Analysis Overview
SHA256
28fd7c5f8ab145889653beee671957a07696794f4b0ac7343d5c25e43f66042b
Threat Level: Known bad
The file AIO checker 2024.exe was found to be: Known bad.
Malicious Activity Summary
UAC bypass
DcRat
DCRat payload
Loads dropped DLL
Drops startup file
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Checks whether UAC is enabled
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 12:01
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 12:01
Reported
2024-06-02 12:06
Platform
win7-20240215-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
DcRat
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system32.exe | C:\Users\Admin\AppData\Roaming\ms_tool.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system32.exe | C:\Users\Admin\AppData\Roaming\ms_tool.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_tool.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe
"C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe"
C:\Users\Admin\AppData\Roaming\ms_tool.exe
"C:\Users\Admin\AppData\Roaming\ms_tool.exe"
C:\Users\Admin\AppData\Roaming\ms_updater.exe
"C:\Users\Admin\AppData\Roaming\ms_updater.exe"
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmzgeEglwU.bat" "
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 355212cm.nyashnyash.top | udp |
| US | 104.21.3.45:80 | 355212cm.nyashnyash.top | tcp |
| US | 104.21.3.45:80 | 355212cm.nyashnyash.top | tcp |
Files
memory/2208-4-0x0000000000070000-0x0000000000071000-memory.dmp
memory/2208-5-0x00000000012D0000-0x0000000002733000-memory.dmp
memory/2208-9-0x00000000012D0000-0x0000000002733000-memory.dmp
memory/2208-8-0x0000000001483000-0x0000000001A8E000-memory.dmp
memory/2208-2-0x0000000000070000-0x0000000000071000-memory.dmp
memory/2208-0-0x0000000000070000-0x0000000000071000-memory.dmp
memory/2208-10-0x00000000012D0000-0x0000000002733000-memory.dmp
C:\Users\Admin\AppData\Roaming\ms_tool.exe
| MD5 | f8701952b62a7e52652271a20b824128 |
| SHA1 | 82292b1cd54afa277116b42f4b1c43c8933478f0 |
| SHA256 | 5b0b886143ffe9f5c5750c9b171656783668b655e559ea95d002a265586e3413 |
| SHA512 | 5acde46db767cf11ea5183007542fd67e1512ccfbcc37efdec685e2db369840a767981b0996dbace0f40602ada0a5c0aed39019ce06590151cd59f0dfa5d68e5 |
\Users\Admin\AppData\Roaming\ms_updater.exe
| MD5 | a60d266939450562f1db04d3378e730c |
| SHA1 | af0177186223694a87333307d05f634de0415d7f |
| SHA256 | 0f9aec1487ae1456ef99fb0e7ed49ccf3d76fb642efaa95c7551298bec2b860b |
| SHA512 | 0ca1b23dc1e83df78f95972e72b2342ffb5cbc195388e9011d24fb85b7dabe74605a9860e68bd70818ff475ee9a880d1f137036b41030b0bebb16c7823704b44 |
memory/2252-26-0x0000000000910000-0x0000000000918000-memory.dmp
memory/1116-27-0x0000000000F70000-0x00000000010EA000-memory.dmp
memory/2208-28-0x00000000012D0000-0x0000000002733000-memory.dmp
memory/2208-30-0x0000000001483000-0x0000000001A8E000-memory.dmp
memory/1116-31-0x0000000000390000-0x00000000003AC000-memory.dmp
memory/1116-33-0x0000000000180000-0x0000000000190000-memory.dmp
memory/1116-32-0x00000000003B0000-0x00000000003C6000-memory.dmp
memory/1116-34-0x00000000003D0000-0x00000000003DA000-memory.dmp
memory/1116-35-0x0000000000560000-0x000000000056C000-memory.dmp
memory/1116-37-0x0000000000580000-0x000000000058E000-memory.dmp
memory/1116-38-0x00000000005A0000-0x00000000005AC000-memory.dmp
