Analysis

  • max time kernel
    79s
  • max time network
    75s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/10/2024, 22:54

Errors

Reason
Machine shutdown

General

  • Target

  • Size

    14KB

  • MD5

    19dbec50735b5f2a72d4199c4e184960

  • SHA1

    6fed7732f7cb6f59743795b2ab154a3676f4c822

  • SHA256

    a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

  • SHA512

    aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

  • SSDEEP

    192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 42 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 56 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3996
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2800
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:924
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4964
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3488
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /main
      2⤵
      • Writes to the Master Boot Record (MBR)
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:112
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\System32\notepad.exe" \note.txt
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2240
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2528
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8910f3cb8,0x7ff8910f3cc8,0x7ff8910f3cd8
          4⤵
            PID:3552
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
            4⤵
              PID:4648
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
              4⤵
                PID:848
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
                4⤵
                  PID:236
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
                  4⤵
                    PID:2472
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                    4⤵
                      PID:3416
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                      4⤵
                        PID:2856
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
                        4⤵
                          PID:3456
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
                        3⤵
                        • Enumerates system info in registry
                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        PID:4556
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8910f3cb8,0x7ff8910f3cc8,0x7ff8910f3cd8
                          4⤵
                            PID:252
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2
                            4⤵
                              PID:2240
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
                              4⤵
                                PID:1484
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
                                4⤵
                                  PID:4052
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                                  4⤵
                                    PID:3428
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                                    4⤵
                                      PID:3928
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                                      4⤵
                                        PID:1180
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                                        4⤵
                                          PID:4400
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
                                          4⤵
                                          • Suspicious use of SetWindowsHookEx
                                          PID:2820
                                  • C:\Windows\system32\BackgroundTransferHost.exe
                                    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                    1⤵
                                    • Modifies registry class
                                    PID:3336
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2104
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:1916
                                      • C:\Windows\system32\LogonUI.exe
                                        "LogonUI.exe" /flags:0x0 /state0:0xa39b9855 /state1:0x41c64e6d
                                        1⤵
                                        • Modifies data under HKEY_USERS
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of SetWindowsHookEx
                                        PID:3608
                                      • C:\Windows\system32\launchtm.exe
                                        launchtm.exe /3
                                        1⤵
                                          PID:3276
                                          • C:\Windows\System32\Taskmgr.exe
                                            "C:\Windows\System32\Taskmgr.exe" /3
                                            2⤵
                                            • Checks SCSI registry key(s)
                                            • Suspicious use of AdjustPrivilegeToken
                                            • Suspicious use of FindShellTrayWindow
                                            • Suspicious use of SendNotifyMessage
                                            PID:4980
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:2820
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:2000

                                            Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    46e6ad711a84b5dc7b30b75297d64875

                                                    SHA1

                                                    8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

                                                    SHA256

                                                    77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

                                                    SHA512

                                                    8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    5c1372c54d7a6cfc74312e9dd0790b70

                                                    SHA1

                                                    dd92040739060b16dedd16d8ca50462642faa991

                                                    SHA256

                                                    4c2294a25dd14d9f7a64abef14b144d06d0ab2ad7d84352547d85fc9edaa0952

                                                    SHA512

                                                    6d6c276960bdc45a6cadd41eb19f9e60842f4035c5ed56982775f04f5c521296f5a742ea8f3f49daf76efed0b8a5b4751ef759003ea73a659567a6536c47e66a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    5289e12035c785291b20fcaad2594454

                                                    SHA1

                                                    f6db22b959513ae1863125236c7d498d84e8e564

                                                    SHA256

                                                    972369405de9a5581b146b1890e6eaf591466052ff0e17d158715ab3dc4cbbd6

                                                    SHA512

                                                    5606fc9e0c02c3c42f404cbe2bedaf5cdaa8ff8bc9b38a938f97fd7e02aa541519b1f2efee00886c1574bed5d514539018e0c332af4eee62584055bb8f0bbf62

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    fdee96b970080ef7f5bfa5964075575e

