d43d80605073219c7c77be0ac62c4a0ebbf8e027c57a64352333614a648ace72

Analysis

max time kernel
175s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9f0fef728b663deb51c061ed645e091f765afcd (1).webp
Size

49KB
MD5

a1a32a79d06014ff40bfb3d4d3191217
SHA1

5e1e26fd7341c80fa797aad23e6742ac82b50cbb
SHA256

d43d80605073219c7c77be0ac62c4a0ebbf8e027c57a64352333614a648ace72
SHA512

e7fe2a11b68aa17b77d430d5022e813a79112875923c2d9a24689f07bd3830703d9bf112ef5aaf51ec417cc5e555f5935f202c974d494de5dbd2674ff635a1de
SSDEEP

768:3QFVgvDcZHITAzgQgeX+vCaZk2NigKkUA39ksYtstsE1obAjVBsQV:3ZvDyHIczlbutfifkUVssZbAjTss

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{81AD4FDF-7A30-41DE-9A42-24D0CF302F20}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
452	msedge.exe
452	msedge.exe
4492	msedge.exe
4492	msedge.exe
5796	identity_helper.exe
5796	identity_helper.exe
772	msedge.exe
772	msedge.exe
1384	msedge.exe
1384	msedge.exe
6036	msedge.exe
6036	msedge.exe
2456	identity_helper.exe
2456	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5808	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	5808	7zG.exe
Token: 35	5808	7zG.exe
Token: SeSecurityPrivilege	5808	7zG.exe
Token: SeSecurityPrivilege	5808	7zG.exe
Token: SeRestorePrivilege	5136	7zG.exe
Token: 35	5136	7zG.exe
Token: SeSecurityPrivilege	5136	7zG.exe
Token: SeSecurityPrivilege	5136	7zG.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
5808	7zG.exe
5808	7zG.exe
5136	7zG.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 452	5072	cmd.exe	85
PID 5072 wrote to memory of 452	5072	cmd.exe	85
PID 452 wrote to memory of 2708	452	msedge.exe	88
PID 452 wrote to memory of 2708	452	msedge.exe	88
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 4992	452	msedge.exe	89
PID 452 wrote to memory of 2556	452	msedge.exe	90
PID 452 wrote to memory of 2556	452	msedge.exe	90
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91
PID 452 wrote to memory of 2028	452	msedge.exe	91

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\e9f0fef728b663deb51c061ed645e091f765afcd (1).webp"
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e9f0fef728b663deb51c061ed645e091f765afcd (1).webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34846f8,0x7ffcb3484708,0x7ffcb3484718
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
    3⤵
    PID:2028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
    3⤵
    PID:3656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
    3⤵
    PID:3804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
    3⤵
    PID:812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
    3⤵
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5148 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
    3⤵
    PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 /prefetch:8
    3⤵
    PID:2484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
    3⤵
    PID:2904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
    3⤵
    PID:5432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:5440
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
    3⤵
    PID:5676
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
    3⤵
    PID:5996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
    3⤵
    PID:6004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:5144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
    3⤵
    PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
    3⤵
    PID:1104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
    3⤵
    PID:5344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
    3⤵
    PID:5352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
    3⤵
    PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5888 /prefetch:8
    3⤵
    PID:5252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
    3⤵
    PID:3208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
    3⤵
    PID:5308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
    3⤵
    PID:1100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
    3⤵
    PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7016 /prefetch:8
    3⤵
    PID:5584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
    3⤵
    PID:5468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:3268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
    3⤵
    PID:5344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3398216216733853669,3518597661667036470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
    3⤵
    PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:224

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\19-08-2024_L6p1h23RQNnmUOT\" -ad -an -ai#7zMap14317:114:7zEvent11083
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5808

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\19-08-2024_L6p1h23RQNnmUOT\" -ad -an -ai#7zMap31686:114:7zEvent9742
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34846f8,0x7ffcb3484708,0x7ffcb3484718
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,10050000758822005233,15440814781840405882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
793d5df67dd2bdac5b13002fe6a56feb

