umbral | 360d3cef3d330c1930e318277939ab1c7db6c969f23be5d385b93f5faef3b4d2

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-10-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraFixer.exe
Size

231KB
MD5

8bef46b57ddddec3d0d140f6f8d4b68e
SHA1

549b51f7d1106f186de8d3594d55dcac22a6f8fc
SHA256

360d3cef3d330c1930e318277939ab1c7db6c969f23be5d385b93f5faef3b4d2
SHA512

5e9442c00355f5aea64b787658e7b390e5f53d1709bb4ce951db3e363b91fde46cd70d2262ddd9d06c1e21a72a2728821065d87c213ce86020a620ba468458f7
SSDEEP

6144:RloZM+rIkd8g+EtXHkv/iD4HlYrU69VenbGkFZw36b8e1mzCi:joZtL+EP8HlYrU69VenbGkFZwWeX

Score

10^/10

umbral discovery stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/memory/800-1-0x0000017EF9340000-0x0000017EF9380000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Umbral family
umbral

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
3388	msedge.exe
3388	msedge.exe
2128	identity_helper.exe
2128	identity_helper.exe
2152	msedge.exe
2152	msedge.exe
2972	msedge.exe
2972	msedge.exe
240	identity_helper.exe
240	identity_helper.exe
436	msedge.exe
436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	800	SolaraFixer.exe
Token: SeIncreaseQuotaPrivilege	1308	wmic.exe
Token: SeSecurityPrivilege	1308	wmic.exe
Token: SeTakeOwnershipPrivilege	1308	wmic.exe
Token: SeLoadDriverPrivilege	1308	wmic.exe
Token: SeSystemProfilePrivilege	1308	wmic.exe
Token: SeSystemtimePrivilege	1308	wmic.exe
Token: SeProfSingleProcessPrivilege	1308	wmic.exe
Token: SeIncBasePriorityPrivilege	1308	wmic.exe
Token: SeCreatePagefilePrivilege	1308	wmic.exe
Token: SeBackupPrivilege	1308	wmic.exe
Token: SeRestorePrivilege	1308	wmic.exe
Token: SeShutdownPrivilege	1308	wmic.exe
Token: SeDebugPrivilege	1308	wmic.exe
Token: SeSystemEnvironmentPrivilege	1308	wmic.exe
Token: SeRemoteShutdownPrivilege	1308	wmic.exe
Token: SeUndockPrivilege	1308	wmic.exe
Token: SeManageVolumePrivilege	1308	wmic.exe
Token: 33	1308	wmic.exe
Token: 34	1308	wmic.exe
Token: 35	1308	wmic.exe
Token: 36	1308	wmic.exe
Token: SeIncreaseQuotaPrivilege	1308	wmic.exe
Token: SeSecurityPrivilege	1308	wmic.exe
Token: SeTakeOwnershipPrivilege	1308	wmic.exe
Token: SeLoadDriverPrivilege	1308	wmic.exe
Token: SeSystemProfilePrivilege	1308	wmic.exe
Token: SeSystemtimePrivilege	1308	wmic.exe
Token: SeProfSingleProcessPrivilege	1308	wmic.exe
Token: SeIncBasePriorityPrivilege	1308	wmic.exe
Token: SeCreatePagefilePrivilege	1308	wmic.exe
Token: SeBackupPrivilege	1308	wmic.exe
Token: SeRestorePrivilege	1308	wmic.exe
Token: SeShutdownPrivilege	1308	wmic.exe
Token: SeDebugPrivilege	1308	wmic.exe
Token: SeSystemEnvironmentPrivilege	1308	wmic.exe
Token: SeRemoteShutdownPrivilege	1308	wmic.exe
Token: SeUndockPrivilege	1308	wmic.exe
Token: SeManageVolumePrivilege	1308	wmic.exe
Token: 33	1308	wmic.exe
Token: 34	1308	wmic.exe
Token: 35	1308	wmic.exe
Token: 36	1308	wmic.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3272	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 1308	800	SolaraFixer.exe	80
PID 800 wrote to memory of 1308	800	SolaraFixer.exe	80
PID 3388 wrote to memory of 1212	3388	msedge.exe	91
PID 3388 wrote to memory of 1212	3388	msedge.exe	91
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1596	3388	msedge.exe	92
PID 3388 wrote to memory of 1912	3388	msedge.exe	93
PID 3388 wrote to memory of 1912	3388	msedge.exe	93
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94
PID 3388 wrote to memory of 436	3388	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\SolaraFixer.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraFixer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:800
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1592

