701fd45aabbacc8605d62ec6f64ea910c1bb844b0975f2e78f6e795a122a1d7

SHA512
f4a011fb066bebe222213462e2fc691ff109da417e1f1909ad16c6a561cb09fc0fdf9a1991d2b748b304701d6b04c903958212c83dd67f890f891f22ea194406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
23KB

MD5
8afc0b779211c04de66abb7d3a425b6e

SHA1
cfa3994bff79c945aa3552852aa75801f7029782

SHA256
74fd2a65c888063313021b081707991510bfa53e9869626a05c2f4610e006daa

SHA512
9a9c44507d3810789fb4dc3332d327666f05ae67f8a5fa5d91c8e3d03e91801bf0be550d226824167419d26649d65e684cf41fd0bcca7dcdebf85d518faa211e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
161KB

MD5
b69307c2bc631da8616b0d189248d185

SHA1
afba1d1fe2f2a9271f53e38da03f4d9a018f067a

SHA256
4df1a514d9a08cada98b794c918b17c257b673310e5308a084c47f328217fc3c

SHA512
7c4db73a4ec41c384416291296a06cb9af69ab66c3f7d3e0028f41ffba34ff1cb72740182633cca2ab82b8f6ce5e50de2404affa6c50a707e9902d8445dd2bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
116KB

MD5
655912fc08403bb0b205b0a48382ade7

SHA1
bb2b8c7a0b3dc0a51e89e2ff44c489d6fbe71f4e

SHA256
57f0f6b614af04aea62ee92d11636aa0a77adf6ed45a4247775280b7ba1286cf

SHA512
923aeea7be66a052421376b3981a473ddabe1781cdbb4e85a8e24b18426a91e9a41c78cf8f4261d526f3fda18576518abce6a53a3f94a2ad48a8571fd8b6385d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
34KB

MD5
3e1d3cc1ac470b790d35697d65bb3dad

SHA1
7960a6ddf32e256d007dbbffd39168e0bf0dfa53

SHA256
c161b27a7e20c7f3c569f8382702f4807f1b5d40e201ed23db061b02e162b1a9

SHA512
4d0242dbf62054785ee4ad5feac568c03dedb2a2f97382b70329961b13e1c1a491373b8347abfd4566364d8a8d365d2d56cf817fcd427489582dfbe69410351a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
189KB

MD5
e3de96cad1ab827a302277d82de0d3af

SHA1
b673b5f2bd8f5823f5832fb4af7f106c29e76439

SHA256
bd924ca225da1739839ff1908e9172ae502b1b03c483099877070b2a79f68ff5

SHA512
da5f77c6c9605e332159f51657a2ad6af747cc2267c389deb4d2f37b5f1c3e51724ff4da5593f2c7118c50f611770e6c3cad029ec53656f5afda0cf351d99bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
62KB

MD5
bc0763a9648b9fd70654a56c418ceef8

SHA1
2d6c63839314127f3875d762ec2c81b5377aa09d

SHA256
9de59421bb158b79ae89b9982549ef8f9fff1abd6789de45d3b92db9f8c4200b

SHA512
09e0a7454e26be0a42dfc5c092da4abb1c25eb1d3de7dbae886d556c36aa61253727f0b154370a4a635057d5a157377d616a3bfe8a074b209c3570e82b565287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f225281f7d549f5_0

Filesize
1KB

MD5
c52c244346f2f07542178a744651f1d1

SHA1
b200ecbdf6629a606d97af857fe28d3806988fdf

SHA256
6c06f5f912b3820a9ec631073d5305c329f082bb1c793db9630294fffe084fa6

SHA512
bb03ead32e42ffe7037f0be8b1689cecdd9ee505365d1a66b7dc769a9b26498c3e72fdfd7e0aafe52e238cfeaca0cad05b1a1cdb3880f0cbc8d230c33110651c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fe295f4588fc91a_0

Filesize
2KB

MD5
f1f70ac977a6602e7fbe908ee11cd411

SHA1
874526f1be6f49ce2b3d78cbc1025907268cae68

SHA256
93692ebf217d14e883aa2b9aaacc0558a5bb35be1992c6ef02eb16113d6819ea

SHA512
f3849608f8ce02fef5ed0573e4b9148f341e747705fe6732ed736064359d44e48947df9fe91b0f4aa06b410214bce04302b42a7e78c3554cf2599d54290b3469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\20f6bd3fa48d5b7a_0

Filesize
9KB

MD5
b6a8b9fbaf457cf0e04f95258559dfc7

SHA1
f134a356e21084e41ee632914e88758a32993b3f

SHA256
0b4451f68199bc8bf0d1fff0b083a6388fac3542298c9cd3e4628fec63606054

SHA512
2bde108e9fbdec8886b06d4c7120caedaedd9b6df7a930c563a19c118ecd1932a5e6291e5bf14ee95ca820cf85ff77d180e9ebcea05126964bf062bdc813ee21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2501308e6cfb93d6_0

Filesize
4KB

MD5
ebe4be532b822f48707190dfa310c0e5

SHA1
b4fb8f367ff98f3721ac8b8c80ef9b3623dd6121

SHA256
35b0f2d4cabd7aeb006d060d2240431295edad70d1260bf2a0ebadf8238d329a

SHA512
b2e1dab1e59f94fd1f6d33858956ee968f028960be32d72b596498d804ca2ef986ba194444025551dcb02a3987d1e976d8525ab6f6365e4c4c544463fc652d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\286a1787eb6b73cf_0

Filesize
2KB

MD5
a29728031e1982670814f02c39d1b203

SHA1
ced67bb34def39e4982d1b0a12f5480399306c02

SHA256
16981ddc34433a2f771d72ab08e45833893e98db865f1bf4a71fa3f76ded1237

SHA512
98450e2eb3ce3e80b0fbe097dd188805c2fb9b75c50df89390efba8d43cc9361982299805b1ba78c246f52ab0abd28d33efaf561a2d0ee002d14082a56914ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\29ee49a9e002c15f_0

