hxxps://download2393[.]mediafire[.]com/c8z3e6tg6ongDEmi2me2dApvjn2pbPkKrrrW2-jjMkE8vbVj96TuSIhEmZIhys_XTZB-juGND6GMEJm-K70RY2woFYBiIe7vMcuTj9jZxSWkTM5aOdUknTXKwrRdkhL064535kCnmclrDrW_c9UdIRq8PLUy7Uw7Yn_2xYL28Vg/l4m1isa4bzld67d/TopazVideoAI5[.]1[.]4x64[.]7z

Analysis

max time kernel
104s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
07-07-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download2393.mediafire.com/c8z3e6tg6ongDEmi2me2dApvjn2pbPkKrrrW2-jjMkE8vbVj96TuSIhEmZIhys_XTZB-juGND6GMEJm-K70RY2woFYBiIe7vMcuTj9jZxSWkTM5aOdUknTXKwrRdkhL064535kCnmclrDrW_c9UdIRq8PLUy7Uw7Yn_2xYL28Vg/l4m1isa4bzld67d/TopazVideoAI5.1.4x64.7z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
4812	msedge.exe
4812	msedge.exe
424	msedge.exe
424	msedge.exe
3996	identity_helper.exe
3996	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 2788	4812	msedge.exe	78
PID 4812 wrote to memory of 2788	4812	msedge.exe	78
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 812	4812	msedge.exe	79
PID 4812 wrote to memory of 1480	4812	msedge.exe	80
PID 4812 wrote to memory of 1480	4812	msedge.exe	80
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81
PID 4812 wrote to memory of 2820	4812	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2393.mediafire.com/c8z3e6tg6ongDEmi2me2dApvjn2pbPkKrrrW2-jjMkE8vbVj96TuSIhEmZIhys_XTZB-juGND6GMEJm-K70RY2woFYBiIe7vMcuTj9jZxSWkTM5aOdUknTXKwrRdkhL064535kCnmclrDrW_c9UdIRq8PLUy7Uw7Yn_2xYL28Vg/l4m1isa4bzld67d/TopazVideoAI5.1.4x64.7z
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97d7a3cb8,0x7ff97d7a3cc8,0x7ff97d7a3cd8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1101312035195579753,3568259648916609648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3788 /prefetch:2
  2⤵
  PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\854a65f9-65c6-40f9-99ff-d42134198c51.tmp

Filesize
11KB

MD5
9d8f2f4be2ad76cdd89048a8f9e883ac

SHA1
72d4fe1d3307ceaf170ea428e5085ab38c53ca25

SHA256
d434f3760fe0eb664e5e28dc360ca770d02c3c35187c052312fb42aa72e2d6b6

SHA512
1a624cb2eba917548aa071d0b05a6e4a25215d0648ddd073bbe44156c2653c87196902925d3766899bd38263722a2e54b3c579f5d1a99113009be93576e9c30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
491e074ffee79db3045798be635e2447

SHA1
f18b68fbeba3f27483ade74c2e6729d8461e0c02

SHA256
85c14a21ae9b76c5e941b5806374dbda37d5411123e906d48d510762c8d84ce7

SHA512
fd27b53d90a1999e98e4a56678b7ae098da3f800f3159b76a2b4caf7fdfd5767153f08e7325bba7e73b7c3c7f35386b01bea437711fbe31c5e602a468a8731a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ba8d5dce4a5e01e0f7e2bc69039b512

SHA1
94c46692b28fff7c45a5fe460c490f3fefb7c616

SHA256
8292f28cc308853788aeaea7c49e80f8f10f999718bc65baa4e9e13014a7618d

SHA512
b206368bd307c276b4d415bbe20ab1c8a31799a3af9cc76ae5e5d38d88144cc854f8cde46271e1e5865fe14383e17884942b4a6230ee20c8f1c46f0424fa0ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
79e83bd5e2d37af9aee16a8ff782fb6c

SHA1
468dd6f2a3368d7527c01e320f81c22c65e35431

SHA256
44774bf6c5fa7c706e2e593e6f16e6c8b994ec496ada291a826710b10fa4d617

SHA512
d515d0bd570005c836f672bfb243a356421349b80a4a20686ec3ef8482b5b4f61deb54f552c6169165d5b3b02c0c9213bf5efd2c76230fb8781768763c15a597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e31b4d72b153b8970d4e565151d3d55d

SHA1
e349185f353f6fba001f7610f4410c956a9b7a81

SHA256
b16b9f4ac8a729fb7ef6e859fc8c64e70e2f34f694678d81b00024bd5b4dc25f

SHA512
a1085ec02a08d105a6150ea5dbab658c1d3a34ca3a6619396d899b021b32367e7c32f9b7bd0af301e9130b41559a4ae025d13a3f86c475f962e088b5605f97f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
a11bd32ad5fd7862206b867e5dfbd814

SHA1
13ab57a0403b1f9ab3da5955d730b28c21f276f2

SHA256
fb1adf8bbbd15d112e37bb9bbc211b3b940c1a032db6405e9817b89ca320bafe

SHA512
8f48481bfe2a358a7b0ea7144632291df8a5ad8f21f53f40b5dbbf561f65425c35b85959ce3b4096d85a2e9eb1ff4a5fe6f359ecee72ee2975d0541ff9e94e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
eff1a94a116e357c851648fdb3684dfc