SHA1
d7c7e4fc13101e854103ae0d372f6920eb1e6da7

SHA256
b89c6850b95a11456edd863216a85ff4f7d1b62941fb1f57ac975f821e7623e7

SHA512
0dec6027427b4980f58d5f5c15b2bbc8a3de5b1b65335ddea7656d0511d022e031f61d11dd18cb0abd2e22e8accec6433e6faaa00f4d7720a8d0e7b003baf8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f86c4100387bf2641538dedb9e0d5b07

SHA1
549e86ba24375ee618183f4323bcb73672052cb5

SHA256
98b713daa29148ab8a183cba3772776e671b1a25b49be95f25b111cb97f24eef

SHA512
d9aaaf619d3cf2715858c3d7299b59fc9603693cc71faa4477bd9c05aa628361e40bcb1106aeab44ca812d4f983cbf50a7af8bc2a5b67a851f8f08b94efa26a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
24KB

MD5
7c2224075fd41741e27aab8e01cc338a

SHA1
61ab9ba861743b87f8af0c55e977aa1c653f8d73

SHA256
efaecafb3b690ff5bddf38ffb089a715f083e311ae55761697fcd3ba69b5a141

SHA512
d6dbda96d49ff4b36d6906dcf001e7ffbbd953e06a347abd5d3db8784feda2d134b875f7612611061628ba175656fcb6da378e8bd06764a287add3e64e33ce82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
51KB

MD5
95e5bf1e6254e82b6fa76fb202b89470

SHA1
0d233eb387a9cc9ae556fda895263f60183a33b9

SHA256
08669ec4d51f04819d991ea6b0cd1d96af275e89be9847981c57f25f6726330f

SHA512
daa9fa404fd5fd706cfe1f8e93c922ee87977c570c97134ecd4beb644330731a383d52425a3681cb0ff2daac3286da178ae91029670a9881bba11666c9823f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
95KB

MD5
8c398f5b07ca4812a2330d3a2d41aef4

SHA1
d87e7701920ff2fc21b183931bdd01a39d392d83

SHA256
87245844af7117d578b565f9b705a58336ca3e9dd93721b68a87a491adc9dccb

SHA512
58edb42b2789414bfea5f000fd7127cf7a92998d2895d160d0b456def16cb83e9c42c30651580216bdf475f71c027a6e75976cde19fa0cc1af9989e26feac8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
38KB

MD5
6573e5e96d7de9bd5b58590762c5f42b

SHA1
f04a6bd410fe2a84ece0e17f70b134efc78e5e6e

SHA256
30c28a9f3d9d26740b4e8bc7c2fef20b37f4698b4168c6da86cff90237fea927

SHA512
e59d2b13a29708f1fbda56700dd20638647d07534d1b25882ea3b29bbc738fa3d726be33292fd0a943cb946bf004d331da4010de9fc67e9549286b519ad9f7ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
21KB

MD5
2f7fff23646a4f0623fb959e86878703

SHA1
2feda6840517cd2701e601cc78bd10c1511208aa

SHA256
affa1540650726f2589cceefbb977def4637ed3b7c8089e087ccc81042d6406d

SHA512
9a50e278d4af33d6af1bfbce649224e8b8a5f304a606a993925a897d0c6a1bc6fcf85c853b347ef78a3d56bcd176cdac7cb7486d0bef8eeadaf428745dbc28bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
103KB

MD5
671dcadf8b51dce387dbb26e8e0065dc

SHA1
127551ced9fd804f6f7f9f6999970c64787b5008

SHA256
41419bbeb8692d75bb773ca2097520ea6b8faefa834c1b56799699c253c2d662

SHA512
8521a5649092e2164aa86c7be59e0942c4bdc95a501a52d79cf5a93581c7fa2658c92073d536ef5b69ce351e26dc32ba40deb21ccf167653d104ea212f02fd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
30KB

MD5
d02ba3bc0e7cce30c9f3f900b46eaf4b

SHA1
cbf64ed02876be9360d2e0561e08bb3c359fd7a5

SHA256
bdf54cd5aa3889a0e8f9a69b5edab39dd437b91053dd0abf7e9f5dd95dc0fc5d

SHA512
1322e1a610549f8d273c5dabc23db4c04a48a7a34a694dedc01c17f5675352ae15af302604879159af5fbe89e96d7dffe80e6db3ec483756aed3063de9a869e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
141KB

