Analysis Overview
Threat Level: Shows suspicious behavior
The file https://malwarewatch.org/ was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: LoadsDriver
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-15 22:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-15 22:49
Reported
2024-10-15 22:53
Platform
win10v2004-20241007-en
Max time kernel
198s
Max time network
181s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ\[email protected] | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ\[email protected] | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://malwarewatch.org/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]"
C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]" /main
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3838055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | malwarewatch.org | udp |
| US | 104.21.46.176:443 | malwarewatch.org | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.249.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 172.217.16.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| GB | 104.124.175.134:80 | answers.microsoft.com | tcp |
| GB | 104.124.175.134:80 | answers.microsoft.com | tcp |
| GB | 104.124.175.134:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | 134.175.124.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| GB | 2.19.117.14:443 | identity.nel.measure.office.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | answersstaticfilecdnv2.azureedge.net | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 152.199.21.175:443 | acctcdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.168.112.67:443 | browser.events.data.microsoft.com | tcp |
| US | 52.168.112.67:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.197.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 172.217.16.228:80 | google.co.ck | tcp |
| GB | 172.217.16.228:80 | google.co.ck | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_5088_VZBQXPNESUFMEHYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52a860d1e5d562de00cefc6b372f771b |
| SHA1 | 3b79d8ffcd3e844cd9e642de65758c9713e21aa4 |
| SHA256 | 5750eea464b7f9889f1bf7dc5398185d7dec9c0e107803d5f6881240307abe33 |
| SHA512 | 5c93eb248bdf9b091979b3b82985ab8f921ab7b1d62f0e17fd6836234445fd8333300ddc28deca13b3523aa5eb93ba91f85b71454e81380768e7ef1d9b18f70a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b98a48068e2af88f5659e944bbd46061 |
| SHA1 | 735a29c723cb43ff2b3c3c1ae52c6b6a313eff9e |
| SHA256 | ebea4f3f990bbce1c6c4fdd4ffa457beb614b2a7352c0dc18906b3c5c583b916 |
| SHA512 | f49fd1cdaa0563e31d8eff14c3c6e154fb2f04fa60ae602be32ef2baef053229e3a6b7f887beb9b0cc027d9e4f6ebeab79b932fd389b238b7716638a85bfcbb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 444afd3cd91dbd617bc759bae999ea51 |
| SHA1 | 65e0ff82df4b5512117df9f3f57bf0daaed77d7e |
| SHA256 | 3dbd30be8693c3f3e775e82bd0a6da254070ebc9db7c64b5b6b833173bd9c14e |
| SHA512 | 9e27e36a9fa6c04b0d45ad98ce83d4f482bb5ec8f83d3b8bfb277580c2faae4413f33338583d1447b51a345c27e32f4370f906f1ce30e7ad89017c2413bb09b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 97ea285f2f370ebeb980f2452a82fe8e |
