phemedrone | hxxps://uploadnow[.]io/en/share?utm_source=tNr04f3

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2024 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://uploadnow.io/en/share?utm_source=tNr04f3

Score

10^/10

phemedrone credential_access discovery stealer

Malware Config

Extracted

Family

phemedrone

https://mined.to/gate.php

Signatures

Phemedrone
An information and wallet stealer written in C#.
stealer phemedrone
Phemedrone family
phemedrone
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5664	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3484	msedge.exe
3484	msedge.exe
3424	identity_helper.exe
3424	identity_helper.exe
1860	msedge.exe
1860	msedge.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe
5984	Resource.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	5984	Resource.exe
Token: SeDebugPrivilege	5212	Resource.exe
Token: SeDebugPrivilege	5372	Resource.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 4044	3484	msedge.exe	83
PID 3484 wrote to memory of 4044	3484	msedge.exe	83
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 1416	3484	msedge.exe	84
PID 3484 wrote to memory of 3092	3484	msedge.exe	85
PID 3484 wrote to memory of 3092	3484	msedge.exe	85
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86
PID 3484 wrote to memory of 1020	3484	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://uploadnow.io/en/share?utm_source=tNr04f3
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1fc146f8,0x7ffa1fc14708,0x7ffa1fc14718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,11508579447097082269,8863275771200669046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5276

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ReadMe.txt.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5664

C:\Users\Admin\Desktop\Resource.exe
"C:\Users\Admin\Desktop\Resource.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5984

C:\Users\Admin\Desktop\Resource.exe
"C:\Users\Admin\Desktop\Resource.exe"
1⤵
PID:2280

C:\Users\Admin\Desktop\Resource.exe
"C:\Users\Admin\Desktop\Resource.exe"
1⤵
PID:6060

C:\Users\Admin\Desktop\Resource.exe
"C:\Users\Admin\Desktop\Resource.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5212

C:\Users\Admin\Desktop\Resource.exe
"C:\Users\Admin\Desktop\Resource.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Resource.exe.log

Filesize
1KB

MD5
a6e9e4eca4c4127d4890730a793077d9

SHA1
91586368d80b00cd95d90f68c6256e4bc4e003bb

SHA256
16c3e14a01c3738e26b5d1cbdba96df9eefbc6786096c41c2dffb345486babd6

SHA512
bd9675fb0175a8e1d84b368558d2a812ef352d3b4f2e8bc8721563e3be9883efc7160c8dfaced19bc08eb8a586393802c71774da6f307a13e6b160f62ef4920a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
138KB

MD5
6174ba506514ec4b51459759c8d0f0cb

SHA1
4c6340680c3ddaeae06d1a8cd34dfbba2de748c5

SHA256
f22347457dcc1547a18a9aa2526dc2d355b4af14ebc468c0ac56ba1f1084041f

SHA512
799ed2e2ed3837604edd51119424dbc749938a207cd414fa5a709f6b2eef7d9c2195e3b1ffb69a59242190dcf123113b21e895fbee0543e7d74f41abc5729df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c2f15f8567e230b232c82a1538a935c7

SHA1
ac0c94e601861b047e954a94427efeb21cb6a266

SHA256
db6af75edec2de2097b43346e8eb3d1be3b7b24c8aedbba84282d47b86e55999

SHA512
e962f8ca3d37144942cf1f6230a923481f52c06a29dd45355a9efbab53bd7e1f3f51e169780ec56bd2488bdf67b455e8292b070caab877beb028784e0292739f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite

Filesize
64KB

MD5
2b65c5d1ab0aa3f3f57c635932c12a5d

SHA1
b532c837537438e591d5d6adbf96a5dfe5c40eba

SHA256
c111777e9b9a42cf62b06900b847283238af63d15033c40577cb10aaa58c084a

SHA512
7d75089fb928c23c0166a74bb2baa3c1245bb23012d30ec2cf1fe71f8412700d354d4b9b8070309b23a5b003e37727ecd00f9ffaa018ffa5bb67ad1bed58e175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
274c52224fbd15e1018e453e56f63fe9