memory/1116-36-0x0000000000570000-0x000000000057C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zmzgeEglwU.bat
| MD5 | ee79c3ac3beaa8a040e386a284baa5a8 |
| SHA1 | 3a6618a7056291cd843018d8d244cec901f09003 |
| SHA256 | 60b93dbd8226fead00f188c5e95fb8faf115a28706cdb504c6a5ca0ff785e823 |
| SHA512 | b2ecf17d8e812f271b2c13467607f2da22e3586ddb57f832fb7e6faa96f67445f2112f0cc3dc31abdecbb2541d1e74b9ea27bf4a4d5a3299ce63e63b20cde669 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 12:01
Reported
2024-06-02 12:06
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
151s
Command Line
Signatures
DcRat
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system32.exe | C:\Users\Admin\AppData\Roaming\ms_tool.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system32.exe | C:\Users\Admin\AppData\Roaming\ms_tool.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_tool.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{0C629130-45D5-40D5-8286-A6F817B75D95} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\helppane.exe | N/A |
| N/A | N/A | C:\Windows\helppane.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Roaming\ms_updater.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe
"C:\Users\Admin\AppData\Local\Temp\AIO checker 2024.exe"
C:\Users\Admin\AppData\Roaming\ms_tool.exe
"C:\Users\Admin\AppData\Roaming\ms_tool.exe"
C:\Users\Admin\AppData\Roaming\ms_updater.exe
"C:\Users\Admin\AppData\Roaming\ms_updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqgYfIt5MQ.bat" "
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc31e346f8,0x7ffc31e34708,0x7ffc31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8294503006901686509,3278215320148441772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc31e346f8,0x7ffc31e34708,0x7ffc31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1743907347426986090,7779984979887935693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 355212cm.nyashnyash.top | udp |
| US | 104.21.3.45:80 | 355212cm.nyashnyash.top | tcp |
| US | 104.21.3.45:80 | 355212cm.nyashnyash.top | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 112.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
Files
memory/4116-2-0x0000000001163000-0x000000000176E000-memory.dmp
memory/4116-0-0x0000000002810000-0x0000000002811000-memory.dmp
memory/4116-1-0x0000000000FB0000-0x0000000002413000-memory.dmp
memory/4116-5-0x0000000000FB0000-0x0000000002413000-memory.dmp
C:\Users\Admin\AppData\Roaming\ms_tool.exe
| MD5 | f8701952b62a7e52652271a20b824128 |
| SHA1 | 82292b1cd54afa277116b42f4b1c43c8933478f0 |
| SHA256 | 5b0b886143ffe9f5c5750c9b171656783668b655e559ea95d002a265586e3413 |
| SHA512 | 5acde46db767cf11ea5183007542fd67e1512ccfbcc37efdec685e2db369840a767981b0996dbace0f40602ada0a5c0aed39019ce06590151cd59f0dfa5d68e5 |
C:\Users\Admin\AppData\Roaming\ms_updater.exe
| MD5 | a60d266939450562f1db04d3378e730c |
| SHA1 | af0177186223694a87333307d05f634de0415d7f |
| SHA256 | 0f9aec1487ae1456ef99fb0e7ed49ccf3d76fb642efaa95c7551298bec2b860b |
| SHA512 | 0ca1b23dc1e83df78f95972e72b2342ffb5cbc195388e9011d24fb85b7dabe74605a9860e68bd70818ff475ee9a880d1f137036b41030b0bebb16c7823704b44 |
memory/3392-29-0x000001F9A62C0000-0x000001F9A62C8000-memory.dmp
memory/3860-31-0x00000000005F0000-0x000000000076A000-memory.dmp
memory/3392-25-0x00007FFC36343000-0x00007FFC36345000-memory.dmp