| SHA1 | 6cefa096056b5b93f9cd228c23946430f2057157 |
| SHA256 | e5ce4db4d58c487a8613d6642f9f8be99e214a01f7aea445157a2a7b732ff818 |
| SHA512 | b8cfabda6d8375fcc4d45b01f49a92e3aa62d86950869ba7148d66af500bdc1f4ef6ab656887806579fefaa4a9cf0fc1819c80c91eb8025c1bef575d75c4aafe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8bc.TMP
| MD5 | 1538e7b94e82949f9bf80d2347a78663 |
| SHA1 | 147e1fe26c94f48562ec82041226d70bc1872cf7 |
| SHA256 | 7bca80fd89e2facd910cce0814172213b9ac7efc6ce3bcfa7dc9aa5a8a173ac7 |
| SHA512 | a90bc3fc4fbb9708e94185b81f43d30721133c1fee33a5423e9a2bee727f5ffdfe705d2663501055b54d8904854d9e274310986a85b60d4be40adc59b20ec003 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58d53df4f69cebfc993a3aac3661b12e |
| SHA1 | de228683816434da655eba711657e6b81fbd418e |
| SHA256 | d2112f1cba3b7f68d74485505ea679b14bda089ec4d5c2884151575f2caeb63b |
| SHA512 | e3e1e559a8eae51b752ad841b6ab718661cdf0e6db6c870cce88cd041bd4d1e1666e031bf3a88fa4e238ad2857b2e1a0ebe744bfa5961125cfb8a1524f4e2a12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | d1677a0d949e89c43f0ff76eebec2b87 |
| SHA1 | 66f5841f3afcf24ddaec6c30e3da068ad6fa8b0a |
| SHA256 | a25c68582926060a5a74f6713632404823c4b9a08c09e9ed6b80c8e15a8f0547 |
| SHA512 | 92da2b78b9ce1cbc25ccdba6b7235666b810eb452e3f021d3844c9bf688beaaccc42a16ba67fa30f604c0cad44e2e9d4c8de4647c0b128bd29adcc3307e85360 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53a2732df1cc652770e378fffd842ae4 |
| SHA1 | abc152d3c7f6590781b89ed5838e4b1d676d6baa |
| SHA256 | 448399ab249cc8924cf3d6f08f93dad849995b40f1390a3e185c53557cea04f9 |
| SHA512 | ba80bcf434d55afade2548682a3f90236dfff103bcc267fb3efc21bc740255821d3ee32084a16e01d374b26623a1ff84a4bebc22cdc6708692aa890ea5447671 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72701bbd88082c9a67b792d216cc46f8 |
| SHA1 | a41f5c044a3505de2469cb7e40f53c1fcff55046 |
| SHA256 | 14e0ebe8e86114fec020ccf277a7771416f58c57a3b95c566b2a83a0b095cc33 |
| SHA512 | d15bafec5a5d1d4921be3ca34f7b1c1818927d8f917ad27915bf3a56fb40414d781b8eb3d813008ed017f1e7fa327022e07402869303163260492733637e7d43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 341b4775b3aba00206945eec71ef4fdb |
| SHA1 | 1ef2870445e843c11406ed0a507e36b0048f07f2 |
| SHA256 | 40abf8b285aa280c373fb3da63eb1b5d24a0479a935587e9969a36c21e9642e9 |
| SHA512 | 5591b9b687acc19ceae134d3fc5ce28a69b95831861cfc904c62ea2cbc5f006382337a574c0b1280c34e6cd3fb05edc30681f2d282aed55fb54237ca71218ce6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b5608c90e56afe82b919cefb57a543ee |
| SHA1 | 712caec795df10442c9465128c3ba6620298d94d |
| SHA256 | 0e491ed92ee7b4385cfa5fa6d37b5dc302fd891415247b26264345d8cddb6059 |
| SHA512 | 926ea8de803b7a2ff74a18aacae1bd9036055f248de951f57a2edcf9f2f4f87fc90097fc9537058baa3468ee8e191d871bbbea16ba5af747f659a8fce08057fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87def88e879192fa87c6ff12c2a0d273 |
| SHA1 | a8e1aa9983cc86281cc94426794be0c22e81b875 |
| SHA256 | 9fc3d8baaed12bbf639691da9753020840f8a603ddb0a37464ce09835a2170cc |
| SHA512 | be7d9f843a57ffad0e5238be2b69aaad1e4f39d01af340a1b958a5e5a11ab85b537c2466a9aa60eccee0b07dfe583b2db0ed5f6464de020e4aefcdb66015afc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62c0250aaa5c71e88f211ae26cc0251b |