                                                    SHA1

                                                    2c821998dc2674d291bfa83a4df46814f0c29ab4

                                                    SHA256

                                                    a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

                                                    SHA512

                                                    20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

                                                    Filesize

                                                    44KB

                                                    MD5

                                                    5c69fcb7daf55aa0644880f9b1c0821d

                                                    SHA1

                                                    d234f0a137a1eb4a724261279bbfa9b322c184d4

                                                    SHA256

                                                    fb4eae4c6945f38bdefa2a37e13fecc1d91d567098c245b2c50217e7307650e9

                                                    SHA512

                                                    b239a48afa469d777a0561af74e3119f8de71f0f127b36af6e873c50c650f7fabc9c1d282c68590d3d35772a1ccd003e457e70209cea0807d4f51624fdbf69e1

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

                                                    Filesize

                                                    264KB

                                                    MD5

                                                    7bfcb1803cbbf0307eb6e6bf0cdfc383

                                                    SHA1

                                                    07b4c07cd7834d4411b0155d58170ffeb963a7a1

                                                    SHA256

                                                    e8081110415f02ec3df80d14e70503dc47e0eeb6231ab020a3a825330ef070c8

                                                    SHA512

                                                    b05388d6894cf07b94b7e46cab474df4cad0b9f6bf5ab94702bc7871b22dd2f5122dbd21b6316cb22920ba52e788064dd342b635c9b0b071a4c85665ff3f54dc

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

                                                    Filesize

                                                    1.0MB

                                                    MD5

                                                    96077a25f5419814fe3dbd426298ea72

                                                    SHA1

                                                    57c7cf854030a28a01264e1dca4db02f634c7402

                                                    SHA256

                                                    3b903ff39f00e7b1a7675e4e7f4628dabc63b64936dc450b0c93a4399489bd3f

                                                    SHA512

                                                    282845c35dffa144c83517d9caf0fa5ecc5c2f02a728cb9728350fbff4c46e05e20071fb6d78812687b994576a9e33c53b2ceec5059b2843daa230df21a70f9a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

                                                    Filesize

                                                    4.0MB

                                                    MD5

                                                    318e0eb31669b74085909898b5e01ff9

                                                    SHA1

                                                    9576cdc7782647d6d69d69c4fa12e44bc9f2b516

                                                    SHA256

                                                    024b352715f4b6006ce9c75e9ca866b0976619ef42f564ddac0a33298b0dfd94

                                                    SHA512

                                                    da3abfcc62ca186b0979798d2fd24e60911fc633eac255f8e078785ff83b93aaf55ce21231e8fdb0b1de192b3849b6849e1d5e89aa354593074030fdf4ba8bd6

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                    Filesize

                                                    41KB

                                                    MD5

                                                    ad084ae94f2a62341c8a94c326acae69

                                                    SHA1

                                                    12a3d4b5b0224b69c252e6de42f9c2d38221e2d0

                                                    SHA256

                                                    be5a10dd2bb7d409794492a1c6aab8ac0aa7f6f8ffb487d2eac22c10e556afed

                                                    SHA512

                                                    c95be5871884c93e3f5d857f7065fa749d78573ef136577f3dcac7855ecd32231a990986be3b206b75b7ae31d88e2c55fffaf05da6bb4e41eb836f2a8d36d9ac

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                    Filesize

                                                    215KB

                                                    MD5

                                                    1585c4c0ffdb55b2a4fdc0b0f5c317be

                                                    SHA1

                                                    aac0e0f12332063c75c690458b2cfe5acb800d0a

                                                    SHA256

                                                    18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

                                                    SHA512

                                                    7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d64d644df228024_0

                                                    Filesize

                                                    240B

                                                    MD5

                                                    6ce48eba6f8c33dee1d08369a877c740

                                                    SHA1

                                                    d2ef41fd24723923fdaeee02bee9c78c9e6bbc8e

                                                    SHA256

                                                    06890dc9f4b6cce3cdb5a78927194ca3621cdd0dfdc56f51d265ef94f3002914

                                                    SHA512

                                                    5639093c258fa7878924e5b2e691eee778ab19fd085639108a38fd692d96e37b208993fc18453adc7ce03f269bd3cd0a2de58cf292d9146fab37ac7bbf60d537