Filesize
1KB

MD5
75862a7d8baddc26e14419ed3e84901d

SHA1
a44047d1995d31cc8171654c2522104283b4105e

SHA256
1fd0400ae83ccd55352fcf312af29bb593acc32e1bcbb62f46f10f202acff006

SHA512
efcac692b8017dfdff96f67dae3bfcc46544da5a3608a99b1831d3917152a188ed120b6170ad307e8028ba1331ec7067f9ab0571498ea75f678e156df4057fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d8ec1bc548746d5_0

Filesize
2KB

MD5
1fbde3875c68dd412ca2b43c71611681

SHA1
dc2227f4bbabeb6926cccddf32cfdb8e3925e859

SHA256
10fd13355583d81a67a63b6812ed013479a96618b884d9ac5a27a86ff628cda8

SHA512
0808664daa89aaa4ef4a418331b561a81f9c6412f35d140859ab8bbbff78d0acb8760861cb2a88725652d03d09d5a3d9d316f4e3e162aeab8b8dffc891294b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ae52cf7c0166b75_0

Filesize
1KB

MD5
4d8ba5c402859fd0c1cee46277072c09

SHA1
bd2ad692bc0e90c07784ced802694e43d85b188f

SHA256
f93692217d6b78f4fdcb4a60fbdc5e14aef38bd3509ea2e73da85547c7f2c521

SHA512
45a1f290adcad6b27291b73f42a49cffe34ecc06e87b1091f9e5515ae13b26ddbfa4148ee55bb40ad1aff3fa0fbc7bd4750b51bb8a80cde23b3661ff54cf9692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\84ef792e97c5476a_0

Filesize
34KB

MD5
e7da1646fd18a5ab35b321e42d73ac74

SHA1
005f2df2a2200dd2cf9d0bdb590dcbd263f934c2

SHA256
625db887a9eada171b747684ff02432f03070dedd6fcbb73e5cd0a0d787439f2

SHA512
54d224b2620a9b58712d959b7d7a7ab797382e63f12861e1d6ad720ab7a10dee199ce640588e9024f4d56d5d4917b37e034745a6a2463483acd2d275b16188ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89911cb6f335fb55_0

Filesize
13KB

MD5
66991388a66f17c40bb33f6d81b947b9

SHA1
6faaeeeb5c4a366d64f8d6413a9181961797f2f7

SHA256
cee573da5d55032f0f07dd9bf02a415050b12622d8a6cb1ee211525dc6f01ad7

SHA512
432030523f1def653865396d13ab7a3b8367be91aa0357fb6f474b96a8596125fd692014030826851230e1b678e341c67ea9b12dd801c47d82401807c5bbdca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc9e1fd4409420f7_0

Filesize
1KB

MD5
66956bd8f379eb6b25d916c1bc6d09d0

SHA1
27d914b1ff02e099e4cdbfa7e02138a5f9b181c6

SHA256
ad2de96e9e170f6a51cf105f85dc949c881c49c9abd1f508715b6c4a868191a6

SHA512
90efb5b5cdff34a9f983e419657160092b61a899d1e28f294f31c9e100ec8ca0232a2b6b11feea84f4d6f83e0954ad5316ec64bfaa3456a07890ee6a5ba350ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdab77cef9a22778_0

Filesize
2KB

MD5
6a501201787e1da9d37a28865095fc28

SHA1
2bef84ba6eacb7fee61c9c9cd6f86866b519ce94

SHA256
2eede2e4bffce7352ac418936612f3536f09c80aeffa69208d9e7a3a86e5fb41

SHA512
30e5ac54888502965fc3db582f2239344aa188af4eaf72559b1de9babcea76bf7f6a6e647424130c4298b1ce9028309189ef1b5bc3bd943c8f75171aa51d5b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd070b7ac1484603_0

Filesize
6KB

MD5
c17d7d3e81027b10afa8187d0e0bd7e7

SHA1
2775d1f6715ede878c205e16335e72927159770e

SHA256
d25be226be2de82e67f3d8652b9f24cd16f082537c8b1edd1deb544b8c60304f

SHA512
5e86b8ea9602628d2766b3a37cfd1dfb218627a29497733e7db29f6e2b5594ca79addb7fcbd8fbbf3fd4b54137fdee35fb4a6fbdfc20acc25ad1cad3de5772b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb5a38eb6d74971f_0

Filesize
8KB

MD5
96f17643e5caa4a32b9ddc3b2ec037e0

SHA1
b86dcdead39914e451ecf7d0382072bf788834f2

SHA256
dd131442274f721bee602ca26b30372dc7447ff68c51b3568d8b0e14f20d489d

SHA512
4a7415f2c338313552547cd9c23cb182f2b4b044f36e3f7cb042dc498827bf7e0e2d64e4dc93127693ff4ead222a8a4b9b0e0d8d8b08d5ec0c3576e7127862a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebe10eab84535fd9_0

Filesize
2KB

MD5
104eef3447864ad4b3fd7078b1341545

SHA1
2353a324578c5de03193b313fbd5cc384ecbd44d

SHA256
0e487be1c17f5bd4f554bb14e1b18fd4bba61091eea6740b0a275874488e1ccc

SHA512
bafadce547e18b0b2c34c0717e185fb85aee8600e23d41e5b907ad1aec667fc3f768324bf0579327d68e5466b9589f6fb42dcc2bf86d1e739a5d440b9401f51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f66233e72c393c10_0