| SHA1 | 8aef3e790f1ec6e2990c183411330b335555e6d7 |
| SHA256 | aeea44464523c8fdd194206ff7e4f355016e6448c84edc1cefa6059c8bfcc8dd |
| SHA512 | dcd26fc2f4e23effaea9092086c9054c01f74f2cccdc77afc4c23c0b8a39de18da0762f9da27025acd49084aaa9bd4e34330b4ecf8d2edbe3a21ee3992640254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8bc00e11a418c3664cbf0a0184ae3f18 |
| SHA1 | f2594973d62e2a9a573590ff6ed4c0bf18ef74ed |
| SHA256 | f10ce980db3a820894f2d1599e882a7517b9143daea0659dc0e8724afb454fca |
| SHA512 | e3d046e49e380d976281baa068386b11515c9580705ff3915109dab7b037054b67823372dc2dc56d460f3b5b48f31d9b29846e4d62547342c4a5e184564f3e33 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9bae3c6d877647bfb3b6af5547e056da |
| SHA1 | ae23f22307c2bb5c5915bf7bb22347694135d1f4 |
| SHA256 | 279842290a81355906dff6fa3a9cace0e3b3c77e86f523627aca102a79cbf5b1 |
| SHA512 | fb34aea96471ff6b39ee93591fcef5bb7dfb48d8767412776901c4e1715a1be6653ad9f42e4a0161a386ebeb44c07099e4a98739cae6d75bc491b6683afc46c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b890ccf443c51353596aafc1837e364 |
| SHA1 | 83cdd868c2087e0119a33d7f11b69813d76c8a1d |
| SHA256 | f834813dd657f1f1e6fadaf26d2c21b9e9fca85b24efedc9bc891d9c98b7b8bd |
| SHA512 | 648fa8689bdc02d746babf18dc2ee55f8e6483a76aa8bd009286cbfc6ea41ccbf4ef4ab887ae5ab3e5ca32139cae00e4fd89dc5a9dff698b4639da28d8194ca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8bf7aa00d6f746f22bcd11b3f887a197 |
| SHA1 | 27a14c0966b39bf84defddf389613efaa891bdd2 |
| SHA256 | 17a195ed25a1454da8998a0b2c64afc3ea0be9538bf85ccda49b80a10d313e4b |
| SHA512 | be0aed252a0dbea70a70852e86bc5b69184e9f137e5352d3bc077ae8a57934af979b9fe8042bb8e378742e9cfdee240ed8d8612cdb9473c1ec8b075472ef29fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 930763307ed8690ff92af03d52c7cced |
| SHA1 | ff5b2090a0f1f1f837cbb19cde28717117f4b874 |
| SHA256 | 82b93513c7bc31d69ffe17e8b983a23d63421be46f831d99a726e00c5ffb9605 |
| SHA512 | f181a05e4ec5607115c6a3e8faa5f1ff8194382439d5f53c4036c9ee98a09c6f201c58a076be212b3ad2ae0a8d64d6d72ad7619acec752bdb7d673279a94af6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7dc9abec6ecc70614c518ab748db9cd1 |
| SHA1 | b89a2630baa1a94c3757c1ff5635a3b41d5710f0 |
| SHA256 | ef97ad81f6e6586437ad6998d96e5b69cda6dc666c62e3331fcd55a4503653f5 |
| SHA512 | 0cfd9a4fc53a7bef21429d6919853f04f45a595e8da071fbe543b2736ee1574606596074c0ea1ff4cfce9de0a3013f63b5e196ee29d6168c54fe65bf32a42b39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 10fbc902e1302a23d9134283f706043f |
| SHA1 | 312ce0fe7111c87c751c8255e6e0cec03270ca07 |
| SHA256 | c95792bc40bdbc08332be9bbbf143a544cec1ace526355326fc859a17322b6cb |
| SHA512 | 5781ff8b62465e385e341a25865e5248bb2428b6bac12bb50b50694a7f7a26099c5249f1a86392acfa93775b0bdf88ad733917cf7030b749e62ed6a65255db29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b010572d6aa30a5c9655ef98b7586ca |
| SHA1 | 4a0a8b7943b033de602ea9d002fdbf5f255f8720 |
| SHA256 | af2b32728c75e6ae8d74f0ec6bfd98cbede32bd94fe6e041a831874c10c04bbe |