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e639946c1617e192_0

                                                    Filesize

                                                    241B

                                                    MD5

                                                    1ad2b343b0e8284b1797fa7125542fe8

                                                    SHA1

                                                    1c89112049033f5be2e75d0477bbab7010bdbc7f

                                                    SHA256

                                                    3b95c720b98088ba2a6178ad0b3e560c10f9712068c4620d04c9ad82a08eb56a

                                                    SHA512

                                                    63a115bdb6109a1cc0205c8a8a43e7eb10b57730fa1787cf37405110b3b659b162835cb3201a0bfdbf85e14bc293baf3830c7259bd21c05d257e3e5d21278655

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb2f1892c7d0050_0

                                                    Filesize

                                                    232B

                                                    MD5

                                                    2f689d358c4fb4e6d320f24105b563d7

                                                    SHA1

                                                    b690243b6abb02fed0de52c3bfaaba4780cd2570

                                                    SHA256

                                                    343df5f8db8f98852bf3f6d310070e061b2c639ec814233e0b8a672100e8c46e

                                                    SHA512

                                                    f91413ef2c30c3485b052102507e61b478241511a13d96c1eb5df5fc71307b970a034046e1502713e7df9289c5aeeb46ab937723820588d0711115e6c52d7ff0

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    168B

                                                    MD5

                                                    095bf5784184747e9875652ab850763f

                                                    SHA1

                                                    f97f5adbb001f5a74f4b579f80f9bb7a6efa9627

                                                    SHA256

                                                    eae53284b3b823b76a0b8cf9ca47967f1615ae8337c7293485f6ee1d895005c8

                                                    SHA512

                                                    8e1573f6477ce70f5f0573378cebfc7b73d1e8c6d56a3e4f40e67a7d759e2035cfe4bb19aaccff0269ebd1d051a6402b58cd94015e902d151b12bfbf511dc262

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    120B

                                                    MD5

                                                    ec89f3b84272aba8cd47e957f204e4d5

                                                    SHA1

                                                    996abda65c9afa47890e396f7882e8c0c0fd44d3

                                                    SHA256

                                                    d15ec94fbc4b48e1b312114a7fa03e7e809a29b16547684f2cfc6872e0c80bbc

                                                    SHA512

                                                    37468b3b426c11929714bc33487a4dd15b211051661a9f9e467547bd131586e0bba3bb200a1a034bf90b30adcdf3bc18029ab618f73adb995aa693442dc368b0

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                    Filesize

                                                    116KB

                                                    MD5

                                                    487b9df50d2ef58eae67bce3e5f66b8c

                                                    SHA1

                                                    de762175d2c9a61b4f1ad673849474bcca25178c

                                                    SHA256

                                                    c23e318b854a543f0222069b01f5a13b0a2f9a2094421d9d892151312f7e9996

                                                    SHA512

                                                    03d2ad97a2b68051b01b6544e3351027b6cfaeffc2a699fd82f6a79ae1d9f5be229a77c1cc82b4bd06a0c9f5c85f2d73486e857f064d39698ee718ad34345c58

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                    Filesize

                                                    6B

                                                    MD5

                                                    a9851aa4c3c8af2d1bd8834201b2ba51

                                                    SHA1

                                                    fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

                                                    SHA256

                                                    e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

                                                    SHA512

                                                    41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    6b74c93f4ea220cea0cf8b5b1ef7f8b6

                                                    SHA1

                                                    da12a86185836a8b45d67a4c7d7e045d537a55cb

                                                    SHA256

                                                    5b5de14e80f353faec2c6584ee44015f61855521e55eecf4388bb2e5b96533d2

                                                    SHA512

                                                    e07449dfe9117657527d7bde1bc46a9377b28391425c35e8e16a54ae553630495fe990a80f9fb0251ed5c062f3def2efc94ce2f7c754398cacb0cb262fee5881

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                    Filesize