MD5
82428a86022500a3120b58fe6a0887b7

SHA1
1161296127b364f8e25a8009576f4504d575dad6

SHA256
4c32664dc685c92517ff5413aedfbb31c161ffcb8bc550de64991e908ebf6ab1

SHA512
39109d1472b66da67955ef837c6798d0085597129f2c5a008b83f321f76ce2889b9523808e209286decc8af2bb6d97d8b61c3399f480bcab75eaa60f71a5094b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
25KB

MD5
773a3f7b1bfb878ccfd3172373a7a44e

SHA1
734ab81b02cc09b00cc9461cc80d57d9d66c3f4d

SHA256
9d1f9a5fdf2afd743568ac44aef0fabb0e5272bce34528dbabdbc99670987b56

SHA512
f0b55294896f5d0ef6ed77ba39c61812bef17f558433f4a0925fccf0ccc9c39326e9d3f7a651b74ac422499a970b10e395c333432272f2b7fd0148ff21e31bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
23KB

MD5
8b7c03465f259dc91ba99b6e5f27ce1a

SHA1
ec4a48a27af21354f12b99e161b74a11086c26ea

SHA256
928ef50f6501c0822ce9c5201c901b95fadbb5a6604f3a6393b14601797e8ede

SHA512
15c90619ff569ba2b50ae715a8955bdf173a5c31f17e4ec17658f1ad61ccc92f61db53da16cb73bf50be715f31905d3987ef97f19ecc991dbfc031d316f0e1b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
110KB

MD5
a93fbd064796293240cf7fbcaee4d952

SHA1
168b88f3602f5801e36a17101628deea09ccb638

SHA256
dc2a266e4f1192b56a5d0f0199d030c46db5c93888c100955d7e2ed18d207621

SHA512
8fdfbc3a5abf37cd5e26f4bfd435d8d47df8dbe82b3f892a99102dc716eb5e1bb194fe4956608a9bae74563f006f43890d770f702ab2470459d11d42f3dc084f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
20KB

MD5
a1afe33ce7442502a96deee597945384

SHA1
fe34cd78635f5617cf238de6dc746058d6f88899

SHA256
f7eeb570c60aff1435db1daf3767c0672634269789870ef91c69b2b90a47edaa

SHA512
f8bca21c3fd79d63c8265f5dfcba95419eac697b42efb600e7c33d15dc5d9c3e0d0d360da39e14004facaea4cff4dcfc00d7437979283ce0a2b06916b69b8c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
58906886654082a21f0d6bc5e1a55199

SHA1
b513254e218be091867aeb0312192b5642de46c6

SHA256
1806e4832d4875ec51ac39738b84a7df246a0d8fbad3c2f9abc9faa69badcd09

SHA512
5d2b3d313caeb5d0d21bfc9a219666f6d00c963cf10c6ea8b1d611ca62dd7386f566abadfc86257beb0425029b18547bd48d2803db4c17b8d97ae78d3d135ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
910476249a71e8d89c2a426c26c30222

SHA1
d5e85c0cea519300e5ce07362a7c07e3ed54e314

SHA256
b4e6e3b4f3d8a83c53b20be04052cd44334f27d34e1dc8b3eaadf836fcadea77

SHA512
2f6cc65d375ba7306b8838d2550cca046748ea44aacb2c320c4d5e5e53a8e1b6729c8de1eb280dfd408e5a9f9df0b48b0e7173b83499359abf931ae660c084e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
19bc9dad271534a87da09e82c1ba2abc

SHA1
8a531e11c63a7ab2fe7ac5860803900e199346ff

SHA256
2d9261c2de78c68724f4dbc5ec572999010ca4a3cd3445cdb80caf11448bf301

SHA512
040de7fe132177241284a5adfe0a1df9ded32559d5e6e59f5756fba06607c51beee029f80d5fbc51fa27e9236514a0615f28d34374068df1883e8c7feea3a767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
61283fcf8fa2af3cc986cde1e98cfa8e

