Analysis

  • max time kernel
    198s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 22:49

Errors

Reason
Machine shutdown

General

  • Target

    https://malwarewatch.org/

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 56 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://malwarewatch.org/
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
      2⤵
        PID:1572
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
        2⤵
          PID:1864
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:952
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
          2⤵
            PID:2660
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
            2⤵
              PID:1536
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:4692
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
                2⤵
                  PID:808
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
                  2⤵
                    PID:2072
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4436
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
                    2⤵
                      PID:396
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                      2⤵
                        PID:2356
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                        2⤵
                          PID:684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                          2⤵
                            PID:3504
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                            2⤵
                              PID:116
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5528 /prefetch:8
                              2⤵
                                PID:2112
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3300 /prefetch:8
                                2⤵
                                  PID:4420
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                  2⤵
                                    PID:900
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1888
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4204
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
                                    2⤵
                                      PID:1468
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
                                      2⤵
                                        PID:4368
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
                                        2⤵
                                          PID:1968
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
                                          2⤵
                                            PID:4008
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                                            2⤵
                                              PID:2892
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                                              2⤵
                                                PID:3740
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
                                                2⤵
                                                  PID:808
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                                                  2⤵
                                                    PID:2516
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:2220
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4476
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:1524
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:4180
                                                        • C:\Users\Admin\Downloads\MEMZ\[email protected]
                                                          "C:\Users\Admin\Downloads\MEMZ\[email protected]"
                                                          1⤵
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:4100
                                                          • C:\Users\Admin\Downloads\MEMZ\[email protected]
                                                            "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
                                                            2⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:312
                                                          • C:\Users\Admin\Downloads\MEMZ\[email protected]
                                                            "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
                                                            2⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:4220
                                                          • C:\Users\Admin\Downloads\MEMZ\[email protected]
                                                            "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
                                                            2⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:1492
                                                          • C:\Users\Admin\Downloads\MEMZ\[email protected]
                                                            "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
                                                            2⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:1740
                                                          • C:\Users\Admin\Downloads\MEMZ\[email protected]
                                                            "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
                                                            2⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:4604
                                                          • C:\Users\Admin\Downloads\MEMZ\[email protected]
                                                            "C:\Users\Admin\Downloads\MEMZ\[email protected]" /main
                                                            2⤵
                                                            • Writes to the Master Boot Record (MBR)
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:4464
                                                            • C:\Windows\SysWOW64\notepad.exe
                                                              "C:\Windows\System32\notepad.exe" \note.txt
                                                              3⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:2844
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
                                                              3⤵
                                                                PID:1976
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
                                                                  4⤵
                                                                    PID:2044
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
                                                                  3⤵
                                                                  • Enumerates system info in registry
                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                  • Suspicious use of FindShellTrayWindow
                                                                  • Suspicious use of SendNotifyMessage
                                                                  PID:3664
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
                                                                    4⤵
                                                                      PID:3568
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
                                                                      4⤵
                                                                        PID:5132
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
                                                                        4⤵
                                                                          PID:5168
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
                                                                          4⤵
                                                                            PID:5196
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
                                                                            4⤵
                                                                              PID:5204
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
                                                                              4⤵
                                                                                PID:5336
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                                                                4⤵
                                                                                  PID:5788
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
                                                                                  4⤵
                                                                                    PID:5928
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:5484
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:5612
                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                  "LogonUI.exe" /flags:0x4 /state0:0xa3838055 /state1:0x41c64e6d
                                                                                  1⤵
                                                                                  • Modifies data under HKEY_USERS
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:5444

                                                                                Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        99afa4934d1e3c56bbce114b356e8a99

                                                                                        SHA1

                                                                                        3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

                                                                                        SHA256

                                                                                        08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

                                                                                        SHA512

                                                                                        76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        443a627d539ca4eab732bad0cbe7332b

                                                                                        SHA1

                                                                                        86b18b906a1acd2a22f4b2c78ac3564c394a9569

                                                                                        SHA256

                                                                                        1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

                                                                                        SHA512

                                                                                        923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        295d62697b4b5903eb8c0ed78aba5d68

                                                                                        SHA1

                                                                                        8c2c61087f6c510def41af14af8106676dbe64a3

                                                                                        SHA256

                                                                                        c00b3c2ad8eff1e136da0abda5b8c9e13de58ba2c4b86b7c18f0aae6ede15e46

                                                                                        SHA512

                                                                                        d6b3f761cb0ed5bb0dc909534892806a65352f76c3838462d1a99cd1d1b044f628f106dac8909dbb666b09dcd87e0ff0ae3c9a5dcb65a257bae7acf1227a4abc

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        1ef050553514dddb1fcbaadf6156ffe8