memory/4116-33-0x0000000000FB0000-0x0000000002413000-memory.dmp
memory/3860-32-0x00007FFC36340000-0x00007FFC36E01000-memory.dmp
memory/4116-34-0x0000000001163000-0x000000000176E000-memory.dmp
memory/3860-35-0x000000001B280000-0x000000001B29C000-memory.dmp
memory/3860-38-0x0000000002830000-0x0000000002840000-memory.dmp
memory/3860-39-0x000000001B2C0000-0x000000001B2CA000-memory.dmp
memory/3860-40-0x000000001B2D0000-0x000000001B2DC000-memory.dmp
memory/3860-37-0x000000001B2A0000-0x000000001B2B6000-memory.dmp
memory/3860-36-0x000000001B920000-0x000000001B970000-memory.dmp
memory/3860-41-0x000000001B2E0000-0x000000001B2EC000-memory.dmp
memory/3860-43-0x000000001B300000-0x000000001B30C000-memory.dmp
memory/3860-42-0x000000001B2F0000-0x000000001B2FE000-memory.dmp
memory/3860-89-0x00007FFC36340000-0x00007FFC36E01000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KqgYfIt5MQ.bat
| MD5 | 879c03b847dd7446b5a70dbc043ca3c1 |
| SHA1 | b73bd5710e91e0ff7b7e720cacafd511facff832 |
| SHA256 | c0e5c1efdf3759b1be299a22b06b50fffca882cffee25747a22600e260f83290 |
| SHA512 | 11f51b445589df1288a252f45e64aaf1b1c3cb8716bd6b3939256952027aa2f3b94b66148e30c3ff6c293932dc26f83d92892d90ea16588f85fff24df777d351 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_372_JXGVMFRCICTQTPVA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e84a55cfb614d2e7490b3981295e0192 |
| SHA1 | 49329d2b3ca36374a505f9b64682c3d4c62d7def |
| SHA256 | 2ef980f6aa3c5c45af5e7c250f83a9ffb2bb41e236cd9e93dd1274a1dc7670b9 |
| SHA512 | 27b855c6f8e8e15cbd05085fc0af20679252739a659ea932e536d6e933dfe2016f56080130e00ee73c01d973735f915bcd31f6580e59d1a635014426d341be25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e12c45a58a53b75da06a913630f9450b |
| SHA1 | 8253747112dec130aa3d14fa34f340d59d9f1639 |
| SHA256 | 8f92c4d9859cd626324366b1d3e2ca89001232986e9890fc9d4da200d414bf96 |
| SHA512 | 38f98c8439dee68a3817bc01ff024bf3a5b680c33c5a80988d403374d1451f4974af3cd231a28044cc3a067cff42c96db83dac9b1e70ffc0973a9d9b3ad3b55a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5901d6f5a0d081df9047a52d5d078e00 |
| SHA1 | d6c9338fb1c51e29e019cb76ffd4c12d066573f9 |
| SHA256 | 671797aa1a153948437ba42a33643826d2202db4449d57a8176600da5f51b638 |
| SHA512 | 9a10afa002e2b25e1cf9d5e99cbf9400a914980cc3e1eb584721fc02509141b370c58d5679a1d3e925595b824e325d9b731762ba98dc3e11e0986fc01fb2b53f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed1475bac3c94b327b8d29d6dff45b7d |
| SHA1 | 927a916cf6f299d0855f00bc5f92376329baec24 |
| SHA256 | 1f737cc27c547301d99b5f7f58aac5b65a49c84516b9aa60666447bf2e5856ca |
| SHA512 | 43117f18a0adbae1256321ad06588b2f6588e13135b74590bae757827ef1e0e80884d134253e67aa8c202df9ff6c9c349a3cb237d30ed0e8d4406ebc4d5406b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0c2e258e4f9d769b353bb8953b93d3ca |
| SHA1 | 34d7000d955379f72e12759513575ecdf610a149 |
| SHA256 | b654ea68d6ca7744a5aec1718f4a588e3aca3367b5ee158699ea522a44566b1b |
| SHA512 | a5b6a455b9f9c81e8eb229a977e3dbe4a84fcf81921c1fac0080c0e208e1783e0186152307caf65bf36db976faec608f10ada8a1b18387637118d2ac7db973d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ddb853b7697db9541edca96c613ee2e7 |
| SHA1 | ff55b9e47b5163c3b85ece139f96f3f94979ed54 |
| SHA256 | 1c84bcb67ccef5e0d47438167b7b40b8b2fa5f0d75997b847e960a73d529f428 |