SHA1
691965d57024e6b192216acdccdae533186f2af2

SHA256
de8dccfc9a2d433d443e7b1d0454b0174bb7c2f91848a821b16e64445bbc6bc4

SHA512
435c8b21f2ef4ee3104989e15b50d5e4a4dc9f49514bf3f5352998bc8e5b82c5b59401db0e64c58d3da34a68b64ce7965f18c3fad56dc80e1dd9bb19db7d6a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
958f6b57ebd2530a756595d679e8663a

SHA1
9cd5829ea69531f9530ed58dde2ce88085123da3

SHA256
f52f7e1cc943758d8778bdf1afd508547f88b4eac6991e07b967ea14d7d4caf5

SHA512
f6e110cdb1440c7e87b10bbfcf2bca4055ab24fc2a92d77a3545565066ebf01f6f6260739f302cb1ee1985153dfbe5a02711d74ef552dab2665ba3108149e532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
443B

MD5
22902fc348579c66a14f7e310c876dc1

SHA1
c39de7a0045baac12bd2dd186fc2fc60caa8c3a6

SHA256
bb9eddbdddfb50067226ea6e0050726289e17313c9a0c4e4037e73b783ae4c56

SHA512
f2fa0f597b3ad8f4fb6556be12fe1190c382b505855597eb326edea87c27b342765beca6f219e6eae1ed4f6d444ce89efd2e8fbd14652f8f871bc98613e5e8ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
579f374a0a14732e8c43b0ff9a9e5fe8

SHA1
8b6795fa5932c948f7e862e9a91094d5eae4a1ff

SHA256
6fa9dede8011329613ced65030a78ce080f374367776c701d49319d9a565151f

SHA512
c90e96696aef76fe9ea03b6419a49991acc634e65dca5d19da6993a530a39f9426a39c1399f68abab9e6131d7adf80bc21288e984d067418684cbbccd69390d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
48KB

MD5
41a406ec27486926eaefeb31cf99629c

SHA1
edc9a07a6a5841fd2a6b49ff16f306f2ad951cd7

SHA256
aa19e8a6794123925d686079c01eacff0c571efcc7d551d8b67c9278c32e8859

SHA512
444b08b4ac86090b50d5c137e7387cf5cb7e7e853dbdff1bbfdaffbde49eda5ffd7967e6eb14ec0dad7d440b9994dd76872560e94fd041cf818d8b5eb39bd65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7d6c572ac8926fffa347afbfe1ea12d5

SHA1
bea1dcf844f08c22bd34f7a7b3ebd9c0a8ab27b4

SHA256
546f2e9531fbef1a5247f189ed3be7920dc0860559f9299c1824c70661d47e27

SHA512
673901e63bfec344f334f03d060c4a3db58e3b76d60bf7e40ee8e7f17ce2ae61b07027de3f98ba34821c127dd49eafc3627cb41b4af80cf41caf444a9eda3810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3cf64a4155b57bb1db8300b71d21295c

SHA1
c3a9259c0e9450262c022c7bd1a06ca643104341

SHA256
017337eba31c39dd952a0ee63d0a3ede02aefc6c0a845f576c4c8422ea15d36c

SHA512
f34f5b17a283f476f5fda139eff33518ee4823869652cfa4001714a666c91aa84fc177933ac55e13b9d3f48e3308ca64ce9012deeacafac90c3a30620dd7bb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6263f6a3941031bb50f84d38d4cbe7ce

SHA1
4f65d6abdf1a4b504d26caebb81374fe9dcfa8b8

SHA256
261be828d57ba0fa2eb9b41d9473fc46e0f10db5ce964d49d164166e4cdce508

SHA512
50143d490b641da92561248d886e34ad5292bcb1138dbf8be46624d06068b14a654e499f256a143a720c2d950dab2058d616668d422add113fcd9292a845355c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
726ab6cecd4323c47a6077f25283d102

SHA1
c167bf98db86cc22072aaf53e942741c97a0139b

SHA256
b6e92265dd7514e2cc080df197dc30831b13e10b2da65e6a91c2be80a218c158

SHA512
fb24f0667b0ce64c06e00c86892c4ff72faa1de0f6de6f2be5bf44f0815896cc1e1145a97a64a9f80a7766d6d49e1fffdf3ff5342f5b0138086eeefa728e5865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f9b02cf22bc70b1fa7c25e2a5f2cb96