| SHA512 | fadfdafdf05c1b2ff6a2cbe192e2953c044f630cdd50a9bf739af3f24ab0d6391ba84ce80676277ecfdccf04e62e29a2efb91876ef59bb36eebb75f2c05c0daf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 295d62697b4b5903eb8c0ed78aba5d68 |
| SHA1 | 8c2c61087f6c510def41af14af8106676dbe64a3 |
| SHA256 | c00b3c2ad8eff1e136da0abda5b8c9e13de58ba2c4b86b7c18f0aae6ede15e46 |
| SHA512 | d6b3f761cb0ed5bb0dc909534892806a65352f76c3838462d1a99cd1d1b044f628f106dac8909dbb666b09dcd87e0ff0ae3c9a5dcb65a257bae7acf1227a4abc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 2a9c65944a537ccb6f2d58695c361efb |
| SHA1 | 715a3a4c2effb01f0192a972281af5c914cdfb22 |
| SHA256 | 4f49e56d57b85e127891696978251d20d8621b3dfe94d5cb437107ac24ee2b7c |
| SHA512 | e721248bdbcf9b5c0ec8f59aa36a01cf6e2eb763c427b3e4fd9116008edfe02ea4c73a5173759d1d09a5e67c5d023b41b112ae7562ef94b031b2f8ca5f90fc59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373506172359118
| MD5 | d1a99fc085fbfab93906e75db298b624 |
| SHA1 | 19da5ce678a7deed829d870938bab0da6489af49 |
| SHA256 | 77861fc3c16900c4364d707c0310a743e0d6372dca9380c82a4ae1bd13aa0407 |
| SHA512 | f2c1391d0c8c06c41b4a31a855aaea838caf63569541ea6e746e85a1f03c8ed8494572d2dfbfb58eb0c1637e638c68ed67742b1956a96a88b0528b6d252801ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | a9de5803ef7696d6458cf9cb4130f152 |
| SHA1 | 96a425e949764f4a9e91118b1a8af90566168f06 |
| SHA256 | 4a72ca25a5a2217b23276e2c913578fb54e49fc260556fc0a06382bce2170462 |
| SHA512 | 42f240e54c1003d9ace1a458e73a5958d20af7fc15499619a34128a931b723508db043bbe7d29347363396e7f4264f574b9f7898c5c567fab7ae2fba28420b46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 1620821f532a59cadd6eb172fe81279f |
| SHA1 | d81c05a0e5dcafe804a00a98ae59a92b9edff6f0 |
| SHA256 | 435b400905e79c5a5d79337a47954672e7c714703b5d39cad62d32ae41c34772 |
| SHA512 | 75396dfe0ba2b85f4f26dc0ea507ae6807bd2c0a89fadce10549d5f593c89bcb019fdf4748f24b9a6c5250ee4600bc0773e65a2967378df5843e15589069df0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 0c0236ccd6c194568cd56e2db6c78f09 |
| SHA1 | c75b36f942505545d73b478e211b6492bb19c6ab |
| SHA256 | 94da596844f36b03eb9bd3bd122e2c27bc79dbe2144d01a4f359ed175b711df7 |
| SHA512 | 87ef4cc384b003bb298576fafa01fa5fa10f056c0f1584529311e30b887486b166321cc366be5c3c557a86a8d2483039b9ca943945200967ed057181720505a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | a5cf1e93ab4ea4eb7e76351010913273 |
| SHA1 | 0f9f4c75a32dc323fccd3e8a1d2345b18c0548dc |
| SHA256 | b7d07a89404ee305503ee8cda81dfd473b389a552bcced9991e3dc761b81ff44 |
| SHA512 | a8402868193803ee526327da54cbdad7d36ed331732d9930a2de746afab54fe92fb55e5d7ca106f701b45b73cd1687a9cd5d76cd35830fcfd0d386cb5b8dc8ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | d73e7f8c5ca46dfef40c15a2aa6e1c1c |
| SHA1 | 14cb208c2291ef9e5d021ed25a3648bd466d42b5 |
| SHA256 | 2efccb565aea9f7958548eba052574de1f31e98856c96563ac8599b876bd9e01 |
| SHA512 | 958ec66f39206770a9293995f990305aa88c6cc1a3ee98a928d2eb5346791de8a5df40343c2547111e41257be20c0db4adf7498eec50f41524ffd34a7e562dab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | fd10518f1b2db288e3c039026cc28d81 |
| SHA1 | 1ad55b66560706f44f09983b032b778bfe308eda |