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff913d33cb8,0x7ff913d33cc8,0x7ff913d33cd8
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,17705874517475686329,13847505354462130198,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,17705874517475686329,13847505354462130198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,17705874517475686329,13847505354462130198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17705874517475686329,13847505354462130198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17705874517475686329,13847505354462130198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17705874517475686329,13847505354462130198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17705874517475686329,13847505354462130198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,17705874517475686329,13847505354462130198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff913d33cb8,0x7ff913d33cc8,0x7ff913d33cd8
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,15617354117016887534,9312905420731683934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
1⤵
PID:4760

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
00de88f288a17663a922fd267f3e4a45

SHA1
34cd50c50169cf48cd447bcd751f9635ac894196

SHA256
5b2244028924c17e8f193d272d891b8007e1488226496c9321f27465ebee19ef

SHA512
8775804f9826ecdf8047a6c9e509573a853cc7ef149bb10d23907b0e276bf5c2bb14e388588966260de303a41c7f50a593767c4151fcfd8a795f010271941089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
dafe00f966c33b5c8bc7e5b8f100857b

SHA1
5ab31f50515a607c1e270fea7b21e0acd3acdf7b

SHA256
f85de3171b2bc7cfb760e23c3ee55ec631a4826575bff859e12b4a29312af1a4

SHA512
d21d2b9398b47cd747fd17f0e39a0d8af19ad9a88864264c9f27fe4fb55fb83b98c1b7b2139403c15186be7fe4f617f2740a33a8455f53503060189c586f1382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
10e7eb30de8b7b40dd4936d5d8f200f6

SHA1
692f2202c4f3a809c0d55bd39c0213bbc47ac8f6

SHA256
437837bee69e3c9beacd2018f6bc5afb9f5c60fe517ab6535e4eaf876c209e98

SHA512
788dec4b3ef53a06a3d05cfb5618020c9f39cd55e445c99b6af5bd819a3eeb3c79ec4e98e5caffb4b25ceb5e8b2e39697ff28ddd6a2e8a894339954082100d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
798ce5cd0264ebda50e62aefd7b7924a

SHA1
05efca4fb9559844b9634a3c36741c60d5d9eb28

SHA256
08f0415ec23db54465860a063e8370132469fd351dd33190309e6733a9cdea6d

SHA512
28667998f3ee7ceecd8eee1cb3aa7f59b5b41a03e70cce89f943a2a83c3f006edfebfa49a6696578d39e3226529b6a6d30944ef0ed7440a42f509933147e65a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7cb4c533519da2d4b2ee7c8f455fb376

SHA1
1309fa5ce4d8130e5e2f6a4ca0a815b90d0deaa7

SHA256
432ef7384e0b1170a3b4537d6631fa002e5a3952ad23885e5dc599ad125fa04f

SHA512
b0f11f9625e517db579737a57fbe9bc8a5144f4c258ace81dc3dfa140598130d9275eff7e79a18b64fcc8101b3648d534e4b9097baef2d94a459eef6eede28cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f1a7efc3a97e35900518421a946b3c8

SHA1
06f8efb1f08f5bce0b22163a90dfab91bed3e75d

SHA256
778d67f8b6c2448349e975eaf0483f95c511ce5f995dedc60052653147174a3d

SHA512
75835ee9e81e0ee8f9d7aa5770c0f8a144026c040f77ab6af7d6ad752f828480c6032c7b168e046cd5f3990c1ee838c1a70648c99bfecd4f188501044de57de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
4c43c9198fa925ad7a4003a894d85601

SHA1
1690812aec7a911180aff0719137ef5749b6fb69

SHA256
9648a812690fbfbcbdaf45cd39e197e94c86e4509147b3c6b03beb25831a344a

SHA512
195258041da6263765554a6dde2b841bb438aec4cd7af63cffccd0fa0fd28f7fbcd11c9ba704e77863875d2a8a0757cf87fc65f47464bb46c16cf78804cdd07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
73d8dd94d7c8662be25f6f66977d4045