SHA1
e2707f10920912324e5d74a5a546765bb58fe151

SHA256
c6e2100d19fcdcb8098ea275fceae6072a65cfc7bb683bb8a84e6107b725d1d3

SHA512
27825ee78749f2bf9c12c02ae5e08d9effae4a82f4f0fc7b137ea7604b29d95a72e73e5b13e2e57556945557e3e75204fc85521bdd537a5dac21d0291aef1247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
87d74ada7cfface506b15a5ec67a5f7b

SHA1
97d00d10e9da3f74e108003dd635924964ce54a4

SHA256
82627168acc87928cceab9012f41899aefee2443edbd7a1be09becf47caf5643

SHA512
b07dc11b3c2caed2034293f503abe9318e10a32c76d8a5074f4e576c21e21349781eb8bd369bd1ee483632a974e8433eb4e38895783c8a9dfe6af95545a264c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
4a8c00c4135b85ae7c2773d10ab9f7b4

SHA1
693922b03bb0e32b40db8c8d80e5f08b9feb66d3

SHA256
1ae185fe4be66a3cd67f92a6a5e7d5e9b9dcd7db6b2efcffb0dc2118a6e05dd0

SHA512
72656e51955d4d4f304600f700b8c3e4ff2ead4574ea937f550e0cc7ec5eeb3ff80012fe3800341f4f1a52965b8b4c4c56ef4576e5d8dc04e2aad1f5e227966d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uploadnow.io_0.indexeddb.leveldb\000004.log

Filesize
5KB

MD5
209cd69d46401abf300a4905ebd23c7e

SHA1
24e5bbd450d8a88c32a8304cae09e3f80caac0a4

SHA256
4aad54645c6f1cd70e94b0858d815e9ad9884ce081436471df639599020f70ca

SHA512
f905c1e3e84ac8441cc70aeb33db0dde4a71e2e59ff2bc5c41733fe1171d932080ecc1a964ebe46a95ad2d379686928694e93dbe16ce8759d83cedca7353fb32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uploadnow.io_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
bfa91351f12b34ae49911377972c129e

SHA1
1b8a24603a0b6bfbbced8b0b8f729193b18392b3

SHA256
8d95b9a11368fe19d78d6757c84a6ed4a702f991b03391f4ca989354648c4d9d

SHA512
e20a7c7c92b20359c9c19a51543117b2edc0721c1fd982899f982b06cb27de08ecebbaaac8fcbf4062e6e9d47405cff680990009b2394f73bc3adc59eda26405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uploadnow.io_0.indexeddb.leveldb\LOG

Filesize
671B

MD5
1a6d88acaf1849c47c94642aed4b359c

SHA1
bf3c853917d17363ed28245a5086f50f140c4727

SHA256
19d31824c077ff5ed2ef7511d5bfa31892250181215a49edf2c0c84108931af0

SHA512
6e4b480e7b54dfee89e008e9d663a7d9e2a9b0f995db179367e36e1584a3eef2cdb0dce26a5fc4838588b8f5ae88fdfc876736a82739489af9066c0ee8c66923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uploadnow.io_0.indexeddb.leveldb\MANIFEST-000001

Filesize
71B

MD5
9a712bc5b37be40c75a39fbe81f2c4d6

SHA1
c94defdf7aa5059748902d9414323fcc424be1ad

SHA256
b3b51a32fab2ac0e6c2d8e16029f58670d64c67aca5d808ffd81abb23321b709

SHA512
04afb603f833430bbfa45010d877af597464f58e5db937a09f19c97ed2fbb2bb191b2288b819d4d408c8afc4fa04aa74af969c56ae3c195562aab46a954aaa0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e5109af67a246dc3dffd70313b725bd8