                                                                                        SHA1

                                                                                        7ff6b2008e1be20aeff593c882317d409fabbf6d

                                                                                        SHA256

                                                                                        34915336411afb3237119d72d53db2dfe51b19bcd3dac6b889b5695b49bf71bd

                                                                                        SHA512

                                                                                        245357299eb76b4edf0028c15eb7107b7d17468e9d2caabbf0ef632dc9b1b1f92f4bc2201ba0171d66cbe076bf24b2458a925fdb5ef6f0bbe46f6a8023dd5ee6

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

                                                                                        Filesize

                                                                                        44KB

                                                                                        MD5

                                                                                        db31e56907d568d4142e629e45dc699c

                                                                                        SHA1

                                                                                        4411317cdfa2dfff6a3652cd3d3a1859d44e2bf4

                                                                                        SHA256

                                                                                        3a3bd7d634288d197080aa0f0d181b138817906f0e00e96a87bef2c44621f11b

                                                                                        SHA512

                                                                                        a51ff1cc861a4c40dd3fd9354e1c2ecb05e751cea76209fa2879af28f2d29f48dc3dc7822d1b474d3a2b316a3aa31d6d5bb6da7f72c807ba06949d41014d2157

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

                                                                                        Filesize

                                                                                        264KB

                                                                                        MD5

                                                                                        19ca63722034ed47240ae597dcaeb012

                                                                                        SHA1

                                                                                        d1fe491e497bf1e44394246dc4b8b210da294d2a

                                                                                        SHA256

                                                                                        03761edcf26aa0d966068dd7bc5604c4636f9aa01908c1666ffbd395340b164d

                                                                                        SHA512

                                                                                        f17be9da1f7bbbe6ecdb5ee135975c459d5552a967b1851f7adaa4153a564c34577bf01a5f15aa4da55a2a794175d71883f51d115b6ee50e5569c007c1a50a2e

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

                                                                                        Filesize

                                                                                        1.0MB

                                                                                        MD5

                                                                                        fceb092acdedb430b5106395ecdbdc60

                                                                                        SHA1

                                                                                        6da83b39c14d8ff7f71bfcc437025eeb64098cc4

                                                                                        SHA256

                                                                                        40d5939f7ab8ac41ddc559edc12d7b2fa977cd543abc959820ea0ed2f884dcd2

                                                                                        SHA512

                                                                                        822c66f705441b80d276973137851d305d41f6329da330ce3fb8d5f5a8c74bc398cf807823e3afef34d171b595cd78ce836d39709712f68c87f3ed3a856ac085

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

                                                                                        Filesize

                                                                                        4.0MB

                                                                                        MD5

                                                                                        71601813f25361aa84c3c245c83b7949

                                                                                        SHA1

                                                                                        48bfaa854230cf7ff0969617d8524a8a66f184ac

                                                                                        SHA256

                                                                                        3b2d3dd628e5cd0a9c27e8e13cd1369a05bd2d06f66960cc4f3c1bfacd1b7e37

                                                                                        SHA512

                                                                                        cc7d8f37dd158c469112559bd5d00f3dab3c2e9402a6de245abad30fdb2033703a784b661c8452af1c950fca1aa25bdab6b9e6f1e2d800550f79209b88e9a269

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

                                                                                        Filesize

                                                                                        215KB

                                                                                        MD5

                                                                                        1585c4c0ffdb55b2a4fdc0b0f5c317be

                                                                                        SHA1

                                                                                        aac0e0f12332063c75c690458b2cfe5acb800d0a

                                                                                        SHA256

                                                                                        18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

                                                                                        SHA512

                                                                                        7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        d1677a0d949e89c43f0ff76eebec2b87

                                                                                        SHA1

                                                                                        66f5841f3afcf24ddaec6c30e3da068ad6fa8b0a

                                                                                        SHA256

                                                                                        a25c68582926060a5a74f6713632404823c4b9a08c09e9ed6b80c8e15a8f0547

                                                                                        SHA512

                                                                                        92da2b78b9ce1cbc25ccdba6b7235666b810eb452e3f021d3844c9bf688beaaccc42a16ba67fa30f604c0cad44e2e9d4c8de4647c0b128bd29adcc3307e85360

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        c3d57d0edca44ec59bc4a5065593ea94

                                                                                        SHA1

                                                                                        e2ddf4dc566c3f19834d603bb11d2cd9d2bbe6cb

                                                                                        SHA256

                                                                                        ad213949769cb5adfe330b009efa6f8be85e5411a56bb8ba131b12b7b2cf6836

                                                                                        SHA512

                                                                                        14012e0cc4e878bdd89de0312efbd5e1f7e2af6a9b8c25e2a95b60018ed8339e3f53f325a3ced4a2697e53225def1a184f07a37253de038c15c51707701ccdbe

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        341b4775b3aba00206945eec71ef4fdb