SHA1
07eecf362f71623f6ebb7590d3806fc60a605c63

SHA256
3029e0fe19c3c4ea6e136a050bde6f3124da27b253e629fdf3e75de29824f7b3

SHA512
8a56636aff82eb814db6b0ff9f21b1c021648de1a8d90809da23cd938337d4ec1b12b4239a88e6150edc90b2125100b86b6342bd27c10c4023a7df337f2b653d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d81758c381b1ec44de826d166d2d0b42

SHA1
a3a0cb7829a692fe5564a4e893cb72e9b432d556

SHA256
c43e99815e145b14621d587f54d49eb9cd0f909168c0eb45b33ff0afdecb1b6a

SHA512
77a42f725a45b519860296fd391f6df65eed64d5365d2f1209f0101c93b5ef0ae53c60160c9543acc6a7b8a96990445feeb08030fa6e9a4bd42c2abc09349b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f68d2d3cd64e1c727f59b90a2b68e667

SHA1
fd3a1d14ba4e980ae439c5acc1da2956fb52e7ab

SHA256
da24b65b24c8de7c155c9a9ceccec573ab6620c26e158f137e8aaa1e5426b5de

SHA512
69084524d6fb64a29a8907885ddb7c6bb357c3d2211c3c4d74e5fd1afda694c05b059c2bfe88665b8adf41cf86e0cc4273b8d2bf2cf2294593577474e3af846d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
312573bb19822b28d432d8703a2c41f1

SHA1
096d6d54f16ba92bb844ce21e8f51717a31d0583

SHA256
b60d93729206f5fce4417e1a733fc41608b32493cabb4327ddb0af3dc864b26b

SHA512
82349d1107899a49624f62c12f6f2213807538960daf5a5adac856339354f4107e0a3b21b568d4ffaad0040530560e4ee2097e8280c2b523e63360ae27cdb7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
299c2cc16aeba2d6a3bfda643082ec0a

SHA1
2c0b1d45fc8cc2aa4f6864ffdb81cccdc6db9330

SHA256
914907d2d2ddf1b1878223ab9adaa2b8710657d5e6d56a06fff02ad1f6607d37

SHA512
6c8833421b323f82ffa2fabeab614cc8ac96138fac0d3cba532b94b9ec946acd73439f93987ec734d5eb5619d0123eb817c4a8bbf1ba7b7b993e2ca3492b6e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
149325a5b780526c0db65a117a31fa69

SHA1
db91d5453f66a4e04f5f2a013cbd161bd78f0d9d

SHA256
3c8e47ceaeda117963190c8176b5b1e073f6f621a25f07ec310de36f24b6255d

SHA512
eae939aa3611254dc6bd6b644376a85202e97d01809327b371c8ad089f8fc4a9b34118d093dfd70dccd96627781d20dbcaabdbad78f0081b03e77a9d1940dd65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f37b60970022d9164ff73c26800f3aca

SHA1
3fd6510d787f06ad9a42a23efe98d6679480e116

SHA256
51c9b5bc0be1bb7aa63c2f30b0592b5486325d7679399169a4b7ed96c78d8965

SHA512
5b135c46424aee2ff2c9a765c16fbe498c2cf246a886efe5fd27cbc7cd72bf6981b887a957b540f497e85a67a421df8ff2966d03f6b96d862aef1b5c623015c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368549425082148

Filesize
53KB

MD5
78a426c8c48d0e557bc22d4e62cc7b98

SHA1
1cd3c09da34f58bb01b7109dc8cae4ba12178fec

SHA256
2c9fb937081a02c4f9c18de9068251507ce07df67972a44d405dcfc11b17c91a

SHA512
7377de6d5122c3efbda788ab382d44ddf27bfdd9d957cd253de1a802f38d17cdb2b39ac2b77ef6489d16949a2cb179951ff133d0ac1e67d9e33a09ab3ed85361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
4f62e62d5e001b136735b8ed128e5c18