                                                    125B

                                                    MD5

                                                    c8102409c73eccd46f2ad0cced47ad9e

                                                    SHA1

                                                    ff8e2d84cbd9d2d38adcb877e2cbb94799d267ea

                                                    SHA256

                                                    67ff921835fcc0354cbb5d5e26c5fa9bf69214906f0af41e700b71e5e0c41ee5

                                                    SHA512

                                                    dcf92db02506ac69fc6f59553556d35217214d59dbeba1366e4ec0ca563d1897cbd308f90ba0aaf09eb1eec7cdf4a6edfd07a45a97e74e21d5ed41b3c3dd3a61

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                    Filesize

                                                    331B

                                                    MD5

                                                    fdaf49035d5ba7bbe7fb426fb40ff3dc

                                                    SHA1

                                                    b8e99a3ba70e45e12626c43f6b043cd359e2ef51

                                                    SHA256

                                                    44efc38580dfab4c83f83f259b42b5248fb4e79d00d6e5297a7d3198eda09910

                                                    SHA512

                                                    bc93c6d31e48099c587ffd11a2e881277ea0f13712405f68d5ed70feae448aeb1ce9c333d01ccd324cf2b9e8b74b6e53903a7f0d21945e86df6c5017d6af1b48

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    814B

                                                    MD5

                                                    4536148e67a41e334ca7c2abadfb0c48

                                                    SHA1

                                                    45a935cb92eca439a6fe4f4ecb93bbd278598fc7

                                                    SHA256

                                                    aba4a5156d375bc8d60e987de6feaa2feb97f21d6f83d705fc0f8c8814593418

                                                    SHA512

                                                    ee7c6770fb198b68a92f72ff9e3bfba08833ed1a121212ebb025454b1306834e6e347f7e2fd7a2f00ed6b75aeb3023a2ec9d8042790ee33583411bb944372030

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    693B

                                                    MD5

                                                    7588ac7e042a1304ad302fd6d96687a1

                                                    SHA1

                                                    0597695e12a2a7e2d32b084bd7e64c8f88f6fe37

                                                    SHA256

                                                    4139aec76ef2abf2f4eece6e28126c3eea3e47e7f2ae5216bce176130c947f55

                                                    SHA512

                                                    518a1819e563149be71da5c2dde3e7d04a3150a40b30dfe9b161ddcf3d636204d7b51942209aec72e17d66649a3b2d3c4c514c6bf432d1b5081be58e954b2830

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    c90d9447432b275b1492d84090480ed7

                                                    SHA1

                                                    5d9b34fa029328d56a963fc42db070a986fbf4f1

                                                    SHA256

                                                    3fa5f9c1f643292ca94ea3bf17bd1b69e85f00b9d78ce7ae4790f32eaf4ae543

                                                    SHA512

                                                    8484a897543fdaf1cb1d01f0a14be34947bd310d95277a284f0f598beb9c43ea5575a7358f28e698be1aac0a52e4fe132bdc1f2a965c5e5445c4eb1d2beada38

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    86293f0fea78ca5bdbb525fbb671729b

                                                    SHA1

                                                    af1ba876bd5bf0ac40ffd93d05ec5ba4b1440c4b

                                                    SHA256

                                                    609e05dcda59728077832b390499571b39bb3b3eafc8a80411bd173e5514add5

                                                    SHA512

                                                    9d602593d6091f53e730acc5a37f69729433cb87f2925a04c792e9bd00571706a6e31b5bf9ccbba4a30e25629cd5a4bd69e92baebdc4f9465a38f76290696e7a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    99b343a37501e6b44fa635592e50fec2

                                                    SHA1

                                                    203b8636a839484f718ceea60ebbf0e2cd1c4cbc

                                                    SHA256

                                                    6ab70569ff6817b753c7216d43fab35bac8b3868dc53c4f3a29509e40664c20a

                                                    SHA512

                                                    aa1c4964baac70fbda853d5c74668d9c5ebcde3c26aba66c8532f483952797b4ed50139d35adbe1beefda37ec74afad776afe830719ae1e79712558d8342eb15