                                                                                        SHA1

                                                                                        1ef2870445e843c11406ed0a507e36b0048f07f2

                                                                                        SHA256

                                                                                        40abf8b285aa280c373fb3da63eb1b5d24a0479a935587e9969a36c21e9642e9

                                                                                        SHA512

                                                                                        5591b9b687acc19ceae134d3fc5ce28a69b95831861cfc904c62ea2cbc5f006382337a574c0b1280c34e6cd3fb05edc30681f2d282aed55fb54237ca71218ce6

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        8bf7aa00d6f746f22bcd11b3f887a197

                                                                                        SHA1

                                                                                        27a14c0966b39bf84defddf389613efaa891bdd2

                                                                                        SHA256

                                                                                        17a195ed25a1454da8998a0b2c64afc3ea0be9538bf85ccda49b80a10d313e4b

                                                                                        SHA512

                                                                                        be0aed252a0dbea70a70852e86bc5b69184e9f137e5352d3bc077ae8a57934af979b9fe8042bb8e378742e9cfdee240ed8d8612cdb9473c1ec8b075472ef29fc

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                                                        Filesize

                                                                                        20KB

                                                                                        MD5

                                                                                        97167dca4cc9554a579a4b7d2a9d812a

                                                                                        SHA1

                                                                                        9dbec61eb82e8eb72d6d2d84743149fc0954934d

                                                                                        SHA256

                                                                                        c9217ef225bf841bbaa1c45cc4268ce44b529b1303c93466fef4ba35a76349b0

                                                                                        SHA512

                                                                                        d889b792d4c4d37057df4f8c2f3832f54f0a6b45044b123bd588e7e3307328fb52cbbe0ace341a0cbd95b4750340771468b183d11409b51acdd1656d3bc4f16c

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                        Filesize

                                                                                        319B

                                                                                        MD5

                                                                                        e217de56487c01c259d61101484f97a4

                                                                                        SHA1

                                                                                        4110a2032926685c768406b318607f1d05cf91cd

                                                                                        SHA256

                                                                                        921932b925d4a9632daad5edc4d7a52e6919eaff5291ed97fe00e180c8fc73fc

                                                                                        SHA512

                                                                                        76bfb3b098cfcf87ebaf1d83bf0d75e321296fe4dd3f2919c1a01f11e7f659faa78891f1f4d1500f0863a5504d45b23fb491e4300ad0fa262a0656745356a6de

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                        Filesize

                                                                                        28KB

                                                                                        MD5

                                                                                        a5cf1e93ab4ea4eb7e76351010913273

                                                                                        SHA1

                                                                                        0f9f4c75a32dc323fccd3e8a1d2345b18c0548dc

                                                                                        SHA256

                                                                                        b7d07a89404ee305503ee8cda81dfd473b389a552bcced9991e3dc761b81ff44

                                                                                        SHA512

                                                                                        a8402868193803ee526327da54cbdad7d36ed331732d9930a2de746afab54fe92fb55e5d7ca106f701b45b73cd1687a9cd5d76cd35830fcfd0d386cb5b8dc8ee

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                        Filesize

                                                                                        264KB

                                                                                        MD5

                                                                                        e77bbb9540236616d43aa45cfcaf5e55

                                                                                        SHA1

                                                                                        e9fa276d997248cfa70518837a76111f5d5b9db8

                                                                                        SHA256

                                                                                        d2a68a14fc67355d86faba0f0cca531b1361078fdb170f8cf30db68847ab4201

                                                                                        SHA512

                                                                                        4204c7cb4301c878e50e7c55b84c1fd1ae35dfc88a90f901746ff3e6d90753adfb19776f6d53da514789a4eef35b1c0529f31c95302b18369ff08d5ad51e8b48

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                        Filesize

                                                                                        124KB

                                                                                        MD5

                                                                                        d73e7f8c5ca46dfef40c15a2aa6e1c1c

                                                                                        SHA1

                                                                                        14cb208c2291ef9e5d021ed25a3648bd466d42b5

                                                                                        SHA256

                                                                                        2efccb565aea9f7958548eba052574de1f31e98856c96563ac8599b876bd9e01

                                                                                        SHA512

                                                                                        958ec66f39206770a9293995f990305aa88c6cc1a3ee98a928d2eb5346791de8a5df40343c2547111e41257be20c0db4adf7498eec50f41524ffd34a7e562dab

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        d4078845bb71676f820c264423a14d59

                                                                                        SHA1

                                                                                        c77cad77ab0fe83c2e2e3d136f2229f0ed0eedc3

                                                                                        SHA256

                                                                                        f76ae37d1d4579227606aa33351859ec20461a584d8321acdafc33bd262b505f

                                                                                        SHA512

                                                                                        e64198c92afc1c878fc69c58ee6342c7959b9d808ca01ba63fb94d2c9c55545b99c7cb8744dbcd64c0cb40bf1ffca0a30e1eee94eecae3fed6ae7c7027b3f912

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        4b7acd85b82463dfcae9bfa87fb31f6f