| SHA512 | fecf84da84b86e1d544f1b019c9696aa9ab97bc1e2a5002d1f71b3b22871cc4651b8a2c5339388015237aabb06fa801be1d13a3ca0ce171e0cb99b9826925bcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | c5a39786ff1590f7ba18e46c9203d70c |
| SHA1 | 770de33104281b15b42c089b95c2fe9244344367 |
| SHA256 | 5b615137500fc9b3372c1d8f22b1fc42db52569d02af5c5beb954e32013c4f5d |
| SHA512 | 88469e769495ce11c4443aac922b2b4d38ee015470132bdcbfd42937057b2f9183724748dfbf6b4a3446568532cd130ecf61d1fe9edc08156c75766f8896a680 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | bef9ec365b438199b81c02fbbfc99372 |
| SHA1 | bc541acade345e4d4d4ebcaeb78fb6fd7f8999dc |
| SHA256 | f169968530197b3e741d1e17e1a9739a56dff9f7b84bbe58ebb12333796b9b73 |
| SHA512 | 0a90db619a74b44e02e094528a8de715391078d326a561da89d6db661bbe97a5b037e5e66193f632417c4415d7c0eb643a1dbccb8a1d96028b768daa9cf3b882 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361803508593481
| MD5 | 90a23332f83b0f6561b962c5b7ef746e |
| SHA1 | 2859669a947ceb71337eba3dd0c45a2cf72dce76 |
| SHA256 | 039604e5cb5595d26e0e92f4bc6ab2e72e7962cfa30fb7056654ad335bf531ef |
| SHA512 | 90fe7e584abc14c057d573bb95ca3af09cc9c0e17e0930a3472494a9756cfe848681ee95dba4897be4cc676eae3050683f4c472f582ec12ed54cb6850f9494d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 8e0714ce3393597884b2848f176268f5 |
| SHA1 | c3e0fda89261f73329031fdb007d236c5d10c066 |
| SHA256 | 214a2e14b73687063882a13f8d536cd6210266e1b37c27adf61676705ae813bc |
| SHA512 | 8226773bcf057065a91540b6a93d92a10539cbc906fb83b3c616e193938c0451820fdffa45df28c105b5430c63fa86c49f614d9f5d2ac5be4432e226ef34f40b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | b5b2d3d8463ccbcb296518f9e8c3662f |
| SHA1 | 93cbab2dc0bc5fe573376c31a05e941e4de2c446 |
| SHA256 | 6510cea5e87cff10548fbe53172e2bd9d0bfceb42e283a1e045a204a0879445e |
| SHA512 | f1565a9e81fd0fe792a8d7bf211e34c693cbb655e603c335bc570c53b0219f66934db2109cd595fe4dfb99c5a0b65b939aaf740054520ae3a089afa2aa1f722f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fc403bc54f7521ef762822e0571ec3ec |
| SHA1 | fcf5916855a7cc0139d8e13488e43971a4f9f196 |
| SHA256 | dfb36ea693437ce5abfe919842003ec2fafde1e61b5c8d4c51423bce4b839392 |
| SHA512 | 0427e479e9026f215e4a77b389b6951743f1cd2e0c45cf7d0947857ff1f060e9eb6f66a4e687b00d54b5c1a390a53776456dac173414650cefadd527bc8fc7f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | bd3683ccbb9dd8d9c843e6060a401829 |
| SHA1 | 5091a347c8b05e5042209810c35f9170d9df2b07 |
| SHA256 | 40ce0d6991586c7acf5047287b57e467efb4299cb4f7c2d6dcdde25e17c5e32e |
| SHA512 | a816b38e15874263c9f422cb44eecb3fc0a14c08366873058a290ac1ca1dba28fc5b85f1a43b574c8d37ff40c9cf921eaf0cc657e02836a9e0e81e9ffc9702e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | ff940e197f604059e208acfea2676e82 |
| SHA1 | 40e994e9a098c4e9ada882a7e3e7287e49302a54 |
| SHA256 | 3b61a71ca173e56cc703ebbfb4af87c8a3e69c6f46a04485ed4c343ee609ee22 |
| SHA512 | 718ccca4ff958adffabc492a43480f35a73c1b7bcd5d88eea0db35c3156bc4a81e725359027f1fe906f72fab8cf2d62fb4fbb0407445a6c6d1de54584e22b9ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 73c678ab56429e735c252517adc46bbf |
| SHA1 | 0e71de1d69fee8570425791107f629da07b1b9df |
| SHA256 | 9b10bb609792d463558e6b7ce4aee9e02b18b4533254f172c0ec6661af50157f |