| SHA256 | 2464e1662899ca5a65d156ab8188e4f02b26cdccc7f56b7e09548190815843ac |
| SHA512 | 36cb3183cf0b34552d3446b0885d4445aeb4227be1660e5e43bfd885dc877320457f6ce80a2e51107aed72fd3d8d2646bf6d23bc568db02fa7522bba969d8c8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 1ba02f709d5c7e68c170f732ef46bcec |
| SHA1 | ab0924df35ecaff699ed6c02634d55b04c9dd6a6 |
| SHA256 | 2f06d812e5d51ff3168dab2ff58ae96e10bde6e9999b2cd30a8dafb0e73f23a3 |
| SHA512 | 1147c87606d82a816250b20cd57ecea49e7eb6808f09c7fb485ac2a877c1db5210ab595b8f433b1bf53ba6278e7591feb7b40126dce0aef3fba6ceb8526b167b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | f85fdec9ad2f5ea14e1ec07b6143c1d3 |
| SHA1 | 5423a188110b8d0964a927b2e2c45f623a305e07 |
| SHA256 | 1058078764af89e18abbcf04fbf1d86ef4f0d05b1cac0027dab90d66ec54b7cc |
| SHA512 | a069351fcf7cb457816967cec329d39ea141080e6d8429ae20c846c47f2721b7d79fd62806057bba1eb460968e6897d5bd72c3c84bd3c0eb0372bd5060bd6d6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | e77bbb9540236616d43aa45cfcaf5e55 |
| SHA1 | e9fa276d997248cfa70518837a76111f5d5b9db8 |
| SHA256 | d2a68a14fc67355d86faba0f0cca531b1361078fdb170f8cf30db68847ab4201 |
| SHA512 | 4204c7cb4301c878e50e7c55b84c1fd1ae35dfc88a90f901746ff3e6d90753adfb19776f6d53da514789a4eef35b1c0529f31c95302b18369ff08d5ad51e8b48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ef050553514dddb1fcbaadf6156ffe8 |
| SHA1 | 7ff6b2008e1be20aeff593c882317d409fabbf6d |
| SHA256 | 34915336411afb3237119d72d53db2dfe51b19bcd3dac6b889b5695b49bf71bd |
| SHA512 | 245357299eb76b4edf0028c15eb7107b7d17468e9d2caabbf0ef632dc9b1b1f92f4bc2201ba0171d66cbe076bf24b2458a925fdb5ef6f0bbe46f6a8023dd5ee6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a6a65e8f3d7999cccee42590ab52184c |
| SHA1 | 7362a9134bc3563100b9371a9870d81b3d02e7bf |
| SHA256 | bb31c6bc55b2b7ca0fa80eb6ed167de8b92bb0db08c3ee3709f59177acfc5034 |
| SHA512 | 1e9d2e3e8511d50919e0492c32404a3208a6ff896985fecfd163165e5dbe8db0f0154dda4aa4c3793bbf205f779b7a2c8504485d5d697b77683aef58281c534d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 47d7bb22a1132ebaad45ce137e6c9a58 |
| SHA1 | 6e991199272f5064e611c1e8e502700c3444011c |
| SHA256 | 1771574b5c4e6270949459bc79833d1199049d6c725c13291eab70ddcd8b0cbc |
| SHA512 | bb6188368e67f4ea4f1b03c53ceaad850f03a9861072b33fc3d402c207881ee7bf419c296a7463c6aad57ce042a6f354e70e6b70df932d9078d6fe7369aaca51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 4b7acd85b82463dfcae9bfa87fb31f6f |
| SHA1 | dba1a3853d20f6a5102112999eb874fcc7ee4906 |
| SHA256 | ac78a46aac7084a135732696303fcec1cb2e48a2f930900abc2de639dde532cb |
| SHA512 | 344e88c1f1f41bc4ab0856b32487dc3e19a20a02001a4de9671e5ff564808c850a44a75f38b1d55e913abebe7e9ed9862d13056b6fcaf57419ca6bacc039bc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 4accb0c7bc65a2427bb91798645123dc |
| SHA1 | c14b9519ae4c97aa354aec6deead5a58410f5c88 |
| SHA256 | 00d93d8f43bdb43767d44df850cf49c1c10bd5fbd330f1902633399dc23424f2 |
| SHA512 | 4273856ea5450ba10ac623f025c8086c049fb7e47a2e83c508c98edd9c490eb85c90cb84da884549c97bc76f99339b1ace9632994f5cdc53df5ba57d3842c551 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | d7f2228533e6c6b50021cc7177f649cd |