                                                                                        SHA1

                                                                                        dba1a3853d20f6a5102112999eb874fcc7ee4906

                                                                                        SHA256

                                                                                        ac78a46aac7084a135732696303fcec1cb2e48a2f930900abc2de639dde532cb

                                                                                        SHA512

                                                                                        344e88c1f1f41bc4ab0856b32487dc3e19a20a02001a4de9671e5ff564808c850a44a75f38b1d55e913abebe7e9ed9862d13056b6fcaf57419ca6bacc039bc0d

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                        Filesize

                                                                                        334B

                                                                                        MD5

                                                                                        d7f2228533e6c6b50021cc7177f649cd

                                                                                        SHA1

                                                                                        be9fabc09e079cd76e33c6c0b2313fe1dad4a98f

                                                                                        SHA256

                                                                                        ce8200b9c977a98b7b507c39de6467c87e5f07b2ef6c842c5b3bde2f4e843163

                                                                                        SHA512

                                                                                        28b6acdc5ef15d999a95ba913f8cea312a274977d5972eed3fd4d4939cf12f57e655677289417387bc9259648dda0feb1a2561a67b49a07b841286b312fb7fef

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        8840800b13d633d8669570eb502e89ff

                                                                                        SHA1

                                                                                        7d96521317bb27b0132d590153f0dcb158883675

                                                                                        SHA256

                                                                                        bf052c04c0e2d7a5780020f388cea3aab1f935fdea18913260dade58c3cb1ca0

                                                                                        SHA512

                                                                                        8c0fe44504f804a52e2a41cfdff4efe3ed656c7ff8c9eb4f27a94b2a5b11160bbc8436f478593ce27cdb09c48e670ee3edef2700041e33338065b22c4c7a621e

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        10fbc902e1302a23d9134283f706043f

                                                                                        SHA1

                                                                                        312ce0fe7111c87c751c8255e6e0cec03270ca07

                                                                                        SHA256

                                                                                        c95792bc40bdbc08332be9bbbf143a544cec1ace526355326fc859a17322b6cb

                                                                                        SHA512

                                                                                        5781ff8b62465e385e341a25865e5248bb2428b6bac12bb50b50694a7f7a26099c5249f1a86392acfa93775b0bdf88ad733917cf7030b749e62ed6a65255db29

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        8bc00e11a418c3664cbf0a0184ae3f18

                                                                                        SHA1

                                                                                        f2594973d62e2a9a573590ff6ed4c0bf18ef74ed

                                                                                        SHA256

                                                                                        f10ce980db3a820894f2d1599e882a7517b9143daea0659dc0e8724afb454fca

                                                                                        SHA512

                                                                                        e3d046e49e380d976281baa068386b11515c9580705ff3915109dab7b037054b67823372dc2dc56d460f3b5b48f31d9b29846e4d62547342c4a5e184564f3e33

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        52a860d1e5d562de00cefc6b372f771b

                                                                                        SHA1

                                                                                        3b79d8ffcd3e844cd9e642de65758c9713e21aa4

                                                                                        SHA256

                                                                                        5750eea464b7f9889f1bf7dc5398185d7dec9c0e107803d5f6881240307abe33

                                                                                        SHA512

                                                                                        5c93eb248bdf9b091979b3b82985ab8f921ab7b1d62f0e17fd6836234445fd8333300ddc28deca13b3523aa5eb93ba91f85b71454e81380768e7ef1d9b18f70a

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        930763307ed8690ff92af03d52c7cced

                                                                                        SHA1

                                                                                        ff5b2090a0f1f1f837cbb19cde28717117f4b874

                                                                                        SHA256

                                                                                        82b93513c7bc31d69ffe17e8b983a23d63421be46f831d99a726e00c5ffb9605

                                                                                        SHA512

                                                                                        f181a05e4ec5607115c6a3e8faa5f1ff8194382439d5f53c4036c9ee98a09c6f201c58a076be212b3ad2ae0a8d64d6d72ad7619acec752bdb7d673279a94af6b

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        a6a65e8f3d7999cccee42590ab52184c

                                                                                        SHA1

                                                                                        7362a9134bc3563100b9371a9870d81b3d02e7bf

                                                                                        SHA256

                                                                                        bb31c6bc55b2b7ca0fa80eb6ed167de8b92bb0db08c3ee3709f59177acfc5034

                                                                                        SHA512

                                                                                        1e9d2e3e8511d50919e0492c32404a3208a6ff896985fecfd163165e5dbe8db0f0154dda4aa4c3793bbf205f779b7a2c8504485d5d697b77683aef58281c534d

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        58d53df4f69cebfc993a3aac3661b12e