Filesize
1KB

MD5
03019923be7b9e4b1599befeec950fa7

SHA1
3b875cd30a5633efcf0f8de07c0307ffc3641b4a

SHA256
a8cd55ca66f1f6bde6a1dff5085a38aa3333fcaacbd5febe50672fecab12be85

SHA512
c15717dcf3e559bf1f841929239287978c2f6edd965819c03ddbc86923e0bb64d9284e727cdcabec4d60944d44a66ec9998001ef376ba3d1dcc160d6542f1884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffe62a08b235c1d9_0

Filesize
15KB

MD5
0bcd93b6d5c6a1c72eee7469295ba3b3

SHA1
700400b858ccaccfc33a52841855872095a86a86

SHA256
6cce73fd1dbbef29a9bde1445b22b4c58a8030e4e191e82ef5fe21a757b7d62b

SHA512
cca64bc3b0ba5461631c7422263f8211373539de3292da51c56d5c2d2da6fdfe373b6484bb661365d126d6b4b865ae3e293e862b97615be0a93a542fde184fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fff913c37041386a_0

Filesize
51KB

MD5
fbb32b1d51a8c755852e92e27fb8a949

SHA1
10e517b6a0df445a93dc2dbc35e42ba3cf4bf60c

SHA256
3e2d13ae6dc0a3885cbd1a1ab39d5c85222efba247ba72ce9c1b40acc9d722c3

SHA512
9f7eb032d5118b03fae1e2efd76792c5d9d3bf132cd3a21b59d0634046ea60297cbc96f6731b85cc60c3f3883a49995517d4898562535e849bbd1cf5f066abc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d6333a73b9f682700ae027d30c723b86

SHA1
54ff3014a79c5924cd88764aa9046699cf02bae4

SHA256
39c19fdc9f85c739a6a1ce19ba7b05116c9b0ddaa508eb5bedeaaee3d2ec34ea

SHA512
e59fb4cc6200037d5c3bf2541d8b25fda99c5b7592706b8588cda47c2e8549612fdf5f0cd47eed54e50427d6c309d87a843c705dafc0edaac9cd122a32d3e2ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c602567ecb7c521fab39d929143aaa27

SHA1
70bed39db1f82b9f0c88bdd6043c5f9bb09d3429

SHA256
875c6649d16fe765964a8bc5d0a088cc61591104bdba39c49b76c1b3b7b9bb49

SHA512
60ab1a82ef9ca090708b3ebb579474742a8c3f6fdbe0d732651707f449a4aecc15dda61a358f98d4f3ddbe8ce46a40158230b663ff63d8283f3da3b8c80f7683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
25311e5edacec8db871945327dedfdb5

SHA1
6c10992f2cf9f704d2e91b08f097dc6c1a2351ef

SHA256
b2a54bc96c35fa2f0a80ebc422d765fb437c84fe3897bbc1600f599fa1464b14

SHA512
33bbb2268f18709ce26dca9180585ba27282568d8cc27633460d2531a5a9e4c0f10f64b90798959d031f3be95d5ff16a91d83aa5778e965c051acdd4fbf218e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
71bad10b51e2bc0bee97ed305d3cf58b

SHA1
58333165ccfa118d49fbb8aef764742a80199a67

SHA256
f4367237e9c07bb05ceec6e9b67ca7491506dca2b300927e40202b192b40899f

SHA512
ec6bd0de30572d97e935122e7d88ae24d0328579c787c9679fda5e04282c5991ada57ba024ffd169b68d9255ea5761cf598d2b8d354b1d953cd5d84d7d8c1eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
4a80d1d8a02af073c90f4cc673d39609

SHA1
fa9813d48fefc9ec72f00f2cde13185f0fec2ede

SHA256
6e7d91e6309c57897695d14a1ca667d8b1472b8523658b6590bcc17e7e91adf8

SHA512
cbf862636a3018e27d1e35454bc1ed9e3a539c8139cdab82c9e91659d2dcb5a1747c4a307f5ee4096ba91653db862c1f65b9e4f414a1cb2fc7c8c481e8a8f96b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
8af6c61252b4273017821a434cfba7dc

SHA1
6836d10da5ace5265b2b21ea0aa0171f203ee6ee

SHA256
f6df391ee336d5065cab5307b35d93adf48cc988a55546cff879316df3a96085

SHA512
0896b8899ea548706a8f2d26fa2d9e9f78cf756ef89fb45f7858ecc5903b75696a70d536f6f597cb49fafb4261070287fdd421a75c814b60749fc75096c22068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
f03e5e7f4c36f1fe1088b8287538462d

SHA1
e20550e6f43b0a9ab4b0838bdfc03b08ba52abec

SHA256
3caf072531ba8e50b6a5f9e2d6fd00758d59c7601266e81bfeb00089e994ea2f

SHA512
cbfa75ac52b6ef0a81f7e63e5da76e075415ccb4e7cf97b6c5cb5ba1756af15794e26a11e5391e44e0195012165a59eb639366aefcbdc94528fb566b369e599c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
20d6bf61dd5df0c4482bcaafa831cdbf

SHA1
f9331a4a94a2ca31c534a836a0a2daf60e01e597

SHA256
3c72a0289c1a492e40c85c92b76ea57e050ab0b2268949fe116afd53bfaca026

SHA512
a38848be6ece0f00fc9b8b8bef579e738b93a82534c94a4dd388093f96b4be664b3369d2954bc2cf1b4474a41edc6e61f71aceb1112e8087f23e48c50ebd37de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
54KB

MD5
aedd1c0f46075be99ba6fcaae78a5d9e

SHA1
c3f2ef92368679ea7a2b9cbdd82d63a7a92dc42e

SHA256
b3930dd2d2c3bc1d2d823e8698bb36b47e47aa206b2d3d86520170c635b54a51

SHA512
fe9d2de3fe448bd7e365022365a0ae6e97041ea9e73a936546645ad963a866cb3d5f4f41a6f57d54ce8919bdc446a1d1c1dffe619e312a63f26ab9ae02becb0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
1f7260545fba2e0ccbb1f65e00b74039