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    e04a758d2855cb9549098f16c05753ef

                                                    SHA1

                                                    d1e04417c612813744a04e800c2898f0018bf15b

                                                    SHA256

                                                    2b9b33137283d1d244eef1db26ad19c676f504abb096993f283c985e8840dc21

                                                    SHA512

                                                    bac0c323414c74ee0f1f24273870fb5c1df1c0ef142ebb26cd8804dee644ae54a54f7219cf98f05a47c82effdd9637766d3101520d451e59be755dd1872a1ff8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

                                                    Filesize

                                                    36KB

                                                    MD5

                                                    d3461746c42bb5b0c150fdc01d5caafb

                                                    SHA1

                                                    c349f6f8864223f018b10760df1841a6c6f188de

                                                    SHA256

                                                    a9ce8518bb56e5a79aced37f39da6158349da3bd9f7abbd6c1255c7912a574be

                                                    SHA512

                                                    c8c628b76a6b205e26e1a1a6afc6da6254fbe61aa1335a72bcd4c0ed20ea5f2cf323e7901e216a423270fc0ffa1332361c6b5b1be943165c1259483b4cc3e9a1

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                    Filesize

                                                    538B

                                                    MD5

                                                    d49f8f9b36cf3b5db7a70d648ab83017

                                                    SHA1

                                                    91c1e7797a68d2e94fbcddd686ad77c537aa2503

                                                    SHA256

                                                    e9f6355b02940568b1a6bba848bda350f6b12fb337b5401ef19868addad9ddbb

                                                    SHA512

                                                    5ad72b8fe46a4b2c22fe25f66f93a4bca8649e56638b1b4b2be6c446f1e641a61c9446cc6d7a7acf78b0219f038973e814a5767e6c70167436e9fd70a4d302e5

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                    Filesize

                                                    319B

                                                    MD5

                                                    a8f537899152da20d9fd70d3f3d02a97

                                                    SHA1

                                                    1091259d5e005ddd5d9e89ab0962a2945a737415

                                                    SHA256

                                                    fe7c3f5fd3e940f09caf329c06d02d0a3cc0b5e8e3dcd67c437e5476a32173d1

                                                    SHA512

                                                    803e41b9823253d2fea2915d058e094512775218bb84112d4d0096d9b390d8bc742764f06a57044adff582f09d0a9a9079925b1acdf8d4a90f2bac44499cb389

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13373506501350112

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    14afd3c4073140796a4fa0c6c900c83a

                                                    SHA1

                                                    03abb975c9a5df18f5b92da6ee4a4d289889a222

                                                    SHA256

                                                    58f79a5e484ad72c60411860c4b49d096e4cad1367dfa434992241ae58814a6b

                                                    SHA512

                                                    4903f2ddd8c7e19e326b52ecba0e7da5db6fdcf1593e72c476a90c3a65d5c30c2009979cc9787248f325b38add0e4d6ffc55142ee914f848e9f0c30da97d3a5a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373506501357112

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    0259baa143d0461f809bb048453868ee

                                                    SHA1

                                                    d72e01a34cae357ca8d3e11696273e9eaf12506a

                                                    SHA256

                                                    fadab36da4a6db11b7b013546ee0d75425c82c448bcdfee84274fb4a33e5cee5

                                                    SHA512

                                                    cdae5c8443ac2d3570d11a9a7f5ba2c09ca9aa9ed5b7129997037c29c36fb3a7e9fa86c768be2ab9fd63cad236ad48b58e8e7511030515f114f083c3b94fc294

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                    Filesize

                                                    347B

                                                    MD5

                                                    54a5bcc45f2b8a77fa12362fc1507b56

                                                    SHA1

                                                    ac6248686d419b652e14449dcd563d7eb5d78273

                                                    SHA256

                                                    9c32b508bb0bdbab038c4a86dfd4bc452ea644e711bdea9cce628d0ba2d1339c

                                                    SHA512

                                                    959cc0158ad937eb106c15ce47ec43740dd9d75229adcad966a54952b2488747c123f64623579244cfc22e67f057570dc3a4e927b461ff4873e4a6402a178d61