SHA1
51358c1129b60a18e693d69aa55f643065f3f39b

SHA256
5cc6d45ff158441c3cc2201f3d6b3734faf1def46bd58fab3caeeb90205d89e6

SHA512
794fcb32b203919a4832108a89106e46f3feeee2d3bb57747db74d9e4867998748f0c74a451859aca57a4ca26e28d50509ef7c36d37b4c5ab9a7c3c460bdb52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
5d352a03280eba57cb274d27ba6c6b7e

SHA1
8887766642a81a1248dd5f93239ce63e93839900

SHA256
3b358849502f5cfd881dd035ff274a5753f90047a131884838c677e22f2305ab

SHA512
b8037a046c4be7be120bbfddedc780a4175fc8e6c863e9095e39a4e16d2e8ced27c40f38c569a79df990057175e3db6aa35eac645598af3647caa5744052bb1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
548B

MD5
eaa2b5600a5ce0b920f9202ba1d156e5

SHA1
7cca195653639b42396643ddb75b424536cd2e81

SHA256
9f2079189f4896b025d0838c5ea1baafbcd64cd8c326cede54ba2a0fe4e44619

SHA512
2a2cd6b556364a82b249629aee4edec180ead5347555ee4d6ca9fe6eb8468003210af85de7a82e6918aa225368b93af09808c69092a83ff74d885d7a1a02bf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53ab84d3dfde26da263ad3650ea34914

SHA1
f78d0bfce97508fd972505ab6e91c6d79ad5afb3

SHA256
ddaf0487bbb8266858cb6d8021f125cfa68451ff131f0592c1ba19f6724732f5

SHA512
cb708f9ac5fb0684010d852ea4e2a3beebc1e5426f5511b706cab0a9a2b28e85709e4844e969fd5832a6fe7ed6e2e8bd9b59da00083bda1f767801c00b068cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
483f08b81549e8f86a1277416269b6b1

SHA1
2217ee48cf62d90978f6301d352b3ad3e6d703ae

SHA256
11735836b8ddd8a9241845bed18568f19f5b93d56132d1098bc1e56c4b613754

SHA512
6af1522571904edf7591d06b3d2a0e88a2d78ef636b58b402967c43f222ec00e624e5266618a2bca1a84e69d6fd2fc10f8ce15ca994d88dea9cbae6d35cd293c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
533275bc9ea226b454713a670f2a3ea4

SHA1
324fe64e7e2003fb6712c97c8d56ac72d5fea8f9

SHA256
f9d761bbfc55668d28e83cac88d0992e34683b59fdc85e899c05131c02ca0a54

SHA512
0ae0b393b75f26d0108b38fc63b17bfe3fc1f041b5027110bb24d5928266bb0cbfef2d2f766beb8ed5bef237aeb76696faebe67ba0ae58d9ac175ac96e207ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24d085f7aac6469187cfbc7d87dd15ab

SHA1
53b1578b375176f4fea84c5667bb1b67163cb270

SHA256
eef86b6677dcfe11e1ea116a463561f512502dbdcac887b7f83e67712cf6b392

SHA512
8e08bcfc16716b86980acba975726bc2f84dc090c7194877b5da410605eb6ca9e32b18486a8f54db283b349a2ade5330382f507a5b0483a00942c99e5a5e4f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f93aecce831860f956b08204b1505e11

SHA1
76a8dff3bdb85773dffb5ac32e21a60fbcb59330

SHA256
7c0512c587131cb599464d67c0c3c3c4989064b2c936482774a816ad78f62112

SHA512
f120c509caca8afccb620056bd9a50a3cd6bb011c6b0f4b6ed8a68da2db6a5da351d17e58170fc1ef47e3b1807dbb401753a5c8cd21ad34514da696055a98213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a127c7999e471c50aad02fa9b932a944

SHA1
7cb9d8474499e3cbd589e3b9e1210228388a1191

SHA256
51cae84e72397bf7f42edf43c8bd61270943ca1c9009e86067e00c00e1f005bc

SHA512
9dc1f529d0405824d280efb4861c7469ba650eb3f081b28d34f8097d7efcd7ecaed46f039508e58869c3710f96824b11851660b63668336d891d83bfc318905a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66630ee6ca96c2848a1d494e7be7b7b7

SHA1
30cbf2700f5049c5d83b159a8ddb4d62ebd8ca44

SHA256
a719f6ff3c70ee0248575470027fdf6c89b3f907f13f19a626035cd888f47bfe

SHA512
c8272022fc0adc9010831fa4d2e78ceb3b3a93cbd8beec3d4c07c3a49928a46e4e53d95ac9cb7a129789dad6b494b71f5fc438685131dc5e9d8f5625d5316836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee5a3c168c42f7e620e722b1ad3596c7

SHA1
a93543581de559ce109120920f17831dff0cdd90

SHA256
32c5921d75ac7dc18980af08f87e704cd71baaa1c6d27325b922897d82d27450

SHA512
ed64b85c2930d506ba7e91e5e7221f8a8d73f8562db02fc06f28deb6e180d046448dc4e4400e4a35b3d8d793821fe950070823961fa213b71c4ab49c8ec20254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
45dd078fab437fb33a3b8ee48ca6d68f

SHA1
b55481a50a8491f62e58736f26d00e1e372bbd28

SHA256
df2a87d3d4aa21101264733e39303313817b95d5273833cbc7ce05a4ebd55484

SHA512
47fa6c17dc16748b09c517de240d4e13d38650e99c07aa781f9710504cdea825558b10288c1aed1ffb2ab653dd23bc8d55f2c3cf2ee9c6b9f8913bf0a958e22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
12KB

MD5
d8a29d83849af051f4061fa8fe416834

SHA1
958460e9d024831cf27ca9881afc6f4e325d2dd3

SHA256
048f2a5b1d4a412490523ad2f8009685380824ae942fb31dfbd391d6e3295a0a

SHA512
a036d4ebf5c31ddd6deff45cf7cabc7c7fd95e2980bb3da9bcad50c7f7a28257ae7427ca2d5cbf002eb9c2dfac4e7db94f05c248c5f132676aacf19bf39208c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
db37d9af62548ee2b5181cc30792af9a

SHA1
89c7423b7b757ecb3139ce0222d11a0bd036fb49

SHA256
89241d4dd6d30bb874d7ad7a1dd8f9e145e4b724a6fc9539986758dae5b96196

SHA512
fb690fe7a2021c399f3c6cc204aefeba1cf744f78a053ca304ee9734a8702a3e6bbea17e3908d292046cd9c096d834f7aabcd0036c1626e21720175d5772b777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374421188807785

Filesize
1KB

MD5
ed907f0484cb2f60b4e719ff2c37cfee

SHA1
14334283923b4f2974cdbd7d94da36236d1f6930

SHA256
95b6b7b4580bd2dbb38ae83a4ea45799c4af8eb4c3d99bbbaae3df1da930159c

SHA512
73d5a4ee96a7279bd2d7b9fa5b3ea988a3731ae9ba79d56b3a3032ed2e166c60e1c1dc0d2db3baa4cfd1652d5612d8222ecc04645f0bed13ca0408fa2da27a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13374421188988785

Filesize
1KB

MD5
f148dce5633ffd8a8bdc368d54f95d0b

SHA1
91d9dcb720fbad1632dc4230f5e8c2fcd9f0e5ea

SHA256
7d248e6cba991bf936715edab886202be0156c18cda900a86a4f810bae9b6564

SHA512
33c047d674e27907b8f99e3b8e7cd490b57ef7af33255d1305f9b1d978d7a425f740729492cf21f9a7266e9d6b526b31dc4b74ed6dd986ad40b2fd0511727011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
8be985ece811ba0a3f10087f5f4e6fd4

SHA1
c87c84d4fe182ffb8362f3cabd33349af94e9b55

SHA256
da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a

SHA512
901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts-journal

Filesize
516B

MD5
b8eac4051c9e67ae149adc2a19369cd9

SHA1
4b5aa86c141123ec4895cc9b6cfb122c86527f8e

SHA256
ffc88d18491260fb1f7978bbb7e2322576523b85fb0f2922a13e02a92e53784d

SHA512
6516f710371b63126829061e967a51d1394e01d6f6eb7a50f9fb0a04c3d0f295e6cdba549267bf413c64d66ddecc337f82e159122c7ea810c6c24032d712b184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0a1363c94e3c0e2d7f5848bda3ab65f9

SHA1
612eeb18aa5cf9a30e407a0c5770f97c09db586c

SHA256
dc60c484b3cfb8322b623768bf8cf02037a1b8a866e22e742e591eda33a2930c

SHA512
9e3b5032599f9da5854c80579c4878662275706f2c4dc23b34f0d09e3c8ab70d227b31d939021e1f6d9ac3be1891e69b1daa810167a6d4c14fdd723b17131943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
10267555fa98f0e40ebad4f1357cbc51

SHA1
567e1fc746e536e08c10217e61939475ba58256b

SHA256
8a7b3bcaa7a3ca782410f19b45e69f7da50690cefcfe9f4962dfe981af001c7a

SHA512
448e048ec593b78f02cfe8618fb8b94e3c1db397399efd05fdc581ef69ec78af6790d19c84073f35a7edb99975f70e5c64b8f4e5fcb982dece35de760bdf44fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
c035d8099bb38e73b2e0982941824506

SHA1
71f2d6f46e29a4336f4537e97d08a74de7df33b1

SHA256
b800649a38961e592d0fd44d0564ced5d778d47109e9f4e6010df6255b1bfde8

SHA512
77436170e0d7c6b57e46fdd08d52643a3caa72f2a1cfc7322be1a8426b16691692689a653b29b8380945516c4575b26c0ae25b7d1afd23b4c1c55f9e4eec32d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594973.TMP

Filesize
532B

MD5
c21b22b31204ffcf59d3ac7a67d36954

SHA1
6931093aa81377e32f3145baa67483ea32e37bb3

SHA256
08f8d3feefcd27e233097e3a101a3530bbe4bf6d93f8adcfc18e265649cd4cf1

SHA512
bb3bf7892d43e3edfcf01bc22b914445dce443fc519c8e7930f63493dd3caeb1ec1ebda81e82b4bdef073d66daeaae6ec573c09bb9e26be519d9cf0ab1389ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
198B

MD5
4a7730868afbdc2efd5e15ce0126c9ea

SHA1
f1ee991573a66e079fe911a7ee6df202403bd29a

SHA256
bec732b306f8ffa426117ebe01ff25131d976b3db95837c54c32176fd1ce88c7

SHA512
f9e1bcf0da9927ceb970dab6ce1e0d5e4a974551f65d5317aaba728c1359ac29b7688bc3920fe0c020864129102699654e02a77c88f8c4f2cef399ecb65225a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9a8e0fb6cf4941534771c38bb54a76be

SHA1
92d45ac2cc921f6733e68b454dc171426ec43c1c

SHA256
9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

SHA512
12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
5a76001059b71b052044098ec359e03b

SHA1
79938dedee8f5a45c7417ff0d861abe5bdb4e337

SHA256
735859e05f1a73203a6a2771988c1b6b78bdcefe4f0054653f33a57a6eff752a

SHA512
235274c5b371c4bf0c934824d8e2f93bc21fd0ddcc5821cf8eb4c07858e672be45f836e97f584529b4d652a2fab60792efa708e1635991f628a8fad3cbb81465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db

Filesize
16KB

MD5
d926f072b41774f50da6b28384e0fed1

SHA1
237dfa5fa72af61f8c38a1e46618a4de59bd6f10

SHA256
4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

SHA512
a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
81a662acaa38f369309b20defc1e2fc4

SHA1
db5d0583b5c1faba0a7e1125e659cc561efdfbc7

SHA256
629cdc4347a396ef50c7f2d3494c74e8df6bc6e1e34703f2224648cbe96ee85a

SHA512
99f60b6b594cde8ac0a582c46a13c04f09703bed8cf292950fa60129060c9d8d01a06c19b32c6d28310e6ec06ebd3034cf1d2b8f2557dfb05de9d9452bccf05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
42f1a8d7284fc624e4dc88d1097c4cb0

SHA1
0b61f5d5785708f981c59d07f1d4ecab1f37f03d

SHA256
7f0c9f9e7a285a83f36e2f5485704bc1532b0343efa1e50aac580ebbe19a5729

SHA512
6e44e9aba7c4d1c646d64fdcf8c1d339ce0b0006975ae2d327b49227a20a3045e9dcd455fa34396238b49d954a4eafb3dda6b6c33d5edacd4139f4a2f4e002ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
bcb39d9635f9ba73b2536335bdedc17b

SHA1
aa47d7c1946eff8b8842b899c8968dd0c04b4338

SHA256
3e0079e570b4f33582e0b48771259dfb2a4d4c88d5ce868b5161302e6ac4941c

SHA512
3d645c58c293c13a25116665c41555a51f7bda1c6c640a112f204ae6f824db5bf3e0177a96d37e7ee54695bf44ecb796f884a6a54d9e95ade793c0e27b5984c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f0264e8c0ddb45b00140ad353c0f4f3b

SHA1
2113d8a22475832387ed26a5c60a4b19feedf816

SHA256
ba4787b59a5a05627016aba11922d3da301dc78716db8a1c5ec686bb4527efc7

SHA512
eecfd48d95ee523eb7550f220e8fbc0d19ae4c5459e0cf1bff436180b5a3ac0bcf3394fe817d5299692ceda6b08a9b59144d7d320911a67b8efeabe9d141414b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
c729887dc26de4da5b66a5a912825314

SHA1
ebbb687a12ce22bf77e8be0bcdee443d4119217f

SHA256
1e84fe34ad9a07b8e34b89a02ffa10f206361753229b35a42605d0cd1741bafe

SHA512
4515f5e49a8678176f3e1ccdadc799d86cd74699123197368894d82bdda4d83743629833f7a2759410ef7dc31f83b724d35f1b67c3853404261a925997e2e9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ea050f96e652f05283d34a47ee32170

SHA1
f722f639897a8d4911a87f42823cc3cefedfbdfb

SHA256
8503d2a57f642c00881e5727015e5c2430964ba925957aba6551f11d05c13ac2

SHA512
de238b5819c87c1c36e3a2801d671611ec3edb8fe11874ed4274c66528169d172fac7dedb05beffa55b87f0870933759c2d5db4d151c4eb3525339334d85f58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb251c156b5ab53f0c4323b6290fa643

SHA1
28202f9ee629d34c0461261c8671d50137c20d56

SHA256
5d21fb08f92eafcb634e9b03957d720ea28c9704a94afbd7eca4d9fcfb673a05

SHA512
335dd3df558edfcff20735b05c8c513efad441918f35e6f384e783973f7113af7366aa1edbf7fd23ca00302349cd8bbcefb9771cb3ad93db600557a6a38f9de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fc67c86f48322dead38640de34ef92be

SHA1
15a2db7a4bd8031c58cab66ad443d106e57a1b07

SHA256
bb6c6e353a8d201704f4870cd491e8136c08e1963b1ae359fae42d3d31f8f86d

SHA512
6f5bf673853be078d82fb744854679538f4033cdb08c36399482be1a6155d17260a9256a4f0bd59404b02b0778febb292c67b0567dc0e79c01338dc8ac481ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
41563a94efd4f412673d8a0dc764860f

SHA1
3bd55300d9bb082153323de9aaef44be54efe57b

SHA256
fb702c5522372edf1dfd0b8dc3dd4ae73c5fe12d7279caaea0f82f30df839ec0

SHA512
5dedff2127ad59f4d9bae67d29f47236a227ea10cab0f8e1498cc9d6e6ca63d0652515352a21fcfe4face1eb3c3af1dd0084933263dc479cc6766c09ff4b3059

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\02978041-0927-44e8-be4d-928c124ccabe.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
069c37bf9e39b121efb7a28ece933aee

SHA1
eaef2e55b66e543a14a6780c23bb83fe60f2f04d

SHA256
485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

SHA512
f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

Download Submit
memory/800-0-0x00007FF905B93000-0x00007FF905B95000-memory.dmp

Filesize
8KB

Download
memory/800-4-0x00007FF905B90000-0x00007FF906652000-memory.dmp

Filesize
10.8MB

Download
memory/800-2-0x00007FF905B90000-0x00007FF906652000-memory.dmp

Filesize
10.8MB

Download
memory/800-1-0x0000017EF9340000-0x0000017EF9380000-memory.dmp

Filesize
256KB

Download