                                                                                        SHA1

                                                                                        de228683816434da655eba711657e6b81fbd418e

                                                                                        SHA256

                                                                                        d2112f1cba3b7f68d74485505ea679b14bda089ec4d5c2884151575f2caeb63b

                                                                                        SHA512

                                                                                        e3e1e559a8eae51b752ad841b6ab718661cdf0e6db6c870cce88cd041bd4d1e1666e031bf3a88fa4e238ad2857b2e1a0ebe744bfa5961125cfb8a1524f4e2a12

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        8KB

                                                                                        MD5

                                                                                        62c0250aaa5c71e88f211ae26cc0251b

                                                                                        SHA1

                                                                                        8aef3e790f1ec6e2990c183411330b335555e6d7

                                                                                        SHA256

                                                                                        aeea44464523c8fdd194206ff7e4f355016e6448c84edc1cefa6059c8bfcc8dd

                                                                                        SHA512

                                                                                        dcd26fc2f4e23effaea9092086c9054c01f74f2cccdc77afc4c23c0b8a39de18da0762f9da27025acd49084aaa9bd4e34330b4ecf8d2edbe3a21ee3992640254

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        444afd3cd91dbd617bc759bae999ea51

                                                                                        SHA1

                                                                                        65e0ff82df4b5512117df9f3f57bf0daaed77d7e

                                                                                        SHA256

                                                                                        3dbd30be8693c3f3e775e82bd0a6da254070ebc9db7c64b5b6b833173bd9c14e

                                                                                        SHA512

                                                                                        9e27e36a9fa6c04b0d45ad98ce83d4f482bb5ec8f83d3b8bfb277580c2faae4413f33338583d1447b51a345c27e32f4370f906f1ce30e7ad89017c2413bb09b9

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        3f0110d5122158762fd8199ff6aa1155

                                                                                        SHA1

                                                                                        9f2b3bbebc7db6a2444aefc1535ca585e334e3e9

                                                                                        SHA256

                                                                                        541a73238b26488ca5b2941539e1c4d29c5bfdd2296ba74ef55b61385e08afe5

                                                                                        SHA512

                                                                                        4c104573855f68f225386fab33f48ede73e846f95b0c7097476f763ff22dfdf95e6154fff4d93fd8c8169c519651832f2d411318574ef53e1758f374388f1f96

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        47d7bb22a1132ebaad45ce137e6c9a58

                                                                                        SHA1

                                                                                        6e991199272f5064e611c1e8e502700c3444011c

                                                                                        SHA256

                                                                                        1771574b5c4e6270949459bc79833d1199049d6c725c13291eab70ddcd8b0cbc

                                                                                        SHA512

                                                                                        bb6188368e67f4ea4f1b03c53ceaad850f03a9861072b33fc3d402c207881ee7bf419c296a7463c6aad57ce042a6f354e70e6b70df932d9078d6fe7369aaca51

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                        Filesize

                                                                                        322B

                                                                                        MD5

                                                                                        4accb0c7bc65a2427bb91798645123dc

                                                                                        SHA1

                                                                                        c14b9519ae4c97aa354aec6deead5a58410f5c88

                                                                                        SHA256

                                                                                        00d93d8f43bdb43767d44df850cf49c1c10bd5fbd330f1902633399dc23424f2

                                                                                        SHA512

                                                                                        4273856ea5450ba10ac623f025c8086c049fb7e47a2e83c508c98edd9c490eb85c90cb84da884549c97bc76f99339b1ace9632994f5cdc53df5ba57d3842c551

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373506172359118

                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        d1a99fc085fbfab93906e75db298b624

                                                                                        SHA1

                                                                                        19da5ce678a7deed829d870938bab0da6489af49

                                                                                        SHA256

                                                                                        77861fc3c16900c4364d707c0310a743e0d6372dca9380c82a4ae1bd13aa0407

                                                                                        SHA512

                                                                                        f2c1391d0c8c06c41b4a31a855aaea838caf63569541ea6e746e85a1f03c8ed8494572d2dfbfb58eb0c1637e638c68ed67742b1956a96a88b0528b6d252801ed

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                                                        Filesize

                                                                                        244B

                                                                                        MD5

                                                                                        a9de5803ef7696d6458cf9cb4130f152

                                                                                        SHA1

                                                                                        96a425e949764f4a9e91118b1a8af90566168f06

                                                                                        SHA256

                                                                                        4a72ca25a5a2217b23276e2c913578fb54e49fc260556fc0a06382bce2170462

                                                                                        SHA512

                                                                                        42f240e54c1003d9ace1a458e73a5958d20af7fc15499619a34128a931b723508db043bbe7d29347363396e7f4264f574b9f7898c5c567fab7ae2fba28420b46

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                        Filesize

                                                                                        347B

                                                                                        MD5

                                                                                        1620821f532a59cadd6eb172fe81279f

                                                                                        SHA1

                                                                                        d81c05a0e5dcafe804a00a98ae59a92b9edff6f0

                                                                                        SHA256

                                                                                        435b400905e79c5a5d79337a47954672e7c714703b5d39cad62d32ae41c34772

                                                                                        SHA512

                                                                                        75396dfe0ba2b85f4f26dc0ea507ae6807bd2c0a89fadce10549d5f593c89bcb019fdf4748f24b9a6c5250ee4600bc0773e65a2967378df5843e15589069df0f