| SHA1 | be9fabc09e079cd76e33c6c0b2313fe1dad4a98f |
| SHA256 | ce8200b9c977a98b7b507c39de6467c87e5f07b2ef6c842c5b3bde2f4e843163 |
| SHA512 | 28b6acdc5ef15d999a95ba913f8cea312a274977d5972eed3fd4d4939cf12f57e655677289417387bc9259648dda0feb1a2561a67b49a07b841286b312fb7fef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | e217de56487c01c259d61101484f97a4 |
| SHA1 | 4110a2032926685c768406b318607f1d05cf91cd |
| SHA256 | 921932b925d4a9632daad5edc4d7a52e6919eaff5291ed97fe00e180c8fc73fc |
| SHA512 | 76bfb3b098cfcf87ebaf1d83bf0d75e321296fe4dd3f2919c1a01f11e7f659faa78891f1f4d1500f0863a5504d45b23fb491e4300ad0fa262a0656745356a6de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | df1b90ca9ac178ad2ddb923e90979502 |
| SHA1 | 025abf8159e1b10905440f119d46d9890ded6b19 |
| SHA256 | b294bbfe0a989017400c73a3e2a154ebbc2d0c1a9f427fe121741504b29b7915 |
| SHA512 | 64622e2d72bd1c798fcb44392c5c8b216c8beb1ba93b09ba0f5cd6e5fda7a1e0879beb1230b2b1e949a1949a0b4841ff59b1ee7570096616fb92c512189939ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 328aba71a0d6b45b0c056956cab3f0f7 |
| SHA1 | 186ddccac4aab2296944b46ef057626985a7d489 |
| SHA256 | f8b7d2905655286a0cb95ed6a490036515b80e81db1efc6af9aeb6765a32963b |
| SHA512 | 8d9e6e2590f32aaf2a9aa04cc5810b6f1b90cae3d829cd38a8a900387a5ab14ac0c518adecd37c0bc0b2ee0d7804b248510c58d9dcffadd639ca4bcf11d4e8a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 503807a23b2f0ae91e9040ae3696d745 |
| SHA1 | cce524056befe2aae327413aa740e51ab7c8fce7 |
| SHA256 | 06a1edcf54e26f0179ba3eee0ab930418d433b1249b546268362d82b93ef8a94 |
| SHA512 | 71765659cc78e7f14a522b6f143dcee9ff688e16790b2829a92cd0ec2a5e45eb6a9e28513137c79c3c9c6e19a5d6b17cc97139cf5f8d27136f9cd6852ac6d4e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 69dc2fa612f591d584e44cb26f17d11c |
| SHA1 | 660d7767173582b2ac72662e6386e19b26478f36 |
| SHA256 | f0a4dfde1cfa969b1b40f52a29ff7544f951ebc51f60fc4047a6386d62971249 |
| SHA512 | 8930a6897bb63a9d539eb7fef0f06e193236c30780837b9da9231ac7067ec8df87ab647a470eb8d9d4a14a3094d65065debbc8c330c18df1feec56e9eaf95bdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | d4078845bb71676f820c264423a14d59 |
| SHA1 | c77cad77ab0fe83c2e2e3d136f2229f0ed0eedc3 |
| SHA256 | f76ae37d1d4579227606aa33351859ec20461a584d8321acdafc33bd262b505f |
| SHA512 | e64198c92afc1c878fc69c58ee6342c7959b9d808ca01ba63fb94d2c9c55545b99c7cb8744dbcd64c0cb40bf1ffca0a30e1eee94eecae3fed6ae7c7027b3f912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 97167dca4cc9554a579a4b7d2a9d812a |
| SHA1 | 9dbec61eb82e8eb72d6d2d84743149fc0954934d |
| SHA256 | c9217ef225bf841bbaa1c45cc4268ce44b529b1303c93466fef4ba35a76349b0 |
| SHA512 | d889b792d4c4d37057df4f8c2f3832f54f0a6b45044b123bd588e7e3307328fb52cbbe0ace341a0cbd95b4750340771468b183d11409b51acdd1656d3bc4f16c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 71601813f25361aa84c3c245c83b7949 |
| SHA1 | 48bfaa854230cf7ff0969617d8524a8a66f184ac |
| SHA256 | 3b2d3dd628e5cd0a9c27e8e13cd1369a05bd2d06f66960cc4f3c1bfacd1b7e37 |