| SHA512 | 66cf48dd4d52c4146e7e5d8dfe0e1b50da6eca5d29fa08ede92e047accad937bbbe755456b65f82300d23997563bb6500a53b8f2990dede591e2171f2bb198ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 06f658d0a65f9f9d9fe56066de889ac6 |
| SHA1 | 9fe94db8379629feeaf274571aec35714289686e |
| SHA256 | 065cd1487db05ab0ff0e4e99c3477fdf1c27457781f7425e55aa454fbb488374 |
| SHA512 | 62779d1818718ec0598b866c15afa60c48f981f2010dfb4df46c6a58ca08cfdb6e50446e90c77bc6700aff39b1b38c22b2631461f90fa8d10d6fc921ec73561b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | f4f790dc210d57df4d46b5ccb1fe5dac |
| SHA1 | b3043d61c23c0c1a63febc9ae71ea207b27cb9f5 |
| SHA256 | 93dc3f403758a5755d0fcef8b3c52086ab26538847ea29c3f23faa5c69bbb4c6 |
| SHA512 | 439e7e23451d79bddd1b1bd4b3de22917ef3fccc7e56cf419c885c3a222f51baaa09e5b8c1a04b4f0785924d843f1f3bf90b47a3fb1d3018d1597e8c40422644 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | b1235bb504a4caa78ac7e3b004d78cce |
| SHA1 | 8c77075da5d266900813ac09a58a493f94120407 |
| SHA256 | fc3193b1fde36c3ca751c400a883508501201ea8361512b9d54ac5cacf6014e4 |
| SHA512 | 66bc2443b8c26da6530adcd45b9862122fe5c749117c26e4bd9a088503698aded7d9b9c4120124577f2de40642aa9bc263df6c6c49db4f844600dee6b77dc0c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | a48763b50473dbd0a0922258703d673e |
| SHA1 | 5a3572629bcdf5586d79823b6ddbf3d9736aa251 |
| SHA256 | 9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd |
| SHA512 | 536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | ae63ac3a92ab1f9a5d0a29b509e90932 |
| SHA1 | 21a8b2729fd054784a781260d97b619fccb4fcfd |
| SHA256 | 2b6363a0752d0fc49bdf3239359576d3645b7a55aaab61d4d1ef6dcb48c0cce3 |
| SHA512 | 1d63372ed53b49de4c720c0499a7ecbb459bd869b2b5d6bba6077bd754c194afddb23686f6b344c30e040d9dd2e655953a6786ddcc65a020dfedf7586bdbe44c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 094e8c5488ae004852cbf94448d0236f |
| SHA1 | 8171ccbaf4c09ab3be136d49033bec8a2b16b5d8 |
| SHA256 | fd93a67b28944780c56ed145619d5ca349f42411096a648cd7d9fa3722e2a4f9 |
| SHA512 | f6ce7498bf305ed9875feb56716d0b9c955cc9687c5ec9c94d978e7c5ce206107513fb0dae964d3150dd3365dad8023cbd177f17fdeca9e34147a7192b8fe1d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | a2afffe48f877b1c872bf8076de4bd00 |
| SHA1 | 882095dddbef5a3962c4db4d8d0317e2a68b2f7c |
| SHA256 | 5af34bd24ce1bea419e56ef23bb0bc6ba0eea2e523e68659e444ae59dc5173b5 |
| SHA512 | 1f0464335c11d0dc312b811416056fdf17f5129371ae5282469f72363ef683eac58cf3f88cd36becbb119a26f5c8afe9dbbebff690cc8d9d714daeb4e19dbf15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 1e4185d150664bc81dc2946e84878ec5 |
| SHA1 | aacaf19d90e73fa349641b39d86cc006e1f62571 |
| SHA256 | eb347f2893efc5e03d937ca2fd87afeea54b185cea67b82e9a3474a1b485b070 |
| SHA512 | be1c98ad24bdb78a7e7e225c2cc4d12dd7ff44468947c1e64f59f41f255d774fab9214598426fa5a14d58ad6a1dc1540bc42e990d6f7a4f59b8db08a4e659624 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 2604f356737cb5bd2f13ee2a78d230c6 |
| SHA1 | adb979878bad0ef5b09106ed4c8dd01dc7b07523 |
| SHA256 | b8cbdd779c7421b4caa4a2ad55c815ac4ba4ef008b412c588422639c24a6717b |
| SHA512 | 079d659a9a0f690ff575a0fa569e98c8543ccd5021f9b17647a27c736b88c7124948b75bdfe802cf4ef7165cac3f7fff7540e5e640af31081a7f336f4ab21299 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 4eb89fb860ca9f9b0a221a401d275b48 |
| SHA1 | 8d798154dc8c0edd2a90c6d78bfbfff2721a7567 |