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                        Filesize

                                                                                        323B

                                                                                        MD5

                                                                                        fd10518f1b2db288e3c039026cc28d81

                                                                                        SHA1

                                                                                        1ad55b66560706f44f09983b032b778bfe308eda

                                                                                        SHA256

                                                                                        2464e1662899ca5a65d156ab8188e4f02b26cdccc7f56b7e09548190815843ac

                                                                                        SHA512

                                                                                        36cb3183cf0b34552d3446b0885d4445aeb4227be1660e5e43bfd885dc877320457f6ce80a2e51107aed72fd3d8d2646bf6d23bc568db02fa7522bba969d8c8b

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        97ea285f2f370ebeb980f2452a82fe8e

                                                                                        SHA1

                                                                                        6cefa096056b5b93f9cd228c23946430f2057157

                                                                                        SHA256

                                                                                        e5ce4db4d58c487a8613d6642f9f8be99e214a01f7aea445157a2a7b732ff818

                                                                                        SHA512

                                                                                        b8cfabda6d8375fcc4d45b01f49a92e3aa62d86950869ba7148d66af500bdc1f4ef6ab656887806579fefaa4a9cf0fc1819c80c91eb8025c1bef575d75c4aafe

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        53a2732df1cc652770e378fffd842ae4

                                                                                        SHA1

                                                                                        abc152d3c7f6590781b89ed5838e4b1d676d6baa

                                                                                        SHA256

                                                                                        448399ab249cc8924cf3d6f08f93dad849995b40f1390a3e185c53557cea04f9

                                                                                        SHA512

                                                                                        ba80bcf434d55afade2548682a3f90236dfff103bcc267fb3efc21bc740255821d3ee32084a16e01d374b26623a1ff84a4bebc22cdc6708692aa890ea5447671

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        5b010572d6aa30a5c9655ef98b7586ca

                                                                                        SHA1

                                                                                        4a0a8b7943b033de602ea9d002fdbf5f255f8720

                                                                                        SHA256

                                                                                        af2b32728c75e6ae8d74f0ec6bfd98cbede32bd94fe6e041a831874c10c04bbe

                                                                                        SHA512

                                                                                        fadfdafdf05c1b2ff6a2cbe192e2953c044f630cdd50a9bf739af3f24ab0d6391ba84ce80676277ecfdccf04e62e29a2efb91876ef59bb36eebb75f2c05c0daf

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        b5608c90e56afe82b919cefb57a543ee

                                                                                        SHA1

                                                                                        712caec795df10442c9465128c3ba6620298d94d

                                                                                        SHA256

                                                                                        0e491ed92ee7b4385cfa5fa6d37b5dc302fd891415247b26264345d8cddb6059

                                                                                        SHA512

                                                                                        926ea8de803b7a2ff74a18aacae1bd9036055f248de951f57a2edcf9f2f4f87fc90097fc9537058baa3468ee8e191d871bbbea16ba5af747f659a8fce08057fd

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        72701bbd88082c9a67b792d216cc46f8

                                                                                        SHA1

                                                                                        a41f5c044a3505de2469cb7e40f53c1fcff55046

                                                                                        SHA256

                                                                                        14e0ebe8e86114fec020ccf277a7771416f58c57a3b95c566b2a83a0b095cc33

                                                                                        SHA512

                                                                                        d15bafec5a5d1d4921be3ca34f7b1c1818927d8f917ad27915bf3a56fb40414d781b8eb3d813008ed017f1e7fa327022e07402869303163260492733637e7d43

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        4b890ccf443c51353596aafc1837e364

                                                                                        SHA1

                                                                                        83cdd868c2087e0119a33d7f11b69813d76c8a1d

                                                                                        SHA256

                                                                                        f834813dd657f1f1e6fadaf26d2c21b9e9fca85b24efedc9bc891d9c98b7b8bd

                                                                                        SHA512

                                                                                        648fa8689bdc02d746babf18dc2ee55f8e6483a76aa8bd009286cbfc6ea41ccbf4ef4ab887ae5ab3e5ca32139cae00e4fd89dc5a9dff698b4639da28d8194ca0

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8bc.TMP

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        1538e7b94e82949f9bf80d2347a78663

                                                                                        SHA1

                                                                                        147e1fe26c94f48562ec82041226d70bc1872cf7

                                                                                        SHA256

                                                                                        7bca80fd89e2facd910cce0814172213b9ac7efc6ce3bcfa7dc9aa5a8a173ac7

                                                                                        SHA512

                                                                                        a90bc3fc4fbb9708e94185b81f43d30721133c1fee33a5423e9a2bee727f5ffdfe705d2663501055b54d8904854d9e274310986a85b60d4be40adc59b20ec003