SHA1
771b4ece380b23189caade094b6c00ecd7b26d28

SHA256
ca44aaa408ab806572dca3c6741b096552bb26a2cc1a29b0ea66623807019438

SHA512
aa202144f73d2a6e3192a986df07cbe3e16f6240eefa5889ad552a9ef5327bee99b89b76c57427d7a994764ffd25f832bf8ee09969574abfda69e18cfefc33ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bca478fb4126d4a436d9a44e3177bcb

SHA1
04eaccfd0d5b975563b4cfc32ba5c819e1b4f610

SHA256
86d363b5fbd0c4d46c175682e0b03bc31a6a42708633959063013998a75723a4

SHA512
ba787bb7b7db3c27413680ba4226e625e0102a590471c6265941bd6f27beaa37bf402d1fe23c7f43424e9f7e1ab41cd752e09197ae40fa4c3bb1503fe24ea244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6138ef24f586e260fa67b0af7843208

SHA1
03559abd7674797d0411a47b1fcfe909910af4ae

SHA256
ab632caba8f5b2fede673bc0715e92300e9847a37f22bafb0e34fc1a4051cb3a

SHA512
bfaa200768346d1f79553256fd67e2f22bb4def244296a04ae33f78b3b9e8989de8c1a8bc42cfc97db7b0feefc00b995461b8ebf9f1407fc595f6eba296a56ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8eb68e6094d087c6ae4f57430407a8f

SHA1
c14464d64d6b86d8948c99ce0dee0ed6a43b76dd

SHA256
bf3118bbfd21e169d249e6e98074712a46f06ea355ec4e6e28c94ee2a5974f90

SHA512
e31fd80afadead8fe51566b67cba4cb9311950df2e8d7bf7800c6ddc7e701a197a4d1fdcce6d133e8fcffee4a3c9926182e52571c8b2eeed9103e1a09b4d58ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\QuotaManager

Filesize
44KB

MD5
b160b2455cc619768789c94e26d16371

SHA1
81761ebdd0fab135791e5dcec3568f89fb2423d2

SHA256
b7d11f1dece5f4e242d2152ddf7be1fb5949806bad97accadd637db49b3dcbc7

SHA512
5bce767cca3d47be9fc6a87bdb35f49951da7053de04751acfe8f32ba3db8ab98ed438f3a15125e8b5deb830268e0da6dd20762a142c1663bf274d7209269ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379914663216169

Filesize
86KB

MD5
e7a5853d3eb74922a0e74046815c0fbd

SHA1
16baea55e24f3221dd63fcc54bc40e012fb22cd3

SHA256
854d466852cd02b5af45c472d9095e15483001838fce8a213bbbcd3d288dcee4

SHA512
d6666b7efd89013c9816382cfff8463bc60c901e769a7cbc6faf53df68d959b1f92d18852646de09ecc72ddf9a9299d3cb61cc5a1a821e0c08922cd699c9a896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379914663385169

Filesize
933B

MD5
c751d51e505a3f6dc189e40392fa0c15

SHA1
fa46d8f7cca067a909f2a12a64df3eb0f8bd1147

SHA256
1631e1ce41402dd3a1f886cb92b48d173f23ca58c8aca9ad51b927febc613833

SHA512
7363de79e49201fab8532cd492d4db4233d23a03f880ba28ab7b1a3a4c49bdc9a47335e9b6db05c85c5faf60c4984994c55834700552cb47eced0e5d11c4a13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
93f93240a4a9220cad1fa39b444884df

SHA1
4755e3d1d01c33bf7994be9faafc56c7dab64ced

SHA256
917e001a25561ab742121c90c0cfc2998b3e0d55c1fbf04b7380c4248c6a3e4c

SHA512
66da7acc784d2417289fcca289b175a6aa92506064251ba1f2654ca4931665143a085d681c0bcb81ae83a9b7dfbea5f9ddc151dbe5075763babd79c462a63405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
9aabe9185435847979ea93224af9ad74