SHA1
24816dd1456d27addb765b93ffd748af34678bf4

SHA256
91e341e087c0a3b932991b797e492c103c74288dbbf8cf67d8e17cf4cbd15733

SHA512
d4278431dee449acc7cca4521c286457c871c474eff54a9025f754e7c41f4691d3e121e14b52f24bd12e59ae89a8c1a54a8361ebb166c0ee6bc105607c689aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
047e72b446be4e90386aa7920a4c51b2

SHA1
68236cd2b8414d4ba94541904daec688ae87a417

SHA256
decbf87b75893e31fbc089554eb39f2ec1fb2b05867f63144e2a694e3ab350e6

SHA512
8c2c18ff5a45a92c27b14fd48757164e41311eb34294eccb85809bfb67ad31a16ff8673ddf860e1ca4cc4121865c26b2d8caaed413fe059ee26fe856950e0791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
565B

MD5
92e7398d87f30b109dc1c4a2cc9454ef

SHA1
72354b1a62c4ff70b55b5e6ed0d7888edf6e86cb

SHA256
784981288145486e71cea7ea2d7fa2263de5167cb033af0f704b4c04ee825114

SHA512
40c0f024d1bc97518ba9fb085f013af2f5d48263af61d7031254a375326ca50b8272e80bcb1f11756192ace7f031dc921883d55c9c6d66cf8b4d5fcfc97f5b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2baad9a9788dcf60633805a2f2fa707

SHA1
699d626965b8bcff666b6752d894f758297de84c

SHA256
04bbb08d57448cb1f1e553a3a0f28c3df54b9d29ddbb8ae56207b58d41a8a1bc

SHA512
168f4cddbbcb50c5a0030450b73a5b915bd68cc11201c821d4226c7ac5acb632d7bc399be2f581b8bb4acc522a613ebd93f40fa78c47ebc96397cb2745e6c514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ae6ca1c322ab179c012340165eade4e

SHA1
9f25e23cb41ba651bd223952238ff93678649b1d

SHA256
335b473c2be038d8fbce16ab18eb579bdadfb26f9087d655b63743a85aaa2c4b

SHA512
235dbbe5010f18222256386d4fe9d732c3f5461c43c5e89266d1f79b06a208895922c426699b28d4fa75940ed1d73a1404eaf8f73d1e4fb3bedeb90541b5f6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3b36a45ca134b264d5d543f2b04397b

SHA1
72071906e658cde48aa23320a3760fa848472ed6

SHA256
fde9a1639fa677d728aff8660960773d724535645d6b65dc9a7987ca344abcb3

SHA512
e9771152592bf86519cfb3765270fc54487468537608d1e2c4b744fb1bde3bbbea85da6548c33fb439d7f8c57c650a863832008aa77d77538a4bd7b04f13c6d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d63a51d556dc5f46a5e52cd20fb915d5

SHA1
4f91f251461d538e94a5f80da0538eb9079bb973

SHA256
e733f492f2ec3a74d070dc918497e8d609d6bba3d336c7e381beedd5fe32552a

SHA512
39d407d80133135fd262ca6b366cffdb0fa4e86e54eca5c8256fedac9e76687a084b15e7f81fbeb9050b7385b167a4b1d802285b7a1f7dd1e8ed3e90b308766d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cfc192dd7b8d0227f429069d00092fe4

SHA1
9dcf8ee14da94dfdefc12da8ea1a371c7e7ef5ec

SHA256
53196f3f88a564a2ed0bfc137a72dba441a117905689302060ebe40bf91ad806

SHA512
d45f72b7d2ca44755f479862f74dd3d81707be15ddf6b1b4fbfe6b30f662a919c1954e9b72973a20cb2ddac284c4d72618a14808d6b1e49459fa9272deb2f582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
194b3ad46118e8e4e7194412ca6f1ddc

SHA1
b0f3b35128e03db88733567cad6a94ed12d2dff2

SHA256
e8d28ae95d1ae254c2c32fe8332fccef97c580aca89b0b47c96d3e795102029c

SHA512
e2d8bf92ef731894a51b13e0da9b6abbfa8040ae4ee9f2af362d5348d1fc6743e34f6e1b2ae9cb83bc6b53cadf50e41b7fcfc058654924bfb6081a4d336904c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3486c7c0742e8c82c8331d92477a0ee

SHA1
0a195149f61b2931bfe328df75a3d2b6d5c8221d

SHA256
167ce3f68075351aa2109bb9c9ea2df880b48cd2def3a0b21af60bce82db8676

SHA512
9b06fb381b0556ccf9cf05bbe6ca8e3479bee427c3c65190f87bb3342ac2f0d5c9e7c55fe3010765c65dd751c03846cca3fff34ba8bf4bd30853a7983a011429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9f3b8b1cf6ba03db1661aee86089760

SHA1
56abfd8deadb68226d66aa73cb0d583bd7a01652

SHA256
bb4bc63317840876bcddc6eee289c38a754368792c2b58ba016f0e1e60806ff3

SHA512
433af67992793832b077430137b2730f12a44670bfc49658a54afef363a28cf4c50e4fde522bf83f3ddee7dab015509434bbcb6d2e5d3b68904c971e633c7428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
646c7112aeb6caf64723341c6ecf3381

SHA1
363ac729dd6ae7f3de12e2cc8c8434e174b98151

SHA256
90c517159291bbff2bff7aa7011c9c1d85aaf22cf7743c9a41c699f1715927fe

SHA512
1e1cd3a5efb06fd0aed414ef6a72a514d015e7a9f3e615852356d39677bd104b50cc7a7ca356cdfa5fb28d94b614138c57c21002bedae4f291126661c377a8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68f16c645a296b80d87ef7a0a2edc416

SHA1
d5aa4762aee7402490ee6a49cccc9c842a808d71

SHA256
80e1d2e94e135955ab084fc559f0b17a2777e35e9976ef59cf41069d4f858e0f

SHA512
422782e809fbc0dd11b032b63462f4ef09f53f2cde31ce3518b32a158a992fe0528f47fe176c21e48dcec2e9b9640863013ca7392d395e3d190b2522702b817b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11a362a08e97fe670a0b10957e7cf478

SHA1
8a6775ea06b291df58e263dd4b55618639d4a46c

SHA256
3e705cf7896aae903ee87867444e448e5ed53e3532a2d410ec0d328756b30a20

SHA512
390aa0354bd9887ec70c9c05b506123f66f6e850da8c903cbea17d3488b9f24d5a8a2964849416f150657c16a1e6571a6630839a4e0b290269acb5af5a970376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
340240182920e82ea051d31c396cc814

SHA1
a8f68fdf6652182e3935a7f88226b78360bd3358

SHA256
0f3ffee0349f52a22ca8308fad906dfb520adee45ad1469032fe90ded0b3cdca

SHA512
9d98f2f42b3d4e940fe740cad68cc147eebf6d866a95904045ef0ddffd5e68e4db879823d04c0d2db38a4e9c8a82716668b9724e308ce09809e39221ed5e54df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3221e5d5bfcb4ec660879e2d5ab9218f

SHA1
6c796331afd906f834920f9199544932e95c60c7

SHA256
872b45bf00ebb92a14bee58752ea628dd0374a8d73deb1d146842a678419f82a

SHA512
70d5007c5130b5b95647315471c7f14bf033edd59115c2a29701587f78e8c373a4699b39c3776d97389e7d86c3a686932719a821f29127609ceeb0c7c5062fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
b943baa0fcf5b89a4ca1a7a50c239422

SHA1
01ab675e9b196d7ca7af52859b19323008fb5be8

SHA256
07dcf48926a2d028b8b93b090dcb56de1338196cafea45907cbabba46d62607b

SHA512
86f4594e06dfaada4b53a1622289b5a9dbcd6755b6da0fe7df19883e1da5d45e19d3e720baf8c9cda4be9d71a8d31dd1099a33ae1586216290fd385cf933d46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
4310a590b6fca41de854146097fa95c8

SHA1
9e873d011fa717d6d0c8a2e036b8b604531c7c59

SHA256
88a44be160e9401d195eade726042893f9ec5ef8dce12a7df8bf2a555bee3ef3

SHA512
7a21c02f4896b5c7fe99eefbe041353334c15ea7e09afbe28de72437a4ccc1f707f480d07ff21e5d65db0eb8ac3713d78ac7ac7eaf18b67ebaa05fdd132fd6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13357238228148032

Filesize
100KB

MD5
b87f49351fd238a8db50ad87a458c708

SHA1
26532c2baad76e1465c55994ee6f442a70c01025

SHA256
b752cb0f173ed12c73f91a18f59e06b0eabe312a835c272dfcd588777514c3cd

SHA512
9c61d5f5b839e1fccbd6b0444a140cc0c07206727beecb57aa9a2cbddce9946a7034f6c9b6905201000c60d6c6fe3580da6585c5066e0c19e4ea2f4c36d97a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357238228258032

Filesize
933B

MD5
504d2f217b41201a0e67f0636729a2ef

SHA1
4d3b2db26bb6e19e6eff752d1d40a9d159183426

SHA256
bf2837250ac02c8f5fcab2fb973bc6b78984855b590f828f41b34e506794e01f

SHA512
05c7bdb38ea6f974af104372c3796bad0e2778d3fd3230dbb43a8b4b4e13576e84280141cac424de61d165a35d06965c946589c47a84e41795dac24b31d5caf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
80c79174d7ba1dd8a083232ea02435f2

SHA1
c00f6089f948d67467ee20b98b8f5b290030e557

SHA256
c8802cc093fdda5770f1ec410fc3afc6c907825c03f1bcd60339430a80ccc8aa

SHA512
1da7423c199b2a3d70160758f728b06b68e99cdd181fdbe71d18781fcd7e6cb55648fc8c918ea902123f4ae59aa467bb209f57a6fa4b28c4c1be52ecd2d410a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e8d9708327f22ca915d0a5213468ddb2

SHA1
cd1f1775afe7abfdf5c76bdd7c141ba889043f6f

SHA256
8dc735d52264bebb6b38b5577077489aa181f6ae43520882211b7134b2e05b76

SHA512
c93ba5aa5d8fcf10ec80f5db1a82ff847d2193f1e1a998fb18811875b09af70b7935af0ff4273ca82f8e6ba347807b71a66d32b5a4cd9f879a0aef9f3021ab4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29c8b4a6398de6b30c334b7c85eb5f91

SHA1
cb4730325eab53ab645faa031dba7c1134a54651

SHA256
a09cf842e858a6ed1bf526d76940eb63d773b6572bf8929221d867c49d49f55e

SHA512
c12de805911fabc1ee5aa8274f86f69bdf6cbe4a05b22e41bcb573bafc24d81e2be7aa2d9198776b627f0440a40fb628c6b19ba79637a0a6d3bb6cc9b682df1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dfdb7f574251d342cd841750915d860f

SHA1
5e38fefa78ce95df485ed11378e570f218355762

SHA256
4a7841496637a410a541c377f50299fe5e7c732820cd55e01055019153b432c8

SHA512
5debf02092eb523d3d4bc933fc40a8e2b435970e7008e689b6317218f09560e77036c0fe7c895e52d848703554c34f9dbae3e1a83037cc01f2c8caa5276b663b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
405b22841f2917076d21d2a1d3832f9f