SHA1
049d76fce1dc089af3096983d037971f7e562721

SHA256
2de0358184fbf1d1a207996bc0cb8292e3cd38d6327b9bdfee5438e51ed50266

SHA512
421b5d392276d8d33d7e5032f15f3b8446c11b0fe95bb9eeaa9944fa3fb9246ba4bfbc3f0b2d9bbbc9c1eda26221c9d2353171a1dba897bd324277e4bd0a9a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a09479b52b5c93f9c6dd4c92d8040b5e

SHA1
acb1b162cbf9ab60a66f8815fa450e3df90e0cc6

SHA256
1d56df8763a1ce6ad7a5fccf05a1fd4537e93be56363c15d658c2c190a3cd888

SHA512
5f6e99f367054cd0649a7ee1fc313aa7b90e822800fda3ef01c9d2a01e53443cffb1445b83d432177907f94f2448f89ed5d860049bc212fbd295916514436933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ed9b57dd342f4429ea65d6d429e3d8af

SHA1
b78fbe9a2d0ac822c0bfeeb83b086483f22f8a08

SHA256
9a2ca7129f113e48de6f0c97c54b649c2e733e4700dd3054c3a1c9ac2b85c3a5

SHA512
0cb1a9a412d218b7e3886712bd74e2b744743500c324ca1fbf320696067ddd63e1a1560039d75b3101659d5f175a72f578989aa1aa0eaa315008ed051dac0ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80332887107e4134e19101354cd9906e

SHA1
092ff0e102b1e9a9e8ece21e1ecb17dc44f347ed

SHA256
92adb7f1ce17b16c9f7dab25854298654c4fdc44a3f1a1f1aa815619d7815cb4

SHA512
d0325f77adb91f5cdbb7b96f7326ea0b098b1e84aeb534ed2db064b6a2d976c17ed23a2d8bad910d90890302aaad7b4db373eb10ab31c729a5459e3307c8d56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
272fe288643db6c33788ee55818937bd

SHA1
c32d6b1477362afbb04f9eb7f98a149e94a7c135

SHA256
d0a4189377080873d2f8baaff4476684bfa8a43fde73147397bb32c612b85b6b

SHA512
e1bea1bfcb44fd5fcc87420c57b63f069fdb8e1f17b83f48df788e91056519dfae1f312ec3d076bb099724f8fd908ce853068b29229e84750a7dcf90e0c2fc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7f8bd3f13a88f1b3024d79dc75ec3179

SHA1
a33ce6891e6dcd9de658e1884c1dc22041edbd34

SHA256
5ae84fb728770317047641641a648521da5c75532a01778f9cdffbfc8a1b4104

SHA512
17980789d9dbfd3499f092ba5f85c37af32a634e0fc4d9c030d28ac9c0aa40671ed1016b9307485dd4292a1ea3f0e252490e876914226f75f3d6f2d054a89c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
2a77549c511ff9d14340ac9065b35da7

SHA1
8d759c6cd9603b3084a304a5c59dcd78aa9ebe9f

SHA256
b96bf93c33852c486f6b53696d47b98ef6791690b1fcdd2cfa94186c437b1d88

SHA512
1c093c9d8e4d58f2ff0a106b96a137fe3169d3f530688d453459251d34779d7759da16e2b356b7d60fdf6bcdccdb4a80b3ead771966ea7b5da1852cf40c72c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
92a0050c17f7146550a769f498aa3898

SHA1
0a66310ecae7f48f456af4acdbaeeb67470e8e32

SHA256
6c8cce97e1d5aac94a3eec0fc81342ee53f5264d075b82ed6f5b60a8bc4290cd

SHA512
fab7f91b67cb924a60a79cf404187e30098e5be590c9834ced2dabb39413b4d7703e528c6b808b70010b2ab4b3d019a29ef3555d2b0b127e3bed28cc105a4f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5803a5.TMP

Filesize
873B

MD5
8a231e70c85ed7c753218ff23c7621bf

SHA1
93dde8c7c92b608f42e961eb979dfc57f8ba28f5

SHA256
3c546e51e7f6ddc7a90a41809794e265b27d6d1440b3e43c22855b44b8c4f8ed

SHA512
a6f0a23594e63c224c5975fcd3106a9b8bbc0d6e600ea4321f66d98130693f867c559ca151e59327aedce35b6f8fa3925034fa2ab7316e6a5bf75fd4697aadd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a7fb26adeda8553dcb6c43556ecbc03e

SHA1
e4d2ff1664968d06dcb23ac2a362ceb56af0a618

SHA256
15d0398e4a1c16c5d4cf4b77906efd0d490856c4041c935d4b3cf3786d2c08d4

SHA512
11078f4c7ad74d9b5690638671671539acb9a291ae5f0c61de099dab4a54fa86009f0e9e1a447125c3304f4511db952abf718619af70dec72db5d9dd9f7930d2

Download Submit