| SHA256 | f57c17a470a6597832d7ed591a0d038875968174c1b8db91ed2a603a8b8a6b38 |
| SHA512 | a01a4350aad6a16d878637bb703b85e4a2ab34eaeb1f2f226f21b8475336e01a5004e6142afc56e6a6f78299150b21db36a88620dcd44954c91e843760779239 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c3e8b62b2f892253a4d6c4e2ef421dfd |
| SHA1 | 5e6a301c56e403e05124db954d6d49e8c9211ae5 |
| SHA256 | c270b18527d1aa5fc2f79ab793360c00c3d909f320b0852c33ad5d23c02124a4 |
| SHA512 | 7f5816934a275054cd4d23675ac07574d486525d99444b5657c7a70ac3a4ef7fde4f5c67add122f319213afecb6d2181d10e703abdeaf73495a0f5d556ff587a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98c0bf5b97463f140ec186a58eb20ced |
| SHA1 | 969e78b037618475f48c9093313de6a6bbe6b53b |
| SHA256 | f43ed5033c1b75512dffe5caaeb02ccdf6a53d6acdde1420d72b7f54108ea977 |
| SHA512 | 3385c3ea531a2d43a3a5abe699a02633747d995f3b1b4a08446b197fae7d5ff3373e79abec21aa02b9cd0838ed09e8414a66939beea33ce05dd10702a829063a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a62d3a19ae8455b16223d3ead5300936 |
| SHA1 | c0c3083c7f5f7a6b41f440244a8226f96b300343 |
| SHA256 | c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e |
| SHA512 | f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 4dd01eef021bb40623385831166fef66 |
| SHA1 | b9627e9826458270d138b0bd47b2c1653f64f75f |
| SHA256 | ff246c05d2b414e82a9d5fbb76047befe27b142c7f0647a8a7c6fda57401a436 |
| SHA512 | 885ccd3d11f1af4459a4b14d44e27c611b22813c7fb52f268039ad7dba34bb5d29442e48cc496ad25a14bc05c71fd1dd0c0cd65187554ad40cdefc691afa6b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 617ec86c207990856dc073262b6103ed |
| SHA1 | c65b3a05d27e1997d62e4fa5cd0ba94817f4e98a |
| SHA256 | 6bd1711d96ab8676fc0947da0326417ee435e72927adcaa0220a243adb8a5927 |
| SHA512 | a0c8f14a4ea50b9acebf70edbabd4fa10d3a4e76ebf7e0be8fc036815ae865376be85c4bc7771227d5ed98666aece0c0ab3553108581bd710c2d9e39f43f7a95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | dd7d93276af9c7d3e3488572ce67e1cf |
| SHA1 | cd57dbb5fadf9ce4b87598487cbec014489ef3c7 |
| SHA256 | db784b2aae8537f745524a324d58235315cd0d6f44dfe55fa692b73c8e9a9a6c |
| SHA512 | 97bd0568e57c658eb42db17696b96c2b1be2e3d084465e8236c04cd1280b98614ed3ecee16e2d31ee2d797167697db5b2efffcd71b87a681705227eac403410d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 5fca1ffb1d811e3a73bbafe3313da5b9 |
| SHA1 | 4f8934e8cc2910b4366b8d974229fd794cf2d574 |
| SHA256 | cde3d21ff6c9d954349f85dbe89e76f3efa8ddf648c25489ced3e7bcba7205f7 |
| SHA512 | c8ab0095b45d603f282611b301107fee6131f7f15d8051656b098e7c521df9b08e08b303d00864abb96c43ec31dbad84e44b4653e8471f255829b750554532e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005
| MD5 | 91ab23fa2e12e0c6d2a675362b67e5fd |
| SHA1 | 5524848dbb7e284897348477f454d403424c805b |
| SHA256 | 262cf8dbd67d0bdf8f741373de854f92c0f70c383fc4c35cd191b0d512cfbd0c |
| SHA512 | 9ecd103f6afc185cbdc89afe7fec569f8a9cc5114c91f4fb44746ef1945b6d84bfeff7f53b28312390b5f9e7ce848c82d06924d8cb8acc3e828ae501805261de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
| MD5 | b479d0c6f429d3a13c00847dbc56fa40 |
| SHA1 | 3e6005d70416a55e730394855c4d97f6fca7f69f |
| SHA256 | 479d3fa5b002c4f2271ecaa7d5f475e6f2ff65e713ae6172800c60252d0db8fb |
| SHA512 | fb59a26d276a92a0513cc199e87d5bc8eef6b65f89f5e864ccbf2e5513efaa1bef362c76c1cbf923a5d96be2f3531dbf8bc58628ab1f97e5a751bd0c124848c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | f5515436a4be224bf48a15473ac65134 |