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                        Filesize

                                                                                        128KB

                                                                                        MD5

                                                                                        2a9c65944a537ccb6f2d58695c361efb

                                                                                        SHA1

                                                                                        715a3a4c2effb01f0192a972281af5c914cdfb22

                                                                                        SHA256

                                                                                        4f49e56d57b85e127891696978251d20d8621b3dfe94d5cb437107ac24ee2b7c

                                                                                        SHA512

                                                                                        e721248bdbcf9b5c0ec8f59aa36a01cf6e2eb763c427b3e4fd9116008edfe02ea4c73a5173759d1d09a5e67c5d023b41b112ae7562ef94b031b2f8ca5f90fc59

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                        Filesize

                                                                                        116KB

                                                                                        MD5

                                                                                        0c0236ccd6c194568cd56e2db6c78f09

                                                                                        SHA1

                                                                                        c75b36f942505545d73b478e211b6492bb19c6ab

                                                                                        SHA256

                                                                                        94da596844f36b03eb9bd3bd122e2c27bc79dbe2144d01a4f359ed175b711df7

                                                                                        SHA512

                                                                                        87ef4cc384b003bb298576fafa01fa5fa10f056c0f1584529311e30b887486b166321cc366be5c3c557a86a8d2483039b9ca943945200967ed057181720505a9

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        46295cac801e5d4857d09837238a6394

                                                                                        SHA1

                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                        SHA256

                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                        SHA512

                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        206702161f94c5cd39fadd03f4014d98

                                                                                        SHA1

                                                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                        SHA256

                                                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                        SHA512

                                                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                        Filesize

                                                                                        88KB

                                                                                        MD5

                                                                                        f85fdec9ad2f5ea14e1ec07b6143c1d3

                                                                                        SHA1

                                                                                        5423a188110b8d0964a927b2e2c45f623a305e07

                                                                                        SHA256

                                                                                        1058078764af89e18abbcf04fbf1d86ef4f0d05b1cac0027dab90d66ec54b7cc

                                                                                        SHA512

                                                                                        a069351fcf7cb457816967cec329d39ea141080e6d8429ae20c846c47f2721b7d79fd62806057bba1eb460968e6897d5bd72c3c84bd3c0eb0372bd5060bd6d6a

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        df1b90ca9ac178ad2ddb923e90979502

                                                                                        SHA1

                                                                                        025abf8159e1b10905440f119d46d9890ded6b19

                                                                                        SHA256

                                                                                        b294bbfe0a989017400c73a3e2a154ebbc2d0c1a9f427fe121741504b29b7915

                                                                                        SHA512

                                                                                        64622e2d72bd1c798fcb44392c5c8b216c8beb1ba93b09ba0f5cd6e5fda7a1e0879beb1230b2b1e949a1949a0b4841ff59b1ee7570096616fb92c512189939ce

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                        Filesize

                                                                                        319B

                                                                                        MD5

                                                                                        328aba71a0d6b45b0c056956cab3f0f7

                                                                                        SHA1

                                                                                        186ddccac4aab2296944b46ef057626985a7d489

                                                                                        SHA256

                                                                                        f8b7d2905655286a0cb95ed6a490036515b80e81db1efc6af9aeb6765a32963b

                                                                                        SHA512

                                                                                        8d9e6e2590f32aaf2a9aa04cc5810b6f1b90cae3d829cd38a8a900387a5ab14ac0c518adecd37c0bc0b2ee0d7804b248510c58d9dcffadd639ca4bcf11d4e8a3

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                        Filesize

                                                                                        652B

                                                                                        MD5

                                                                                        503807a23b2f0ae91e9040ae3696d745

                                                                                        SHA1

                                                                                        cce524056befe2aae327413aa740e51ab7c8fce7

                                                                                        SHA256

                                                                                        06a1edcf54e26f0179ba3eee0ab930418d433b1249b546268362d82b93ef8a94

                                                                                        SHA512

                                                                                        71765659cc78e7f14a522b6f143dcee9ff688e16790b2829a92cd0ec2a5e45eb6a9e28513137c79c3c9c6e19a5d6b17cc97139cf5f8d27136f9cd6852ac6d4e5

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                        Filesize

                                                                                        337B

                                                                                        MD5

                                                                                        69dc2fa612f591d584e44cb26f17d11c

                                                                                        SHA1

                                                                                        660d7767173582b2ac72662e6386e19b26478f36

                                                                                        SHA256

                                                                                        f0a4dfde1cfa969b1b40f52a29ff7544f951ebc51f60fc4047a6386d62971249

                                                                                        SHA512

                                                                                        8930a6897bb63a9d539eb7fef0f06e193236c30780837b9da9231ac7067ec8df87ab647a470eb8d9d4a14a3094d65065debbc8c330c18df1feec56e9eaf95bdd