SHA1
f3b9513e313d84db8ca98e51d3d98ee41dd83bbe

SHA256
15c565c54b93bd27d25b19c62a1cff8c353161e1e9e1555907f7aaa0d9577117

SHA512
827173a11f0273a6abb0eeab53226e717fcffa317ad711c2c787676c94d3b8efbcbd28c42f6807d6e37cd4e0de1f71dace3e9db4cd14bdf167fcd4d4b378ceb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1041fb102fabaa66039e091b721fb616

SHA1
06a6c05f12ac3a52f08a36e5e72eb49a47b37c8c

SHA256
bd69f7e3871ec00539880d4c9422ff1a3479d3023c0102761231d77d814595ab

SHA512
3131ab7644f9e39f01e4d2ad303402a030542c72fbccd775dde06bbcf724537799f3112b23d1714013645cf0a5cf9d310c4461d5d57b38833034616921d25bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea7f.TMP

Filesize
538B

MD5
3c8266f122afc44c74c282f69b58ae58

SHA1
4a3d67fa5db2aab8294b10d246be033dc7e99bfb

SHA256
c76864655e2c99a7008d37e75072961da752a1a337e207cdc72d1ca3e1a9d15f

SHA512
fc6ed50e6e00134664ba9b36535741b53fd38e9a929f115d2371bb8933ba261753ceecc1483ab6923c66cef6168f0052128956dff6328df23fe051730c00997d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
108a83ff3769cb6fcfb71d70a7df68d7

SHA1
51de65a06ba84e974a6494848e8f210b92dd32ca

SHA256
7e97431e671e05ff42a571f60b48410b02c4e919440a218851f69a9d7d8dafa5

SHA512
811ca6c8c5fea707a21e040ee63ba81249fe15793e956e289c7e2710115271645e070a8dc433c7c8869fe9e5ff6ee889befcebe66f75e676b0e2e2a79584d2eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
dc8326bf8c1be6d2ecad52e604101749

SHA1
0166984a459fe30a3c7136cf24064dc82a8b120a

SHA256
8a0eef77fec503f6c8c284c73bfba05b23ddf77b52789bd0455c1880a973602c

SHA512
a1af53bd89e8f86db33d9dd6b1745bb12ba7b0a84b96f1db78fefbdf0ba3675e037733fc86e74d36d23ad6ecd07cff38a6815f9a04c21a5a1b6232ec5b2fe4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
139B

MD5
e5d93809d13494b88a9d751ff006c2a8

SHA1
2b1caf78945a11162dbe6b256941e13931e24e45

SHA256
98e9c5e01309d70a0581c4b724a1d7737adb490e6daa47e23c59d133ee7efd92

SHA512
078a243352945a2a1cd7bb34684673221d683babccd8c4ce75276ca4767f83e108bbd27c1128e7f3de1554dea07f3c721574a944d18dc82fef3b89a8e96701e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Filesize
28KB

MD5
f52b3e5685c4f2b98461bb84fe93ab55

SHA1
89d471548ded09933e4180cbffae6b54f3227173

SHA256
4ed3ecc79883e5c9a3d3aec94acd8d00cd5d88c311b5101e82639c258a2816f0

SHA512
2f1652f4e2522276f0b1c7dcb9db117ceebefd3df146222102016993ade3442da03218b35f0bd3b487327a09094d28cebb80d3afe258be2048b330c1bc1c9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.4MB

MD5
51bf088fcb80aa0d7a9666afb458c95b

SHA1
068cfa93ac9cad46dbfb4a78b80da55ad0b9e6ec

SHA256
27d8506353ceea4369b8453645f474450f57d3464de85744fd635efa557b50a5

SHA512
2ba18a9a1554e96944041e19baa0635df587ab179f8357eb46cff61eaf179489cfac38ac00ce92d1e8aee82c7af13eae63a441a16b311484d4f15c52f694514a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
514d5d4dba1be09c9f7803865d8ceeeb