SHA1
466ffb915604df28b3c51964aba1880812dc171d

SHA256
4a77f74890e47b35d959544dc5febdd29c621fb0b13f00efe10ce562332911bb

SHA512
e0b380d63430e19788a67ee5aac63453b8ad7f0e62da7d10334082d45e50849dad9db74b7db5f4d9cff516a26d2c7bb6dde61090bc0ce49000aa4c20b8fca917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9eb185d496340387fd3c1f6c14b77ceb

SHA1
fea5c52729e99803e162c56ae7747e1ed443da11

SHA256
da43eed69d16c18ca5597b64a8a9835a865665e6211fde4ba688e9667f1cca9b

SHA512
c99f94c68e289f81771021928080725ea97493ee8ce18f854bd2c0074515a8e011fea31d73aee9f4739ceda228d1ffe76b0ce8986a047b6a3c200478e057909a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
803ba8a012805c1b8c4df3a265bbb996

SHA1
fea976034077c789a0e55309f5ba52bb7f7e834b

SHA256
c0c8b0d0b295db445517328e3b9d044900c32c365bb135b010c2b782df80204e

SHA512
a0978de8a00fc5c2461c41ebc4459c36a2b4f3bbe0c2514106afc40396f5b74b45ed499407638fb9031679c8ef61b0625412e132650aaee61b7cf851a7fd756f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ada570a68cdfbae9a3a8fbe0d39f2ef

SHA1
7b8e9a4cf0c3cf380806df6fd503ecae53af9287

SHA256
295b4b9d1d69f2e98d18d2bc1264b6592c603104ae403e3391c5d2b374038e87

SHA512
65491295e1cc16ddf0a7d25a29b2eb493039204fb81dcd7350b69faae65b7232e87e4d157831a81cb9167beab1436015eede47881fbff773647e625aa05ffbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ccee849de80019d2c89ee84cb3675ea7

SHA1
bb42040bd32baed4919708da5dee2fa5d0d4be31

SHA256
02f9d062db40cbd0047b459010842219dde29ec9a2a7ac789debde7cf030111f

SHA512
b97ef303fab3a23bb36a7e50b2ab2c6a848b273f94c93bc499f2b45981c8fe6edb32aa84a07d142db1b438c5dda8d350432bc2e006a629c06665237689f3400e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a298935a5fbcd1d21bf890c05313933d

SHA1
655c21f9989f02d30d7fade1195c65f362369e2d

SHA256
f9d41aa597f46025fb8ad3234de1b8f96cb6e2378de522c8a029c505fd51f0e6

SHA512
741f17642398b10b7c5c7e517cc251838323b62d4b27c70c0c8ef194281ac9cc8171859342dea4368888e6ffff13f7fd068205e2dbb255ec77c12f5382188c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
c85a3f894194050abbe30b4299cdf37b

SHA1
a8ab8c9b81ee12ccee580d21a350d9109a4e3b52

SHA256
b79e924b98f966d73248404611f7e9bb3c30340999dd18cdff7ac2c63b480baa

SHA512
6c4de7ecc51aafb03d409f5182e6acb036936c0478f577dfe6b5bbda299aadc4c2afecfa3aeadcebf9047f826996e53e47dd9dfb59a624f18f057866fa2b5075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14a3adf62193a038d89ed5b268a62a9c

SHA1
ef78f64d30956ef7fb404fab93c0b22400d0df94

SHA256
d55e006bc45032b1940e1bd7cf1b0509cebc18440e5841bda797a57ea7431e0f

SHA512
0d7b754016368a2ca92447e1023b888ae01b87db03bf927bfe4a06062ba20fbab52a48dcd613ad8afd79c24ff4059a76ac6fcd8c6cc704458e9ef2ffd7c16904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
110c9a61dfac8326c47b7ad12dd33d61

SHA1
8b09296e5cdf56ccdacd894ce58d752eece34444

SHA256
44a2d0d8b170befb89d2c57da046ad60de283530f41e65d93ffe5d932187e66d

SHA512
343c9695f7b0035df03eaa25e25fb1c7df955b05c61c77231402e58d45334aade7efff65b4258c3e7d80373ea63cf8f1011589f3851389f7a7c475af91128a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96ce40750efb03a4ba1d1e48f811caec

SHA1
7f2bb9201e59595b8a8bce8c666f4d037554a6d6

SHA256
a06c7e802d9052e2d720e93213165ef3c96706e3b713dc1af274c5dba69e5a90

SHA512
f677afe8f5b407c68ba96406531b361102d412a40ac598d54828bd22fc1f89ca3923e6382af5c100de8e93718db347ffcdfcf3067060da33a78b299c3f71864e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
302efb1ceef3873d366242faee3596fc

SHA1
6f2c0101013de51ae1ba7ed978cc4a3bea3d6f95

SHA256
4939387e798aca388547da87d7d9fd13e8858a5f4e7c5901a0a7cf860cecd479

SHA512
bfe59e45864e48b57a6e8f0fbdec1e293a42f719529001c1d02bdd93632f1257db13f8debabb776bd5692b013704bbeb9005e24e5df43530fe6d3fa6f5224827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579858.TMP

Filesize
706B

MD5
6fa3b1c89296301ed4659697f4aa7357

SHA1
dc643d84a87715dcc581afb6df79c347ab511376

SHA256
a2fc84243b8561dba32d40e1638911a634a27c7bd54099801bf92c2ac75d0c1a

SHA512
13684ab70fc0cd41f1b0b84700a407e4794bb2f8697858ded3255d77fb7a2c11f0912a382686f59fe8e27d72fb2882d254c3753eff39dbdbc5592485ab0e4256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
09440db094e5aa40b01d6761989889a2