| SHA512 | cc7d8f37dd158c469112559bd5d00f3dab3c2e9402a6de245abad30fdb2033703a784b661c8452af1c950fca1aa25bdab6b9e6f1e2d800550f79209b88e9a269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | fceb092acdedb430b5106395ecdbdc60 |
| SHA1 | 6da83b39c14d8ff7f71bfcc437025eeb64098cc4 |
| SHA256 | 40d5939f7ab8ac41ddc559edc12d7b2fa977cd543abc959820ea0ed2f884dcd2 |
| SHA512 | 822c66f705441b80d276973137851d305d41f6329da330ce3fb8d5f5a8c74bc398cf807823e3afef34d171b595cd78ce836d39709712f68c87f3ed3a856ac085 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 19ca63722034ed47240ae597dcaeb012 |
| SHA1 | d1fe491e497bf1e44394246dc4b8b210da294d2a |
| SHA256 | 03761edcf26aa0d966068dd7bc5604c4636f9aa01908c1666ffbd395340b164d |
| SHA512 | f17be9da1f7bbbe6ecdb5ee135975c459d5552a967b1851f7adaa4153a564c34577bf01a5f15aa4da55a2a794175d71883f51d115b6ee50e5569c007c1a50a2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | db31e56907d568d4142e629e45dc699c |
| SHA1 | 4411317cdfa2dfff6a3652cd3d3a1859d44e2bf4 |
| SHA256 | 3a3bd7d634288d197080aa0f0d181b138817906f0e00e96a87bef2c44621f11b |
| SHA512 | a51ff1cc861a4c40dd3fd9354e1c2ecb05e751cea76209fa2879af28f2d29f48dc3dc7822d1b474d3a2b316a3aa31d6d5bb6da7f72c807ba06949d41014d2157 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | e8a082b28cc7c32002e665c010603bf7 |
| SHA1 | 76d262d5de6723864f42d23bf629d2ecfab00b7e |
| SHA256 | 1421fa55511caa644ab572a68763b653df48ef619171d626bdb49bfa3f9b9218 |
| SHA512 | cb7ba96f80c84643b453f3cda62b4af80168da44e1391cfe802b83f917c5765be68283c88044794408c993971915f55b805453263f80608e92feb70a08f5f859 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | 1585c4c0ffdb55b2a4fdc0b0f5c317be |
| SHA1 | aac0e0f12332063c75c690458b2cfe5acb800d0a |
| SHA256 | 18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5 |
| SHA512 | 7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c3d57d0edca44ec59bc4a5065593ea94 |
| SHA1 | e2ddf4dc566c3f19834d603bb11d2cd9d2bbe6cb |
| SHA256 | ad213949769cb5adfe330b009efa6f8be85e5411a56bb8ba131b12b7b2cf6836 |
| SHA512 | 14012e0cc4e878bdd89de0312efbd5e1f7e2af6a9b8c25e2a95b60018ed8339e3f53f325a3ced4a2697e53225def1a184f07a37253de038c15c51707701ccdbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f0d86a629b9c20076b40372787183c90 |
| SHA1 | c5dfd9f41b5eee5d14e047afd8ac36f0b62423bd |
| SHA256 | fae158d5a5199b169b665e81eb2cd74c3f89a2b509da7772cf54e1dc800dc0cc |
| SHA512 | e93964cd7acfd19a2c0514f1210fd8fb950d3667f9164f526267be9aa13ea5e5463d39ebebf46202e7e146844125615c0e62a34b61490298671016fd11a178c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f0110d5122158762fd8199ff6aa1155 |
| SHA1 | 9f2b3bbebc7db6a2444aefc1535ca585e334e3e9 |
| SHA256 | 541a73238b26488ca5b2941539e1c4d29c5bfdd2296ba74ef55b61385e08afe5 |
| SHA512 | 4c104573855f68f225386fab33f48ede73e846f95b0c7097476f763ff22dfdf95e6154fff4d93fd8c8169c519651832f2d411318574ef53e1758f374388f1f96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8840800b13d633d8669570eb502e89ff |
| SHA1 | 7d96521317bb27b0132d590153f0dcb158883675 |
| SHA256 | bf052c04c0e2d7a5780020f388cea3aab1f935fdea18913260dade58c3cb1ca0 |
| SHA512 | 8c0fe44504f804a52e2a41cfdff4efe3ed656c7ff8c9eb4f27a94b2a5b11160bbc8436f478593ce27cdb09c48e670ee3edef2700041e33338065b22c4c7a621e |