| SHA1 | 71982f82655ebac55d6d639405dcbbb0cdaad921 |
| SHA256 | f35a6f327fb99b2cabce3d11777e045943f1dc03d58251f9801cb29faa1225e2 |
| SHA512 | e2c6af63fa2a20711745de0cbd671751acc87267a1e8534e8bef1ed81cff941f12c463167625b02e467e0766605b2c7365594cc497f3b3744cc1ee032d8ed963 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
| MD5 | 4905fb3bbe0f03694333850029026ab1 |
| SHA1 | efaf8d508bd483145f8aa93b7be0d6400a8d45eb |
| SHA256 | e2fe949f1a0cb212a9b6b0cc73ac72fdda5b21b6b21d75d355f3ae8bcb407e9e |
| SHA512 | 6377d4eb4ce1ce99f32a6a18f089e0c2bce230fa98ad5855b08d60757defe1fe7aaef59f515e16310875ef0b17faaa2e7aa2a168e0526808f82b8305370b60e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 2970f91a2131c8ea581a746d3aeb52e9 |
| SHA1 | 0ccf977d08808e3d73aec0240ef5f9af6a52fb14 |
| SHA256 | 7251c74c77db5045d87a7ccd9ff613bf0da824b9da2a173378a5ac6100562134 |
| SHA512 | 4d6a8fdae5b29e4b72bf023c86793037b0c6a237aae901b5ad4f25812896f569850f4bf73dacc10747f61a23225de8a6b62bafe31eb8c214f7cb0ad9fd04cd6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006
| MD5 | d22cb8682c6c279a568ed39bdc634f0f |
| SHA1 | 677360e899085b1fe7af0098575842261a6d854a |
| SHA256 | 78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0 |
| SHA512 | 2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007
| MD5 | 507e84952813ee5c7b57489b277d2082 |
| SHA1 | 3bc9052a4b23bbce030f8f9f48646461fa88c106 |
| SHA256 | 0b7d5c2bd00d3eea03c36a6b1c072a307debfe892010c78c11cea5138d8eba07 |
| SHA512 | 6ee8e67f81fda20d1a0aaabd9fde522981589210e4569476c23aa973b12ea16348041b7166efbded04cf71dbaf76e7284fe5b72db715d8cd77e43abec8b8ac06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 9e13d629d959fec51d437a00e92e0848 |
| SHA1 | 02a712cac26804f0cb51d14e3fd96e4f7a881c22 |
| SHA256 | b12709ded8d10a0096220e0800c91d47e04803804b4fe4438392876d1dbd8137 |
| SHA512 | 40bb712b5124a0d8a1d9d1afe846c00945975887a66fb7c11c808a047d719c9cad1c034bf1613906c907f5c840cebdaf77a004bbf8883c37bcafb513a5956191 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | de03dd5a40ddb078e6387e118134b88e |
| SHA1 | 97c940fe275a48b56e3329ea9e56432e99c80ed7 |
| SHA256 | 002a437e97ecd19fdddd8d44ac2e21ea07bfacb28c40a5c147708a0b61f086a8 |
| SHA512 | 7d3f704ec66cdf1c5406d43703ed4a773fcd35a00053e9f759da1f44e4b10bffa007176c096ce839f2845fe9e1fa27569e1b8244801663542ff7672a50708c61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 74e37750d46e5aa6a9583c46842fd72d |
| SHA1 | 744022d3ec87466c6cc04982777c1a72218b8627 |
| SHA256 | 35f50efeee3ddfb13075c2b35293128ce66481977103b41a1e43f67725d8e64e |
| SHA512 | e7b6d4a26531d67b8a7415a7f883777c0dd0e5acb6a5879161afd2beb5328d50eaa30c5af1bdd95214f81cbf23fe27b765cec345ceeee6ecff381eaa42d06886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | a3f4d53fc9631ea23ebec2d36e7dcc65 |
| SHA1 | 124e3233cc724ebe896356911def8cf12b7b975c |
| SHA256 | 318491004253c396c418a77dafb13c20e265b732f0f427b573c2045ed59071a5 |
| SHA512 | cb51c00e02c8bf6fb8f9b072ad7e20efd870aa5544911509a96a47b999180c9beeed52c664cbcf7600f6e764889bfd4a4db58a5b4f704c92b3596daf24a1d77f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 1a5485adf7f0a5bd395198952854315f |
| SHA1 | a92178ecd4d37618134cad32e97e825042cf4907 |