SHA1
0ab2847e6ed104ec21d426adb5daf3a7f9818c11

SHA256
66deeba4db183772dfed8bee55aad92dd4add3a2f950dcafc990263de6b552a2

SHA512
4f0cad809888487f4370c82f8b7e581ae53af7a5125e00838575f633a3cd284f3f398f3fae352f3ba7e0a36f1dd33f7cc020c2479dd727baf0276825b16cce9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
84KB

MD5
338208e7524dd56bbb474fd5485fc9d2

SHA1
4693aefeee8b5fbfd5ba531dff6b3913b3fc733c

SHA256
d7ec042243f12f45d0db2968f17bbf52c6cbe38c38c8b8203c93a3a934061d68

SHA512
6f82226bd2a5d103c937ac45382a7ed6a6f70d7e649fa949e7c7cfe3af162e8f171d4cbcb32a9686cfa86fc7efd224aca281bd7357e83689ea2791400a441d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
b53f5aae2227e7a0098af4b88793798f

SHA1
4e82450bdd012e05a158080519a33e21492b0bbf

SHA256
8efa68fcd23c08bc97264f211b56bed953b393fe1a2d9a5c786d637b8a3e9f82

SHA512
644b8040773a1d23762f8efe841fedcac7b658a408586b9912da362e72eacade13332356f982bcae69aa96853cde44194aee9c51bbdfa424815da3ba0177b091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19KB

MD5
24b8a2fa9eddd8fd2e8c2a6857b1533e

SHA1
51837aa2b30f629215df830d0c577ce9b3b2dcfe

SHA256
9e162b5e1f41ab92ba7dd4a0e358dcebab2c2654f9fabaa0b6b917b88d4a0250

SHA512
b22259325f3d5904ceb922b331fab791feee4f3adefedc2e753905cfd5b83bf43dbe97bba503e629aef3bc2c5fdfbfbc58be8562a3dc3fbefbde64849e3a731b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
98b8030a8eeda09c413606fc46a8e527

SHA1
ad09689b557fa64a5b0b9084696a47a9ede4f727

SHA256
4b57f3b8673159804300b0532a2acaac9ea2424524ed63355efcb6053b9244f8

SHA512
e9c5c43cb3831734d40d2f03b6c911e549e1a77d2ccdc9468e47fafe2f85a46221da194129e54f40063be2a0077a9cf54aa21c615e08edb6378ff45c2cd1c299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
ec85f53760f43e76783b7a16c9bbb3c3

SHA1
db111ee4acb4a324b737f9c0d32a6dec1b579666

SHA256
e619fa2a021560b86062fd0215f9bce49fc7291ecc8981efad5ea2aa1d268c68

SHA512
f74bf30af4549381b1a2fec0771439205181e33a24f3b26aa59c6220b287525460b5904d861cc580c7d2bc651802206dae78242364d25b2773af549a2848f4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
d43d1b4592d8ef45380ece4b689ae9ed

SHA1
1dfa6f081160debb77eb29db2a96a04131b52f58

SHA256
6ea5e35fbab2d9990f8f62865db08d752c80840f3bbd2252ce84996f93e880d7

SHA512
e5d4c92086c26cb4bdd0af402812e993214a061808e4959bb5d424cdeee39276d4f27cf8774da7947654c60f6354ecca150baa3aefbcdcc805a5c9d9c0360382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
30f6eac6674351d8561340e3c5baa1dd

SHA1
9f5303523d319a41b1e0941090a5542101de4342

SHA256
956e5f321685c32b9206a03f827f83a6c7e419af1a340dfdf3ac8ad90cf4d0cd

SHA512
a985caaf613b751549b3236c964fd55ed142523a86ea2becb96e7ddaa8bbf2146e7db3b8de72abd9cb714b87c69e85ab38ec7d8267e04b50341ba6bd7e11c210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
45886e389a6ed14e389372f3a055b47d

SHA1
191f83fb45ae8ef3078d96d86865f38d07005398

SHA256
06f2d38d51c31413faa2b37bd1b12bf75e4df1e9d78661b014e7134b1f545b24

SHA512
3fe5a714f442bca31c8771cb77ae02ed13527725d65ea685739abe23002c58bfcbcd0088791de425c553ff40351438d93c825164b4711b74964d8f12ab23869b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
edb017d3ed50ee867dc2363e57ca63d8

SHA1
15a77ce2c0185ecd13a51db2af95ceb2ce10657b

SHA256
949d11592c29da1016924b81ce6166b240b6e8b106c4056d89312361561288c9

SHA512
bf7445ec6d43db6ebc05600007054565e3b65bf48e58e78ea9c29f763ad29b37d7aaa81980c8c80a8bc80c885eb10bcd317104d100fddbb20f13169b477bf1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
d22cb8682c6c279a568ed39bdc634f0f

SHA1
677360e899085b1fe7af0098575842261a6d854a

SHA256
78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0

SHA512
2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
431a7717ef9900180efa69c69a04d9c4

SHA1
3ab803dd48d39ecdea06cf102ad9482922a5f2bd

SHA256
186c61aa7c43cd87d425e4ae893674a633693bb5650755ca66e9086bdaf230b3

SHA512
22c9c3430aca38348bb4c909c1e3057b3d5b9bed381550765535a6dd4eaeed1ef120675cc7e8418852dc778c8316eb7d30d2b68b19ba4e8ed76e0c8aab420645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9280204935258ae1d74ac8a52f61e521

SHA1
e4a55f868c8151bb4ce6f47a4211499c4b2591b8

SHA256
2e55df3ae754954e730ec80c3b05d85218434f79959ffd09dadcb34dc4fbed77

SHA512
2b0325ec13dea93ad51f78e3f5f88e1b7f2289c03c4d1cb89d9949fc45d0fa414c24c19d9d42d133441ac00593413c5e803374fd0c765b1c048c411f8763f4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
572e2d14a4d022bc65420f5e72daed47