SHA1
8a74903dab1a7982253f8fc4b62b3328ed29627e

SHA256
ef12acfecb78f9a305db8d2afc4349c627661f4b4576715efee0e1372016e6fe

SHA512
2071252ad83a7c2df52d7afc140ad83a8d5b3f1d1c8fea1ec00c5a1b6e9c8fd9e88e3b72f0b6fc8c22649b70d88aa86dbef00899b9d35b6b784e0455e4ebacc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
dd8ed27f558c6eb9b2cd1f80ca163b83

SHA1
809557b36883eb3af62123c34ba2e8d2e93e9803

SHA256
646c20df2ad2ed9155e46adab23ced132eb4b7173af92fa31c3bb0a4c0397ecb

SHA512
feab2a8d362a2f08661b098b4c8058a8309d6d5d04cbdd39edac851e6b8137b3802f8b6123cd31215cd52443a5e8fb42da86755396efe9a2cd08268903e39ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
4ed7af706f1de41ab2ec1413d1a687e2

SHA1
fcae64266c41950a7d21fa9ff8d259289079057d

SHA256
5a1b96d1fc9e8c3babf5b85a80b5c19bb1e9b68695b1b693c3a8bccedf28a493

SHA512
84a3a5b41cb0cdf64de13a05d4fd983c0b6f461acf101137e21ed083570058b39504a0ea98fed9b62753ab081accfad4ee0252b8483748341973d82d21facb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8e39503da2c8eb20f91d95b35b6578e

SHA1
09d2885c0fc153a6ed4ae1f36971075f5345c771

SHA256
6369a112efe074c73b020895c7331ed34029df4f39851c8dc8c5eebeca648658

SHA512
8ee2ad49618af54357445a9ccb8416a39d97afb7eb0bb0a3a1cc82bd993afa8d9491594e8a0c93013c786f588fd790ccde393b99b27cd6b617346f0a9272bdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
74a421a053f173d6febc1ba067d3a2ac

SHA1
0922b8a1b4870af8c455bb3a53f2e550c6b90f40

SHA256
777a99d15cf4b2f1eea58df4eb3d45add138bbd28fde90e339ff2d5c7a88e456

SHA512
cc505e8527af5f2f045a9e9bdb6392ff0de9033a0a34eca6f28e22b7f2063b40739e4c6eb320f107005e17273e7b184b94c777e32402a3d03cf62e987e1d629f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc2a23c2f82a756911441eaa4710df58

SHA1
aa1123ce6a862bc8f4c1ab784a15c1a1830d616d

SHA256
53dba9bd50c015dc47a3b1de37662db6cb2d3373c0af14b480764cf822e2b46e

SHA512
69e99e74dd8c3b04a09f9c381794989fce485f19175b74044e7d2d5544e65ceffa8e72fbc7c9c0f6f02b107e74cc39d75bceaa86812f050b1635cc4e4deadb3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
781e11ea22adaf739164ff23e89e03b7

SHA1
4d5b6da8707da63019de32f8389e111b61ee8668

SHA256
936cf0e1133b61105a9d823d56dbc5b72a1cba84d87bf446edbd9242d71fd00b

SHA512
b1b4876c142a7abd841d43f5c0a0ad71c371207f984d3a6087a744f182328db0dceb8133a9b86eddbb7b8383c7cfa2f7906ba1a62d2b1b30cb9e6c29fbd8b474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd3c.TMP

Filesize
1KB

MD5
8aa544ef702dee6b109b3c2a02fc9a37

SHA1
067863776de2de3585b1fa5f3d623508faee4778

SHA256
a77c156de8f272b05ebb1b26d6f1df7de7c7e8e338cfbb0801648be9e46d2596

SHA512
887c09c2369a43fcf502bfd6a8ac651ff25bf1b31e8d8e4a4299a738ab5a23cdd7b5485e63c8d6989c781ad11cd240c02fc1989566aea66625dd9245a3ecb819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ea099c7c3598d8bd2972d34450069de2

SHA1
11d4d02961ec528b1507a91932cbdd5b9ca9a72a

SHA256
554369a8094dd32c0c9e6ae4e01505a1eb37d86e8c2be69f6de9d0381a514920

SHA512
f6ae34df4e6d8a7078d6406435227e7fba01cb3347642c58a80abc887cdf0cd3966f403c3d7c12653a25ca32b983ca65ccf5e32458cf20805c1134acd56706d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
2a4ca06c7cb56b5e3120b6f3d55d4a0e