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                    Filesize

                                                    326B

                                                    MD5

                                                    1d7ccee29ac1ec31cd1dddef85250ac8

                                                    SHA1

                                                    1f339444d658351ed14fd1c96a1d21192a2f9f5d

                                                    SHA256

                                                    8a9444db2f1f550eca25a2fabc152deeb03f8be15b34fbc8c94275ac3931917b

                                                    SHA512

                                                    5c007bb8dcf3d0614b5873e65623228df75192445df4689dac9299a21caeb85d048e78795a9cdf5df170d154c00f1d7af667a54eb11181751ba13e1597c538a0

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                    Filesize

                                                    128KB

                                                    MD5

                                                    de387c117670d3fb2cf581e55a786738

                                                    SHA1

                                                    b7b91b44b494d25a1978ce5e82ea0f6fee6cdfa9

                                                    SHA256

                                                    4e956983955268d7d50ebdff3382f821ec5fd7ef31b56137b5100886f8853765

                                                    SHA512

                                                    7697c46cc477cdd08f858b9818194f8e1fad96b90d1c1cc39d67d355c1498e0120a9866e727784b85633600bacfbaae244fd5dc84cccb8aabb54cc7ac160583d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    46295cac801e5d4857d09837238a6394

                                                    SHA1

                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                    SHA256

                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                    SHA512

                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    206702161f94c5cd39fadd03f4014d98

                                                    SHA1

                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                    SHA256

                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                    SHA512

                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                    Filesize

                                                    44KB

                                                    MD5

                                                    5c4e8f4b4bf6f9b70cff21ec62d18e75

                                                    SHA1

                                                    1d0c31ef95eb593dd19e5bfe8b40d874c012c794

                                                    SHA256

                                                    eec510bd1c3854f0c5d668983ad88517877b0085206335ee29f94b169b91b372

                                                    SHA512

                                                    db55092995c74614ac576e6e3ac16a549d2085b07a6c033c50a24cb7091170e26adc9e7cc7a13daed47d876d5654d5ed125244939649a41b9e28812964439eb7

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                    Filesize

                                                    319B

                                                    MD5

                                                    20f6d2ca6f57c998b9ea83335ad8efb8

                                                    SHA1

                                                    dcf1e5ee7ff5ddff2d75021944e40adfd48a6395

                                                    SHA256

                                                    efab165460397baee1ca930d8f81b85ef25ce2cc69ccb94f01bc9b0fb7a224d1

                                                    SHA512

                                                    e0e67971a561f81bbb2a1bdd9dfd746e0b7ea54faced9c6c58b719112f7ccc4aef492ee986b7aa14f03b6e1f477af6b2ac74b896ab50f641eb7cd8d307c85ce6

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                    Filesize

                                                    337B

                                                    MD5

                                                    e41d0f357a5a3ecd847cc9ed01b32f15

                                                    SHA1

                                                    6a5974b7310c986ba89a8902a3eb572b8ee42ec6

                                                    SHA256

                                                    ff1399c731a93ade468ccc837b0d736188f7b8cdd8d2ed53566ed27f946e6566

                                                    SHA512

                                                    3d2b24a0a966bc957e07c4e80199bd264fc2f780068d6048c3d147198115c20ea10413510b9e94559ed13715a44f796eb4d4e670c860c7276a0c239145c0010e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                    Filesize

                                                    44KB

                                                    MD5

                                                    6409b89cf75e99bb74a8493ab7889e7c

                                                    SHA1

                                                    d736f067c5de25cbf96d6ad15e455213f7f72155

                                                    SHA256

                                                    7b887118c1c4d68f64b60c2d59082bd0d00aeab529c5b9a372b845c92897c54e

                                                    SHA512

                                                    3c81348c4541472fbb989cecaa0852cc9291e2c494cec4799e4682688edee38f7f0b00190c36568b1f03c443d864e207cf69ba9626a232dc85a731c4509250b2

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                    Filesize