SHA1
88c1080bf6980c7a3f43abc41158c28ce339c318

SHA256
bb9d0afab0b58026dbef998f4c4afd8cccae601e356146831a62b3a5be1e83e5

SHA512
5445b7a14a6c86a6e9bba2634221be371fc059effcd9098a3280ab156437f529d04b4eab09c26538b3425c5d52ce0590836019550c4624e5a58d2e5680bace62

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 1100.crdownload

Filesize
14.3MB

MD5
167e75be8de8a818800e0c26b43aa339

SHA1
20ec66ab186b3384575c410fe7914958e0599140

SHA256
8a6215bea8008a711c57772bdec4b4fc50d526f3f92768605261fd855a26f544

SHA512
349ae918e7ac71bca4bf95bffcf8490e179353a32f7c127d9526cc4fbc9b7b0d3f6a482e79ecd0d7cca18924cfc512c1b8b54f7d68c05770a4debf9e528dbbb7

Download Submit
memory/972-1155-0x00000000061F0000-0x00000000062FA000-memory.dmp

Filesize
1.0MB

Download
memory/972-1144-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/972-1152-0x0000000074640000-0x0000000074DF0000-memory.dmp

Filesize
7.7MB

Download
memory/972-1153-0x0000000005270000-0x0000000005280000-memory.dmp

Filesize
64KB

Download
memory/972-1154-0x00000000066A0000-0x0000000006CB8000-memory.dmp

Filesize
6.1MB

Download
memory/972-1159-0x0000000006480000-0x00000000064E6000-memory.dmp

Filesize
408KB

Download
memory/972-1157-0x0000000006180000-0x00000000061BC000-memory.dmp

Filesize
240KB

Download
memory/972-1160-0x0000000006E40000-0x0000000006EB6000-memory.dmp

Filesize
472KB

Download
memory/972-1150-0x00000000050B0000-0x0000000005142000-memory.dmp

Filesize
584KB

Download
memory/972-1148-0x0000000005580000-0x0000000005B24000-memory.dmp

Filesize
5.6MB

Download
memory/972-1161-0x0000000006660000-0x000000000667E000-memory.dmp

Filesize
120KB

Download
memory/972-1162-0x0000000008520000-0x00000000086E2000-memory.dmp

Filesize
1.8MB

Download
memory/972-1156-0x0000000006120000-0x0000000006132000-memory.dmp

Filesize
72KB

Download
memory/972-1163-0x0000000008C20000-0x000000000914C000-memory.dmp

Filesize
5.2MB

Download
memory/972-1226-0x0000000074640000-0x0000000074DF0000-memory.dmp

Filesize
7.7MB

Download
memory/972-1151-0x0000000005070000-0x000000000507A000-memory.dmp

Filesize
40KB

Download
memory/972-1158-0x0000000006300000-0x000000000634C000-memory.dmp

Filesize
304KB

Download
memory/972-1247-0x0000000074640000-0x0000000074DF0000-memory.dmp

Filesize
7.7MB

Download
memory/972-1245-0x0000000005270000-0x0000000005280000-memory.dmp

Filesize
64KB

Download
memory/1852-1337-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1332-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1331-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1334-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1336-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1333-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1335-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1327-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1326-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/1852-1325-0x0000024C6A6F0000-0x0000024C6A6F1000-memory.dmp

Filesize
4KB

Download
memory/2384-1312-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/2384-1313-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/2384-1310-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/2400-1321-0x0000000002830000-0x0000000004830000-memory.dmp

Filesize
32.0MB

Download
memory/2400-1315-0x0000000005020000-0x0000000005030000-memory.dmp

Filesize
64KB

Download
memory/2400-1322-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/2400-1314-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/2400-1316-0x0000000000F70000-0x0000000000F71000-memory.dmp

Filesize
4KB

Download
memory/3252-1225-0x0000000002DB0000-0x0000000004DB0000-memory.dmp

Filesize
32.0MB

Download
memory/3252-1142-0x0000000005310000-0x0000000005311000-memory.dmp

Filesize
4KB

Download
memory/3252-1138-0x00000000009B0000-0x0000000000A0C000-memory.dmp

Filesize
368KB

Download
memory/3252-1139-0x0000000074640000-0x0000000074DF0000-memory.dmp

Filesize
7.7MB

Download
memory/3252-1149-0x0000000002DB0000-0x0000000004DB0000-memory.dmp

Filesize
32.0MB

Download
memory/3252-1147-0x0000000074640000-0x0000000074DF0000-memory.dmp

Filesize
7.7MB

Download
memory/3252-1140-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/3320-1323-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/3320-1324-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/3916-1302-0x00000000051D0000-0x00000000051D1000-memory.dmp

Filesize
4KB

Download
memory/3916-1301-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/3916-1308-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/3916-1304-0x0000000005270000-0x0000000005280000-memory.dmp

Filesize
64KB

Download
memory/3916-1309-0x0000000002CE0000-0x0000000004CE0000-memory.dmp

Filesize
32.0MB

Download
memory/3916-1311-0x0000000002CE0000-0x0000000004CE0000-memory.dmp

Filesize
32.0MB

Download
memory/4848-1347-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

Filesize
64KB

Download
memory/4848-1349-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/4848-1348-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/5040-1342-0x00000000057C0000-0x00000000057D0000-memory.dmp

Filesize
64KB

Download
memory/5040-1346-0x0000000003240000-0x0000000005240000-memory.dmp

Filesize
32.0MB

Download
memory/5040-1345-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/5040-1339-0x00000000746E0000-0x0000000074E90000-memory.dmp

Filesize
7.7MB

Download
memory/5040-1341-0x0000000003210000-0x0000000003211000-memory.dmp

Filesize
4KB

Download
memory/5040-1350-0x0000000003240000-0x0000000005240000-memory.dmp

Filesize
32.0MB

Download