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                        Filesize

                                                                                        11B

                                                                                        MD5

                                                                                        838a7b32aefb618130392bc7d006aa2e

                                                                                        SHA1

                                                                                        5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                                        SHA256

                                                                                        ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                                        SHA512

                                                                                        9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        10KB

                                                                                        MD5

                                                                                        b98a48068e2af88f5659e944bbd46061

                                                                                        SHA1

                                                                                        735a29c723cb43ff2b3c3c1ae52c6b6a313eff9e

                                                                                        SHA256

                                                                                        ebea4f3f990bbce1c6c4fdd4ffa457beb614b2a7352c0dc18906b3c5c583b916

                                                                                        SHA512

                                                                                        f49fd1cdaa0563e31d8eff14c3c6e154fb2f04fa60ae602be32ef2baef053229e3a6b7f887beb9b0cc027d9e4f6ebeab79b932fd389b238b7716638a85bfcbb4

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        f0d86a629b9c20076b40372787183c90

                                                                                        SHA1

                                                                                        c5dfd9f41b5eee5d14e047afd8ac36f0b62423bd

                                                                                        SHA256

                                                                                        fae158d5a5199b169b665e81eb2cd74c3f89a2b509da7772cf54e1dc800dc0cc

                                                                                        SHA512

                                                                                        e93964cd7acfd19a2c0514f1210fd8fb950d3667f9164f526267be9aa13ea5e5463d39ebebf46202e7e146844125615c0e62a34b61490298671016fd11a178c7

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        87def88e879192fa87c6ff12c2a0d273

                                                                                        SHA1

                                                                                        a8e1aa9983cc86281cc94426794be0c22e81b875

                                                                                        SHA256

                                                                                        9fc3d8baaed12bbf639691da9753020840f8a603ddb0a37464ce09835a2170cc

                                                                                        SHA512

                                                                                        be7d9f843a57ffad0e5238be2b69aaad1e4f39d01af340a1b958a5e5a11ab85b537c2466a9aa60eccee0b07dfe583b2db0ed5f6464de020e4aefcdb66015afc1

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        7dc9abec6ecc70614c518ab748db9cd1

                                                                                        SHA1

                                                                                        b89a2630baa1a94c3757c1ff5635a3b41d5710f0

                                                                                        SHA256

                                                                                        ef97ad81f6e6586437ad6998d96e5b69cda6dc666c62e3331fcd55a4503653f5

                                                                                        SHA512

                                                                                        0cfd9a4fc53a7bef21429d6919853f04f45a595e8da071fbe543b2736ee1574606596074c0ea1ff4cfce9de0a3013f63b5e196ee29d6168c54fe65bf32a42b39

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        9bae3c6d877647bfb3b6af5547e056da

                                                                                        SHA1

                                                                                        ae23f22307c2bb5c5915bf7bb22347694135d1f4

                                                                                        SHA256

                                                                                        279842290a81355906dff6fa3a9cace0e3b3c77e86f523627aca102a79cbf5b1

                                                                                        SHA512

                                                                                        fb34aea96471ff6b39ee93591fcef5bb7dfb48d8767412776901c4e1715a1be6653ad9f42e4a0161a386ebeb44c07099e4a98739cae6d75bc491b6683afc46c0

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                                                        Filesize

                                                                                        264KB

                                                                                        MD5

                                                                                        1ba02f709d5c7e68c170f732ef46bcec

                                                                                        SHA1

                                                                                        ab0924df35ecaff699ed6c02634d55b04c9dd6a6

                                                                                        SHA256

                                                                                        2f06d812e5d51ff3168dab2ff58ae96e10bde6e9999b2cd30a8dafb0e73f23a3

                                                                                        SHA512

                                                                                        1147c87606d82a816250b20cd57ecea49e7eb6808f09c7fb485ac2a877c1db5210ab595b8f433b1bf53ba6278e7591feb7b40126dce0aef3fba6ceb8526b167b

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        e8a082b28cc7c32002e665c010603bf7

                                                                                        SHA1

                                                                                        76d262d5de6723864f42d23bf629d2ecfab00b7e

                                                                                        SHA256

                                                                                        1421fa55511caa644ab572a68763b653df48ef619171d626bdb49bfa3f9b9218

                                                                                        SHA512

                                                                                        cb7ba96f80c84643b453f3cda62b4af80168da44e1391cfe802b83f917c5765be68283c88044794408c993971915f55b805453263f80608e92feb70a08f5f859

                                                                                      • C:\note.txt

                                                                                        Filesize

                                                                                        218B

                                                                                        MD5

                                                                                        afa6955439b8d516721231029fb9ca1b

                                                                                        SHA1

                                                                                        087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                                                        SHA256

                                                                                        8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                                                        SHA512

                                                                                        5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf