Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29/12/2024, 22:19

General

  • Target

    https://mega.nz/folder/02dBGZiQ#8BKNCHdKg8CYTETbbmhRkg

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 60 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/folder/02dBGZiQ#8BKNCHdKg8CYTETbbmhRkg
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3108
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc06ee3cb8,0x7ffc06ee3cc8,0x7ffc06ee3cd8
      2⤵
        PID:4184
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
        2⤵
          PID:1188
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2312
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
          2⤵
            PID:728
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:5092
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
              2⤵
                PID:3120
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3516
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:5040
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5252 /prefetch:8
                2⤵
                  PID:4916
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                  2⤵
                    PID:2336
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
                    2⤵
                      PID:2872
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                      2⤵
                        PID:2620
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                        2⤵
                          PID:4544
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
                          2⤵
                            PID:1228
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                            2⤵
                              PID:896
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,7729679605027975408,14430021621562568380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
                              2⤵
                              • NTFS ADS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3472
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:124
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2868
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0
                                1⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:5076
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:4428
                                • C:\Users\Admin\Downloads\xera\xera\xerav1.exe
                                  "C:\Users\Admin\Downloads\xera\xera\xerav1.exe"
                                  1⤵
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4072
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/TzsNVCW2Nw
                                    2⤵
                                    • Enumerates system info in registry
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                    • Suspicious use of FindShellTrayWindow
                                    PID:3224
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc06ee3cb8,0x7ffc06ee3cc8,0x7ffc06ee3cd8
                                      3⤵
                                        PID:4880
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
                                        3⤵
                                          PID:1852
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
                                          3⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:124
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
                                          3⤵
                                            PID:3004
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                                            3⤵
                                              PID:1816
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                                              3⤵
                                                PID:4720
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12614782383633243953,5703496016703514399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                                3⤵
                                                  PID:4340
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:1608
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:4348
                                                • C:\Windows\system32\taskmgr.exe
                                                  "C:\Windows\system32\taskmgr.exe" /0
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SendNotifyMessage
                                                  PID:3500
                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                  1⤵
                                                  • Modifies registry class
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:3844

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  aad1d98ca9748cc4c31aa3b5abfe0fed

                                                  SHA1

                                                  32e8d4d9447b13bc00ec3eb15a88c55c29489495

                                                  SHA256

                                                  2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

                                                  SHA512

                                                  150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  852b3c86a6d00a8d3060b0e512794602

                                                  SHA1

                                                  587d453d6f65cc18b93d7a337aa8469194cba20a

                                                  SHA256

                                                  4c284c3b63994d4c70b60f8aee3eb6a30299524a3069fd7a33b163bdef47d8b7

                                                  SHA512

                                                  5714749c9a80abcda6b4afdc2edd387d486d0011799e19f597a8a40be98cb2af405eecd0d38a39954f772b68508642c3ea51cd97e50222d3d78b68652783d683

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  cb557349d7af9d6754aed39b4ace5bee

                                                  SHA1

                                                  04de2ac30defbb36508a41872ddb475effe2d793

                                                  SHA256

                                                  cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

                                                  SHA512

                                                  f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  2ad92cd4f23cb4c9aca348dea2ec6363

                                                  SHA1

                                                  7ffe3bc242a16d616668c46531ba45b9b8409cdd

                                                  SHA256

                                                  b4f9094535a0d97ad33d2a82dc9495a90f80f49a8ffc21f579e1713736b73529

                                                  SHA512

                                                  6d2b711739bfab13daeebac060d6c9b202d572ce2c8901092e6967ced1cac97111d040472db81b30d86fe8279a4433240b6393a832e5bf67a73619fd41187312

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

                                                  Filesize

                                                  44KB

                                                  MD5

                                                  f3d5f161dcc1a8bd405cf47d1802c52a

                                                  SHA1

                                                  e762fe3cfcc82eae41fe27e1ec07c1a1ac7b4793

                                                  SHA256

                                                  b3c03567a32d663f814ffd6a68188709ac9fbee2f6c3a80cdb6e38e8b9e12d0e

                                                  SHA512

                                                  19460846ec942a7eae889dc6a54fea6160aaed65159a96d0bd29da7c7cec2a649e31cc39e8839ea5c8ab309046e6efe34665d764945232c7623f55fcddf5621f

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  eaa8e2c251f108d4b8dee1995707db7a

                                                  SHA1

                                                  264901adeff28012c9bd0eec8edafbb3dc7e3be5

                                                  SHA256

                                                  8b07a402fab2f48227aa7705139f3c232bbc9db0f1763b93b353ee1b4ebede48

                                                  SHA512

                                                  c7436efb5b75cb1121e8f253cd513eb16a668bd66bfde009d1e84885f95adcade4862fc78af48e0f7c33b2c51e092e411756bfbb4ca3f39bfdb78f12eee9aa58

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

                                                  Filesize

                                                  1.0MB

                                                  MD5

                                                  9565600639fdca3110b711a64b6c0f8b

                                                  SHA1

                                                  f6a1c1384ce83dbdce0b27c3cb3a104eca3adff9

                                                  SHA256

                                                  59ed66a3a27ae4b5a5366f7736195dbbcba4dd4d8f7b9dc1cd17d9bcbc112916

                                                  SHA512

                                                  22c09e7f1894c24a952222734a069a80c53d5cefce97271c3413ed6d5fcfcbcaf7324b3d5f6f0ba9db55d9b53735ad9f6a365b68a17c6debb90e04acf3f3dc55

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

                                                  Filesize

                                                  4.0MB

                                                  MD5

                                                  55fa2e1e7bbab2177cc3ae15e9639f75

                                                  SHA1

                                                  af9671a320f1d269feb45f5952058db4efc4bb4f

                                                  SHA256

                                                  c10535dde8b5b26fa941b518dd4092ee11cfe5b1a705f516d6f146815b8b8d78

                                                  SHA512

                                                  30bf2c2384cc5fc0a7bbea991da728a6a85668d9166e535f03ec426c5a3bcc55fa1daaae9b5bf26d93bfcfb45549f18495442a9961948c45bef528da7e07fa30

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                  Filesize

                                                  72B

                                                  MD5

                                                  76b18619fa495100887b6a07bd7045e3

                                                  SHA1

                                                  28bb8c33765c1fa15be7dd1a6418062bb49451e9

                                                  SHA256

                                                  43a9ef55cea86606e7390785247d9cc9104f015f4ca2e302526949f6a9536469

                                                  SHA512

                                                  1ef2838ceff2a997b805cb1dfa3f63b46c229591014502601ca95f8dbfce93be307f5d1bcb6d5582d8c3ec4d3175b42489c86f2ae64d68b3cba7f0a56a134f81

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                  Filesize

                                                  20KB

                                                  MD5

                                                  371acbc285b49822148df22b8a2cab3a

                                                  SHA1

                                                  505297dc85b5259977f05b653d7a80235bfd89ac

                                                  SHA256

                                                  1d77b2b5f17f5e215971200dfd6434931a520207b83875b1d7f3d0e584efa10d

                                                  SHA512

                                                  966e2201e084cc433480909d2f741f9ae48b10f38b8a1fc7db072d8e36a8f9c80c4093f36abc8d6de7965ea845692b1a8d310bd1af705f09341d6fcdc985151b

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                  Filesize

                                                  20KB

                                                  MD5

                                                  f62ed2b98e56f9545f9cf56efa4da37b

                                                  SHA1

                                                  dd2f49bb6b32b399411b5aab8a9786cd1273de37

                                                  SHA256

                                                  ec9026c5a8c96bc5f62506cab36711f065f3bc3c8587154b57680fe185166dba

                                                  SHA512

                                                  acad29f2dcbf24816af9ae8a492fb7d6dc84a1716c1d605bf295b8b28dde8c9061815036fa402b9d9d5042616d8f2ffe2c03bf44a9a2c14c80829a3da2bce529

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  46295cac801e5d4857d09837238a6394

                                                  SHA1

                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                  SHA256

                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                  SHA512

                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  5970d3a421c9695027a942184fe32b86

                                                  SHA1

                                                  991c7bfdb2f69c701f46235ee7be817cda57020d

                                                  SHA256

                                                  42684c2d2644b61a28cd287cb0bc7dc538f1a208f7b79b7a367724edf3ab2144

                                                  SHA512

                                                  fba2e83a193ff24efaf15201d09f028156100a058ce478f588f81a223e09b1329180545e36d731833fdbccfa6c3c4462026bf2b6bb695cdaaa0ef24144405b95

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                  Filesize

                                                  116KB

                                                  MD5

                                                  84fbf1276f120314f7ef1397c80771b3

                                                  SHA1

                                                  f8673180507f109eb415fca1ad55b60db633be6d

                                                  SHA256

                                                  016febb23f38fe85550eedc8bdb073c3f55d35140eb887bfbe42d657faa63cea

                                                  SHA512

                                                  8c07bec7fce5264e7c7ef39d0a4b530783f3389a631f7835e0a9663b53bec5d83407af4df96199fce34681931fade18ffd4e48768e3ed96d2c49929e0f741784

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                  Filesize

                                                  584B

                                                  MD5

                                                  13d3779cea804b18a3cfec98abff59ea

                                                  SHA1

                                                  f9632651c19c90a601eb6dad95f7dce1da58e15b

                                                  SHA256

                                                  0100c012f6b1e81b69a4f633c66dd714b6bc5f07416efec844204add455cea5c

                                                  SHA512

                                                  60902fdeb767d8a6f3f221e7d398f5964119dfd275705641ddf7f1e9209cd9a342c355f64a5baa2eae24290792803f456bb31332cfe126fd30f710a09cd0e6b8

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                  Filesize

                                                  28KB

                                                  MD5

                                                  be88db4df74be0d3e44b6ec79b74e76e

                                                  SHA1

                                                  def8756724d83001203333ca4333e4617b1715c4

                                                  SHA256

                                                  81608f8ba170e3e6de780d4a9f8d00de2e192ac503e793210f4978a772044805

                                                  SHA512

                                                  2d83378ddba21ab289249b3b6e7f80786f1ac101f15ff7cf3f21ea2bab703b3c9f57e22111101b7bf5c7d12417a383ba074de914167895b49ed558db0e490bde

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                  Filesize

                                                  302B

                                                  MD5

                                                  75412c8146fc5f328c12f2a47dfa33f3

                                                  SHA1

                                                  5571452220a473a126a1817acf16e37eb2e2eb87

                                                  SHA256

                                                  58905b5abe7f382101f128ebee8a6ba59f9c2c40cec11e4084677da0af227173

                                                  SHA512

                                                  257f0177fb174892e797333243ec98c3326bcd0d60ab4e053fe0b602ce006d85e146c883b7f4bbe4374e8859f5cf78d47566a7884c0de2a3065a85826436fcc0

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                  Filesize

                                                  331B

                                                  MD5

                                                  da7a0fa096144ebaf6a8a2ef84efd7c0

                                                  SHA1

                                                  8e721480811ef6f95b8e0ffc8fed7826ddd7dcd9

                                                  SHA256

                                                  c5519c28698fa87c5229adff2f1b81bbd6647c1472066d61606081870f568638

                                                  SHA512

                                                  c27d249b12206756a6f2215cdd49c05bf1b4adde6d4e8244d6fcd4723b05d2df41608703e9cb1ca3f9169816486a0df79f87465189f285fa68651ea6ce62045e

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                  Filesize

                                                  325B

                                                  MD5

                                                  99a5aa8b6190d8b44fe263686eadfefd

                                                  SHA1

                                                  5722a144716dbd0c9f662f71e8446d75d65437e1

                                                  SHA256

                                                  6dda5f876dc8478ed3b0c28e2378fecee5d0837927e21619d6474ba169740346

                                                  SHA512

                                                  827e3e13ea5d2894567c398db7cd4e954cca2818633f74831c9f2de2b49a1505041ec23e2c866644a2e64ef16224c5f9917bc7ebd03c7210a1081e2ddde07b6a

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                  Filesize

                                                  188B

                                                  MD5

                                                  008114e1a1a614b35e8a7515da0f3783

                                                  SHA1

                                                  3c390d38126c7328a8d7e4a72d5848ac9f96549b

                                                  SHA256

                                                  7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

                                                  SHA512

                                                  a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  ae2081642a4af49e42cf7afdf5924a03

                                                  SHA1

                                                  1730dda4057e2fe145665c19198a7e812a45b41e

                                                  SHA256

                                                  3ec5011fbb542af1332d867677032e6ca2da9cf4a9ee1fa641a567b96282e686

                                                  SHA512

                                                  2e2b8420a97bcd268cc23940757dc2084ea4f202978de9918d98b7bb57778f3ab3275bf3d3b3cda58bab12c42b87f1a614ec568cf00af2bf23a2e20a475e9283

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  71ffe8a34637263712a04f3d8a2258b4

                                                  SHA1

                                                  2f393bb8bd68fb0c5e9788e01e2fda8f27262ec5

                                                  SHA256

                                                  39971a3cbc6566780cd3efd9023d476f3d03be32e9fb4f46cdb5323927c4fedf

                                                  SHA512

                                                  6c71ab6e2f3ef8702749429b6d854d191faeb3ea14ed7b0c5052340deb2962794f34c509a4587446c1d93abe809553a95165e116f6493b634f89a905c6e7fab8

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  709129e159cf0f55c57884b1fd217b5d

                                                  SHA1

                                                  c4a1ba04fb6711060ec30618a4b2a5222c045ef7

                                                  SHA256

                                                  d8f1e720fbcbb52ea51ece50674ad02d0dbd253dc281c1d31230812d646d4f4b

                                                  SHA512

                                                  728d2bb4fb4d75ddaf5358ff8eb0452df166c4a701c89409dae6eb147590e0ddf423ccd26f83d08834fb0b6c6a2c79b94518ea39ce67e3bb3e4520a695f1f81d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  9af7bcbb5655efc8e8db6309e4671348

                                                  SHA1

                                                  ef70adb55d3c93d933cdc3608add21d47473bd12

                                                  SHA256

                                                  45d3d1ad1f2c1e2039258ed544394c9a0087a671e0b39cf00cd3cf2b7d7a9c66

                                                  SHA512

                                                  194ea85e878afd00902b3c822a48271c7d217cd5b471ee315ed10d2daa533e56b783fc10ecee7cd6c1dd9ef4114e40387df87759813062903fb9fa6a442cea0a

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  5KB

                                                  MD5

                                                  c5e13ffd4e38e6ccba231232d174f116

                                                  SHA1

                                                  861337f1c3a802b017826c072562e57bfbcd1c44

                                                  SHA256

                                                  bcc1efb8d74e392b3ffe2fd88788129d9e7dda5f14bb23aba5df87a105a8fef4

                                                  SHA512

                                                  61b60b7dd64feaa0e16b82e0e6f5d7a9428d72ec860eab62a5df22518fe182a18cda593dcf59264fe6dca7b89d2e9b91a07ba91b1b87e22f2dd93e1ed25e40f7

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  3efa10535af2cd74a7f9befac3ce48f1

                                                  SHA1

                                                  abcfe814a0a4ea510f0378eab634883069f80f0a

                                                  SHA256

                                                  e90d5a5787a2618deeaee89db26ac54815a8eec3f9c958cf7778aed19740072d

                                                  SHA512

                                                  098cbb12629838dbb2601fb7540b0e047cbf631e4417f0ed857e464f020f36481ca5c2b8f018703e5218578598c605d926515432230ef9d95b9ac7d2eaf271c5

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                  Filesize

                                                  602B

                                                  MD5

                                                  2b05993e25820ca6de46c3699dcd3749

                                                  SHA1

                                                  b9aac78da85afd7b018b095f38ddf2c4de3aa286

                                                  SHA256

                                                  7907f8d2d1daaeaa14986a1d154f5150cf17b771e44ef2af6b38ed952c147c37

                                                  SHA512

                                                  bb1133cc2a4c1d33d1127c00c1b854c1a62414e4609e2c95d1184d44eb44e64184ea7fd1a88f8a5dc0a62ce7bea0af871b0bfdb270c6c5933871d682be265c69

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                  Filesize

                                                  297B

                                                  MD5

                                                  4d208bf16374e0766605112cfd4e1503

                                                  SHA1

                                                  8a58fd024e65e427ab897c0bddf3c32a72dbc77c

                                                  SHA256

                                                  86f7d81683ebd0536c044564b251a36fcca5194b316900dd37bc336e7cfe0296

                                                  SHA512

                                                  ce15088597809fbc562dc2fd4c5f99864418c6ad129b23604c1c7980f01a883caf8053db692af41dc751223df69eb8f55e5910510a7965c56f9f266a20c8a4bd

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                  Filesize

                                                  41B

                                                  MD5

                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                  SHA1

                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                  SHA256

                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                  SHA512

                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                  Filesize

                                                  72B

                                                  MD5

                                                  d8eac4d488fdd10922d1c4492a32487d

                                                  SHA1

                                                  f840d6558670607000f046fb506ebc74217dcaee

                                                  SHA256

                                                  b78cf3caa9e843c4a9132a2988ea3e5e03eabfb1e4eeabfc18f8d9d8bf4aadca

                                                  SHA512

                                                  14f3a84a4e82e832ee424c4e6bf844fd2d7461d69fc28a7911ab37edb63e9f3cb21ce23508694a5c60a4262617228e5a6282558fae157051914b106b97ddc8ef

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ebf6.TMP

                                                  Filesize

                                                  48B

                                                  MD5

                                                  30e9505a28724bdc1f7cbeb0ebda3168

                                                  SHA1

                                                  9324a864ffc5ef96bc0956168b21ae7b1d199250

                                                  SHA256

                                                  dff8e1147382225d5bdef7fe9083be97fa0809b46baea822d801b45e24bd9650

                                                  SHA512

                                                  10cba5456896542d4556ad84e299f38b53db37d618882f02371d250772a9b2d29993974052932b83841d5e1af302acb190302dbefc586ac93183c090b15368ed

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                  Filesize

                                                  400B

                                                  MD5

                                                  cbbbc7d124422e9d4f01cd5d60d375f2

                                                  SHA1

                                                  95773ed618cd2bce247380ebca39a43f6de1279d

                                                  SHA256

                                                  04689bd146ba13ab074d1d0dcf0502f9210140ca573729dba506bc30b2bbe52a

                                                  SHA512

                                                  f36809389d9a627b9adbc63a44d6007a0f277ee9be82d6a6beadc407f6e23cb450454cf20aeac9d14f621a5d4bf0cc45352312d1de2d38b615d977eac743d528

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                  Filesize

                                                  319B

                                                  MD5

                                                  5ea7216032f1458c3be76c139f2ad2ad

                                                  SHA1

                                                  9a1bc5d247ea3068a16a9d43e8a588c26369b27b

                                                  SHA256

                                                  eabab0ee01f3cdb4759f9ff2e77afbee7c175e3244040fecf36f95009e0aa76a

                                                  SHA512

                                                  bd0bde94cef0ad9823a470c391a4fb336fb3ef59f59638dad4f1293402489be570df1a48daf98a56e032f84ff29b59aa1e26e78f36109f2d0ab3b2ea45c0f6e6

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379984363237866

                                                  Filesize

                                                  33KB

                                                  MD5

                                                  c8257272cd9f0fdadea44fbb12daaede

                                                  SHA1

                                                  7177e2c67428b06e997b6e063501d9df6fff0077

                                                  SHA256

                                                  80c6c17da5e64051801d33040e7ac6df419c33c3c19037707077fc187b8356a4

                                                  SHA512

                                                  e8f590596fa17053b9c028aa3f3ea723d84c7055f12c8c6bcbc8bd4327e762e9515e990c71664a4c30c25b31cdf3b18fe014bff3d9ceca5b7f262ca482d68426

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                  Filesize

                                                  112B

                                                  MD5

                                                  3e6364411fb2303e0d6419f3316ff8c3

                                                  SHA1

                                                  6ee8ecb2de9d69fdc28ef02ce31a2cc5f8dc9373

                                                  SHA256

                                                  2cbf8b6cc314c5d76006f182c0dc116e160b4736c462a06395a092f0ea378b22

                                                  SHA512

                                                  fc71ab918fe8204bc8ce4cb8b0520c3dd13e3c07b8f0e63b08fbc32f9dc32ff235cb09f25bb8841f4aa481fe9a08ed7f7c2a735b8d8e875248a2fa5f238c8680

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                  Filesize

                                                  350B

                                                  MD5

                                                  d61f4478ff2abf04bd09caf0450bbaa6

                                                  SHA1

                                                  cc574cfe0ed854168b9ea04c71018f41a603f66c

                                                  SHA256

                                                  ddcec686e057ef63ab641e56c99fdc70a59ddf987d7d6a4a0a215b448c826ac0

                                                  SHA512

                                                  38fb8be23eee44331262c4a767e8f3796450c46be8efa5763182ae7d3479b5062a39f8e808df9571cc1f463d1dfaa139c8c66faeb0ea3f8bd8b543e5a5eb56d4

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                  Filesize

                                                  326B

                                                  MD5

                                                  a3ed0c1be9561471582f8011a143fac8

                                                  SHA1

                                                  d02c72734e0dc5c66dfb6b524ac092ef2decf38f

                                                  SHA256

                                                  a177678107c485c8766613b5dfbed08caa70d570be2fb2485eb9f6c1d3718875

                                                  SHA512

                                                  f14f5a4bf65d0f9d1bce077e6405c7ae099a499c04a053277884b79c718b70a6eb44039fa6eca94eef8b78317c1f3604df0189d8e8458ca01039b59dfddaf487

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                  Filesize

                                                  537B

                                                  MD5

                                                  6e8790e3d936c5c5f44636da37f244d9

                                                  SHA1

                                                  9208e0b61ace07599802bf7642e07aa0d6d4ba35

                                                  SHA256

                                                  af3e030b454b40d9a23f086aac4b56ed38509c26f12b38c2d81219fa9cbd1704

                                                  SHA512

                                                  dfe96c5d1199cf40b358dafd8d45422072f2d25a36b6cb828c3203e83c96f271243be0377f7729845450857a8f63879f54ab7cd6ba586efebe0cfa74934249dd

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                  Filesize

                                                  203B

                                                  MD5

                                                  9d93605c756d97110c45bd2a8a91f872

                                                  SHA1

                                                  d906b67b316541a5fa74bc9c87deaf306c079724

                                                  SHA256

                                                  9a6a29947cb715b20dc84690d34ed5c9d34b56883be2e4f93d7951007e68b4fa

                                                  SHA512

                                                  890e9adaf7cabdc4b6bdf0110d4fb26975435c0dbfabfac8662240b1d792a451a94d2ab904701280b3037c68be21081b7460b7e1e2471f7afad54b3320383f9d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                  Filesize

                                                  128KB

                                                  MD5

                                                  18e46602014eb02065e054719623beac

                                                  SHA1

                                                  643244511c9bfe97493c011bc59b3b5195b88b09

                                                  SHA256

                                                  db949ae0a218da6b5e53da5ac42a778113b4d41102f398d27563263ca225816d

                                                  SHA512

                                                  5f5d6039676f987a422cc85734824f0b2370fe8941197c593ff0811fb724cae6b6498e8e9b15c45e517fab4aee397422ca0ee8b63a20388e8f356af78dcbc714

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  206702161f94c5cd39fadd03f4014d98

                                                  SHA1

                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                  SHA256

                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                  SHA512

                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                  Filesize

                                                  2.0MB

                                                  MD5

                                                  a3c3f30109d9cf693621cf663018f88c

                                                  SHA1

                                                  5e583496237ed83230b7c83462c7061f288f6462

                                                  SHA256

                                                  c5f07e21163fc7eb62267eff75585c228353bd039cc8c3e5e981fff96d9d86e8

                                                  SHA512

                                                  32cba36bf3c3c25b6618a15bdf057c9db856f1c6ba292b233cc2a7a87fed3d170609c546bf07474bf9eecd6cb3c24dd9de06a9390db63f4354b8152f83c1ad3f

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                  Filesize

                                                  2KB

                                                  MD5

                                                  48e7900349f06e3bf146edb1ce110316

                                                  SHA1

                                                  59c6ce65086807249669e6110951b7dbd5abf5e2

                                                  SHA256

                                                  ab8cb59bf238edf0f7b0b8ac89f709a74e9234589fa526df1c98d1ef33fab2c5

                                                  SHA512

                                                  85beeae4744b1551f671b5d0e40b4d658b09ceb2d4679cd5cae636ffebcc7defbea171ebc1b4c6c37d1793220b414cb3c90028553171d5a9eb6827ab1763a1ae

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                  Filesize

                                                  322B

                                                  MD5

                                                  3c000f6f9dc1ddaa10a24769a68bda68

                                                  SHA1

                                                  338c348f56732e159893438ddbf0569b6830aea0

                                                  SHA256

                                                  ea59f5b3c8f5bf7405fcebd2f10112188e228f7ec950c7886498f1d1f27a293d

                                                  SHA512

                                                  790c0e2f21db577435b254c2384e1ca992c73fb5856b12dc03decb64515e7e3cb373d79391ee9a54532703351ad91cd2213c195eb8d60f95e7beae98557e0d9f

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                  Filesize

                                                  318B

                                                  MD5

                                                  53809c5b10bc3702ddfcdb479402c551

                                                  SHA1

                                                  0a8435aa6b64218b3e57feb7a70ae2cd523af8fd

                                                  SHA256

                                                  95b37fc311a59780baf9846248e8ca70cc706fbc2c794be945f3895f1aabf2b8

                                                  SHA512

                                                  302a1fdff3371a2e2d77a0e9b524f2fd42356e83d6559c63ae40e9510eb693a6ac345639876e372943af28f04f2d644f84c64145611df360cfec6588f5d7942f

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                  Filesize

                                                  340B

                                                  MD5

                                                  4b3cfe3fb13bbcf4109ab7f2a3c3e0a9

                                                  SHA1

                                                  415dc5bc2ff8997ec006f944c267304415b65c15

                                                  SHA256

                                                  c6009f41735e1107fe56b8c90e75e1a5c6f49c66365883eb8df1551e69263abe

                                                  SHA512

                                                  ed832bee74a0c8d892071f45b539d9936e154d86327d757a7c9d7897caebceda75910d92167476a199a004fdb762ea9ce53444168738c54127be2ec868d3d790

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                  Filesize

                                                  44KB

                                                  MD5

                                                  88f59b67373ce6faeeb618de325eea99

                                                  SHA1

                                                  045687e066c93fa5b368a3c230779b1ac06826e7

                                                  SHA256

                                                  b85da6d538d80c0fd0f552e435bcf341e4b49d6d6ba4d9691d0b6f927e56b4c0

                                                  SHA512

                                                  bdb0950eeeb64788f5a397359c3e84636b510c51b76deabc8f575e29ce4412c2e009acb127c9ffe226df25e9cb05759eb1ecf4d3c33ea422ba62ab532404798c

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  f7f672170f817b98fd1b4c2d728bf4b6

                                                  SHA1

                                                  eefb6a62d115936976cdf891c3d3df3488353593

                                                  SHA256

                                                  769a79a90804a1ed37f0dc6cbda09d470f0d395f5b4f6c7e636b987a34f2545b

                                                  SHA512

                                                  f024927c2b541f5c515573acc698caa6b6568ffc7adf3972c03a96bb75b0dd916fdbd2c4439cf1f91951040f15674cb5d283eb19480bb8daf44b8f4179bcfd66

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

                                                  Filesize

                                                  4.0MB

                                                  MD5

                                                  a98076a8742f552421fa1a698d5c1aa9

                                                  SHA1

                                                  9943f40de1a9058f79153486b7336351d0d7b769

                                                  SHA256

                                                  cef9a522cc7b6554ec85f788684d1417dae2a4f3c5448f35ed4f3132ba18d36d

                                                  SHA512

                                                  8edfafa5d4f0d2bb5a105fdc8b8b42f2705bd4b17fc733f5d4b072c32798e92ca2e05763fbd105cd8f12fb62db20af45e1b6e09cbce200f20aea54211553fa51

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

                                                  Filesize

                                                  20KB

                                                  MD5

                                                  7e86d5c1bf2ff36b15bfbd8fcf748b16

                                                  SHA1

                                                  59a1515ddff8caec85c4f27ffb17b69a42ec6226

                                                  SHA256

                                                  82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

                                                  SHA512

                                                  943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

                                                  Filesize

                                                  20KB

                                                  MD5

                                                  2a029687e73114ebcb4fad10c0114e8a

                                                  SHA1

                                                  f09cbbed46b9f8c731568bdcee13024e89bda397

                                                  SHA256

                                                  fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

                                                  SHA512

                                                  211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                  Filesize

                                                  11B

                                                  MD5

                                                  b29bcf9cd0e55f93000b4bb265a9810b

                                                  SHA1

                                                  e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                  SHA256

                                                  f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                  SHA512

                                                  e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  11KB

                                                  MD5

                                                  4904a5d3b7900656a3d336fbb69bdda7

                                                  SHA1

                                                  0c0eb9a1e8ea93b35e62ce87b4f5a8fcc07aafa2

                                                  SHA256

                                                  4c8996f809b955042527a0657d8eda91739b2567e627a00b8b648ded3a521a71

                                                  SHA512

                                                  a53de4ae134e1af214b70db62287651b7dc43c628ab946d2175ec4427b55e68350533906e016c5ebabe6953296044478f18d163aa4375b95f4ef80fbb7cb6a59

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  11KB

                                                  MD5

                                                  2d67f869657ae13e6ec7ec18320c93e4

                                                  SHA1

                                                  1304befa217b1e618c6f9632d5c66207a802a567

                                                  SHA256

                                                  1a06a968a9eecedc3364ba56c4978530a38917dc0eedfa938d43ec4b2593ed02

                                                  SHA512

                                                  906554a9f9943645d2a2650d23e741986aec998605bf93014520f9e38dac281d7166ea6d530b498e5cf039c33be78ec52e57fc9fa8e6c590c8e011226d907cee

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  10KB

                                                  MD5

                                                  4023ca6dc3542144eae77993f9dfd800

                                                  SHA1

                                                  cb23ef3cd43998007c53e501991a9dcaa504becd

                                                  SHA256

                                                  b05eb1ecaffc15f7c1621fbfb8f40e403cbe16e9c0b935de9db22130ef171b81

                                                  SHA512

                                                  254adc027c7dbb434073e69da53e15b5d7767bada2c61e05d9a30884754ec81b0df65ec29af280f56e435a2e43cca0c2c4813fbe39a74b5d579612799847348c

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  10KB

                                                  MD5

                                                  4cda2b726f5ac20f8b32e05ca8cc612b

                                                  SHA1

                                                  c77c7b16c461d6ae8aef4c70bb6c4358cea21ee4

                                                  SHA256

                                                  0701bd3507857e6ce7aed14b8947724728d753a0bb3abb97f10727201317c3bf

                                                  SHA512

                                                  6a58d572c72c214ca6e8b616196f14b2702890eb40bd47a0c4d9aaa9bd479024d03f18a4cf146ec50312062f17ed55a35362e55aec57c4ad69a46c14574880e5

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  621894d2f21905aeb9c029008675948c

                                                  SHA1

                                                  0c6eb44d7d47022dcc09e54c7c0ac651bae32aae

                                                  SHA256

                                                  c3759c102d942a245d233291352b56bb2df3f49f987d50ff51e86883fbc7b972

                                                  SHA512

                                                  f63dcc2cee5483e6be5bbfb627df8052e688aac6a79c77313ba55764078f4f694383ca3ba479603814853da67c6c1448b97aa0ce2f94b13baaa72f63b29a5915

                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                  Filesize

                                                  10KB

                                                  MD5

                                                  1e7dd00b69af4d51fb747a9f42c6cffa

                                                  SHA1

                                                  496cdb3187d75b73c0cd72c69cd8d42d3b97bca2

                                                  SHA256

                                                  bc7aec43a9afb0d07ef7e3b84b5d23a907b6baff367ecd4235a15432748f1771

                                                  SHA512

                                                  d5227d3df5513d7d0d7fb196eef014e54094c5ed8c5d31207b319e12480433f1424d49df759a7a2aefc6a69cef6bf2a0cc45d05660e618dc2ec9a2b082b7b5f7

                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                  Filesize

                                                  10KB

                                                  MD5

                                                  b5ec1c651d538125bbad8ae7b5878883

                                                  SHA1

                                                  fc51a9862cd962c1dcf92da77deca73aa79f0c04

                                                  SHA256

                                                  7e4836c483ec272727cb1e69f6d1769be0f8ea3783dab5fc6846bea18f8c5114

                                                  SHA512

                                                  ce915256b7339ce5ae8c12864b66f8c83c4ef31185e46d5877776a4fb21ae18a58c742af77312d54ca77f42d33c63e9b6ff868c078d11d423dac4b72cb599f2e

                                                • C:\Users\Admin\Downloads\Unconfirmed 643375.crdownload

                                                  Filesize

                                                  7.3MB

                                                  MD5

                                                  1c24930f8a949586fb93e1fd62de088d

                                                  SHA1

                                                  bce395a44b0254fe05fb25a08ba9a0c72902e83a

                                                  SHA256

                                                  65ff7709c935ecf3144670cde40a5a07685337d557242cec88302f575cc3453e

                                                  SHA512

                                                  7847d3d66cd68e1c2aec614cea230fa6c82d6f0e4dbe5a2897296e60de8149c76f23f6939ecfe2d1cc8fd4570fb0895bed88a85a878e2097884f82fe8007ee93

                                                • C:\Users\Admin\Downloads\xera.zip:Zone.Identifier

                                                  Filesize

                                                  52B

                                                  MD5

                                                  dfcb8dc1e74a5f6f8845bcdf1e3dee6c

                                                  SHA1

                                                  ba515dc430c8634db4900a72e99d76135145d154

                                                  SHA256

                                                  161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

                                                  SHA512

                                                  c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

                                                • memory/3500-551-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-558-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-550-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-552-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-557-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-556-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-562-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-561-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-560-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3500-559-0x000001BA82700000-0x000001BA82701000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/4072-384-0x0000000000CE0000-0x0000000000F98000-memory.dmp

                                                  Filesize

                                                  2.7MB

                                                • memory/4072-385-0x0000000003330000-0x00000000033F8000-memory.dmp

                                                  Filesize

                                                  800KB

                                                • memory/4072-386-0x000000001BEF0000-0x000000001C03E000-memory.dmp

                                                  Filesize

                                                  1.3MB

                                                • memory/4072-387-0x00000000031D0000-0x00000000031E4000-memory.dmp

                                                  Filesize

                                                  80KB