| SHA256 | e751b9e40a18d6bc4659a954f79873b8c3716c5419c8360aa320ac95507dc214 |
| SHA512 | 31b232e28ed83d5e589328aebc99133ea5b572c45141ff3611fe6531e8f252585cd67f2188ac5858a1640d7c34db4e4205318f7ebaf3cb19447f771e9049f37d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4d2cdfff5f83430_0
| MD5 | 6a5c0c4cc94fe6dfd7c46eb7b43e6689 |
| SHA1 | 9e2d7be4a03aaea848f36be86fc11a7b86743ef5 |
| SHA256 | 178b75ce4061808b631fbbf4da3f55b01a54a561b50dc02acb6a58fdc843807a |
| SHA512 | a3a67220574d36b7f39b78c1196a62968b0f4839bad7ff82076d54f441e43f34904cfbbf7337676b9945e5029df25cbd84aa03324f35addb380e8f5864498322 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 5daa4ea518f05f1b174e7cfc5f4ce161 |
| SHA1 | 87414a8565b2863c519c27ec5e8dc3ca37336545 |
| SHA256 | bf961bd22239c8db046cceb1be178353f481888c4f4cade9b464735758468269 |
| SHA512 | d5a8563f3c377cdcfa2218edd19d23ad3997b832573f92c0633e09d8d2aad1d8c625576f46a4a5bf6a63fe945472fb7f4264504f18545bdb75dc08d6a8a852cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | aac57f6f587f163486628b8860aa3637 |
| SHA1 | b1b51e14672caae2361f0e2c54b72d1107cfce54 |
| SHA256 | 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486 |
| SHA512 | 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 969a5697b3bf3d85fbb9262c9fd274a1 |
| SHA1 | 1fe3228677f67b2ce828cc7bf1e67e4ac538e90d |
| SHA256 | ab65490aa4253ea53a6121285baca3f02d9a1a08ba6363d9527add16ded0f77a |
| SHA512 | 6415701d2781109b060ce1d9f9c16fb90901eb4412a48af6fd552b78185609e93e7b62737e281d9bc0c0d759c3896e3946c71fa434af7b6a17ad5fe1974d9775 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a452e069c43cde8adc717f9885a5f7f3 |
| SHA1 | 523bf8387d16f739270f721652e9a7ae52fab657 |
| SHA256 | c460a38c7336c8b449f4fb79afb44e4b55a264e89ef0704e5a1b01ea9f90b2ae |
| SHA512 | 0deded592ce0ea40d87120a79baac00aeeb856db8967ffd74c7ceca0ab9b0605238eb2e0fd987911ac210da1ee51d29c44afef800f3ee39845e5defe0c4f16cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ad1e2644c0a9cfb917406d01cbe94a0 |
| SHA1 | 3bb6baecbce7f14ff1b0b275d6e4995e58294258 |
| SHA256 | 8cc22089295edd6bd8fb997e4803b3a172e964c67887fbb9320b954518f9f751 |
| SHA512 | 0b5516ecfbf97c0308e3968215a70c67600c73b8314f5e58b239a9df00d0f904f6cfa61d38ed6fee41e0899586277b93cd7ad3be74f5b81b9cbbc710843f6fe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2d9efb3f0d4f7a39c57c220a81b54905 |
| SHA1 | c70aad152ef349e4fc8cfd400824d55f3fe427a9 |
| SHA256 | 732f2d8fbc2748e13d0b4f470249a5fc1a74807d9d82f8efb255034da95a2dac |
| SHA512 | bc55d2f3ab615d90d0a4de2403c9ad2915181b1ac44b8831e7cd121a3a96a974d0591107dab904b09fd9516e073db2d62a0a308007d6e1b217ff25d9cc2628f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a9d43e856eddcd700d7029335009115c |
| SHA1 | 4c0cd8ab4f534e3edb40520bec2f55dfb96df16d |
| SHA256 | 779359a50b8d1db7616b816a441746a21ea93a8c0defa95010970189c6bdd58a |
| SHA512 | 071430af35e6829d06b37357ef3aea4d93195cab6f80faed332180653c54ed73009c3fea151f906f9a8f7e966d199fdb4029d8988358e18a4290af648af180dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 707a5d65ff297f686dad535680535ac3 |
| SHA1 | d8874ae927a7986a2d2c4850bd576c696bd8e372 |
| SHA256 | dc4dca96e7286b197a97c14cdd3ca6e8900c1b3c7a2cf5b4d87b7d4eee68dc9e |
| SHA512 | abe6bd7d3a0be318467ab23bb885cf3f58ede6392f299fa349f4fd03766fa17002adfae8c7931309d9b9d3c6a72d14349f5ef9ea357983aaf510fbe482feb242 |