                                                    264KB

                                                    MD5

                                                    7c3bbc6de690f3d7f6e1361ebc6b8d38

                                                    SHA1

                                                    9b6fa2478f14a80b98f98c6ebe545a90b1eefbce

                                                    SHA256

                                                    446f06889122199be2f303b21b2e14f0dcf7ff8add5323183afe4009ec26a717

                                                    SHA512

                                                    c7c010fcbf4f65171f48c5ad179d0ad287a00ee6f8933f9cb2be3c3ce0d1363ecd5641bf12130d3d9506230a0ccf5503eab6b731cc603dd267226af520f95f60

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

                                                    Filesize

                                                    4.0MB

                                                    MD5

                                                    03d688d7aee88f80e816267ff056b431

                                                    SHA1

                                                    10d60bde7f5214ceb308df4e4585de7017046bc2

                                                    SHA256

                                                    cebd4a9eca33c5c6eff06ab80356ac7dbaf87ddabf8f85e1374a08b5d3c56824

                                                    SHA512

                                                    1890c79b0b278b21f4163af9a82256f7ea2df51d42113178b08a617fe3ab344f33e7c628bdf26c46b8770b0d63300fa0997728e67338c1c65f23fa43f40e39fd

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                    Filesize

                                                    11B

                                                    MD5

                                                    b29bcf9cd0e55f93000b4bb265a9810b

                                                    SHA1

                                                    e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                    SHA256

                                                    f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                    SHA512

                                                    e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    24d898729506d0f79053a698c0972763

                                                    SHA1

                                                    c895c2fda7dd1e558f0eb0ff578a47243dc1dace

                                                    SHA256

                                                    4483036fae16e0b2977b7ffd8086a8b06c8bb0e37415beb691706358b0cacfc2

                                                    SHA512

                                                    a3d1e674779ad55666492575c74a785c089ba327b9574eecfad8b4d3af2d987848de8c0f761d76c4d3c97f0743297fa03da323dba70c8b923257ea3d1c1691ac

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    7d5712d220eeb7128a6befc22d1ea424

                                                    SHA1

                                                    847f92805d63f2304cb3cf8f6ae776b6c9481f13

                                                    SHA256

                                                    160683cda3b2bccd7c453c339616a1642573373626f1957b6b6078a6e176cde7

                                                    SHA512

                                                    034ec0a2ab587d761f0ff0bb4ad2d2764ffb3e009815f0589945c41d14c9946d100760f7a367eec5b92c683cd512dc32f3815b73e07d5d5d6f874589251f0441

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                    Filesize

                                                    264KB

                                                    MD5

                                                    f50f89a0a91564d0b8a211f8921aa7de

                                                    SHA1

                                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                    SHA256

                                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                    SHA512

                                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

                                                    Filesize

                                                    4B

                                                    MD5

                                                    c67aca171f989bdbd5bbec4f3362aad4

                                                    SHA1

                                                    70cafa292b4336443301006f8c52e4d601b690d1

                                                    SHA256

                                                    2ccb531bffd651a1e09825677ff8850d6b1e2377ee7952ead4ff0f44436e4b46

                                                    SHA512

                                                    c53b4504987d8a4e56e6719a8836ff491466a15cea6f7dc59ea95eece8ec391280083816fd63c75356bc0727d4d4599394afae7ffdf10730f5feaef137d887db

                                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\7bba5e0f-cc76-4657-bcc0-0094f0bd8d35.down_data

                                                    Filesize

                                                    555KB

                                                    MD5

                                                    5683c0028832cae4ef93ca39c8ac5029

                                                    SHA1

                                                    248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                    SHA256

                                                    855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                    SHA512

                                                    aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                  • C:\note.txt

                                                    Filesize

                                                    218B

                                                    MD5

                                                    afa6955439b8d516721231029fb9ca1b

                                                    SHA1

                                                    087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                    SHA256

                                                    8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                    SHA512

                                                    5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

                                                  • memory/4980-143-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-137-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-142-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-131-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-132-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-133-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-141-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-140-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-139-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/4980-138-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

                                                    Filesize

                                                    4KB