SHA1
7d4ebc6cbf23238ee40dda7f040cf4d92fbe4453

SHA256
6850c2c17360b4fcb1a7d1e7e8584d30df505a2466c8757be908cdf14f45075d

SHA512
fbe6009279b9b48e502d13971ee9a69f767ab6a8451cdd8117ddb85c620f728c1a68d4a15ee46d4d9f4a03b57d999e819efa44b3f15653457e3c41d5e30db086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
80KB

MD5
4c07987a3f6c82f879a4a28d7de997a2

SHA1
06495cc3b1854aed399195468471edb76c2beaa2

SHA256
6b8845de1c6ce25a0e131256efab7936602dcc9f48242bc35d07421bae026248

SHA512
79e2cf89fab7d1752d7f73e2a6d42eb5104ffce70dccf5627bb30f0dab0f7f0451f4abfb3ea734904a7a085509a3bbc3d4e2a0a112680bec8b498e53122dbe8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
67e36007f6ae812e033870c5908c9e6e

SHA1
346f2a271e0d405e1cea75fe06d9334f1faf7eaa

SHA256
cd3cc57ffd471625ad876302c0ef350df7aef31fe5c013a90aec7b12f3d34a10

SHA512
1dc398cc0bf3c2c3f86a03d89f2ba205b47f5d6a49b43026935dd479b28088aacc51f9bb31fd72cdb4309b477f92f6ad2d23671aca56e1ab696de8f0bb105b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0dbf8aa76d2f56ab2db5701fc0e041b4

SHA1
56fb7333cdfd25b5979401ec32ba92bfe8203aad

SHA256
a82d6616e35af41439c60f7c666424627819fb270ec24ba3924149238627d729

SHA512
77bfc8bd9719072dec4777f38e9975856835b5f8f9338cf6ff8e9963f6050261b85b5a96e86a8a41b21f6a0b15a3f8bd6bc889dfa5d0ea2ca19569613d280d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
000cf0394cd71fc66bffa47a2b4e27ab

SHA1
ba3788a0aa4bb97b75711804b890e9c77667ca4d

SHA256
679edd7e917519c8a9619fec1a06ae5706466ac2d382853adf22fa0d0dac6eb2

SHA512
d2d1be66f36e8d2544ab874a58427f06da2e672a76bd0990bd9eb54f8df8fa3cd13b09982af7c3eebbd9a5ef84c71da0373daaccb0a906ed5cfc7a2aa1632cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3ae71e53cb2199e3031b5cef8e5ac624

SHA1
bcf5a0968c2783cbc30e239ec4039e4bbdd51e38

SHA256
bcfb7a13560d2a26c362b4f8b121c7e73cc341daa5c9c11ec3fc1196fea746be

SHA512
5fd0bff5dd423f18cb2c75fb4b8ebb0a27c6bb1c11e35e00b5e64451ad90e285e91d81784c8b46f727280c49b1eac93b519edfe6084af353e9dbe975fa8332db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
77b68ec4d0da9e2d9cff65971848ab93

SHA1
48f4ae2722f4c9a473b884246cf7089841151beb

SHA256
71a46461c484c3213eac1f1fc3e171fc00865b6c9a44857a5093d5da08dbe924

SHA512
a0c4bdbe719ec4f66b1188772fabce24ec664df88a5760856e0a669dbf48cf18a8f7d9af9125329f3a76941200197760719bc0ac7824580cd7d6b000cc4a503e

Download Submit
C:\Users\Admin\Downloads\19-08-2024_L6p1h23RQNnmUOT.zip

Filesize
73KB

MD5
bb4698b231ac899f0a6a2fbc91da329f

SHA1
5adee0c629c3e4c1a1f0301e4ba6993906e8a70b

SHA256
3dcb1f022ecd46616000b0c51d69601f3a4996966faf4a0b30c5fb59275239fd

SHA512
523b94c7f351827f142b4bdf848b5f1fb786d269adf05113a0034f39a8a6c6b257d20e2ce467d8e29b1f7b11d851e6cd7bd0c5dadd284fb85f56e54bba009049

Download Submit