SHA1
c0d190ca480f188330b660fa1b14892239dfd3ed

SHA256
8b3e91fdb511d08bce805b233a28dccaacf308bd53b0f73ad589f2b9ffb34f36

SHA512
04a5cbe8433d6a5f844ab11fccf27ff75515da6c5ebbaeacf66894eea06e2808d5b641dbbde3f669ce2bbd429db70ca122131793c4a6db8a65bdd27098d0a36a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d53799cfadf06f69124fac16014c913c

SHA1
110cb5cf48a6e7d9dd642bb57689e46d7d319f53

SHA256
1ddf56194d6f7dcba8e6a3dd0bce3f9ed0ab0b3bbdfd0b193932b60a8fc18afe

SHA512
454f3266d5c43dc972518d49b19e031c184b4c9f59cc835096365186fc864d46e8fb0783f5749baad6c9a217d3a9a9ae813232f6d1d74c4c903f926d13f8dd68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
531B

MD5
c83bcac8695dfdff7d9f7c9243edbcb0

SHA1
5680d8687c189e6657d02511f9f60854273a48cb

SHA256
58bd25df9c8a555b57e6eccf95398729e870e87ad3d296975f5249d8f3ab0c03

SHA512
e53e775187bd74d76d7e9a0484991076a76a6bc64b651e023c4d8ad3bb88a121195154cacf87a1762f03940d61614aa7af72bee754a3b9b58f11483ab850b51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
0c79d31e77acd79bcba7379231af0862

SHA1
e1366d2b17b322014a1b671ba1270a75587020bc

SHA256
f7af26c45f3ebb87fb53aed11ebc949448f772f597afb34c13ebe9c4732835cd

SHA512
eb87b749b8b4868f83eaea95d989677e4f80bf842b64c2e0fa3d12f0a36e9a9460d9dbec87a1c12557b0eadfe25738e405932f65ad0911bb4af119137e47496e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
d1220be61996c775f6f6987e39d434f4

SHA1
da4ef3435ba7f0af11598166fa83f956b477dca0

SHA256
799e378eb991b2f18227b78a71b16b49a66034a930dd3cdf1fc506c9d0648fa4

SHA512
8f6eca6c86a77a0ef14a14a6bb73c5a121772cc0d2986a08a22eff91a2d751babc0ba1bba155892d532c4dcd3272f40f5a28ffe1668fece81b6f8e34372d2639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a500c8ea0f730b07ac9075f7d47e008c

SHA1
3f1dcf2193d1ecbebd4a9c49398caf75a6b3035b

SHA256
8cb343523ab953666f812524862e8ef9e972cd4fd219245aba59c3f6fc59ea54

SHA512
5846b9ffa551f2ae9371f6e55a4d9649972242750709cc08772f76f18690d828a8e11799ed024f9f5db0f9955a725b93786abe2ca99fc6c212a65fd56a78eb28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
b705f68409b5a0eefa7802a24c9d51d6

SHA1
3aa1f5260145162f80f93a2a96703fcc78a090c1

SHA256
7da197ab812bece15d0cc81507c6e5f36755dea1b33a27762891388d009e3a3d

SHA512
8d284dc0199c1eff71048a564d64c7719a6c642fe927b74e819b8c5a3ab499373babef7cde4468aafa460c6d1878e690a72b343acf5293e8853081c337980b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
568ef486d8f897223127173e8868fccb

SHA1
4ea934dd43759ddab3c756bbc1077182b1aa76a9

SHA256
e2b3425410b2d2fa842eb0b7e192f6a92ce5644218e4ac98935c6bd94993be34

SHA512
31e5c381543fb15530c293918fe128606ff0af652227dfad08e7f7ea62698a6b820df6e65f47a627f61a20dd1c276bf083f34c34b19efb994a12e9da6e656a19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
26c8894cb77fa6994a6e3a727321c3f8

SHA1
8684825f3fa9323d844d49baf3c2d64e4efec20d

SHA256
c5e05b89039da7d6cc8699f3820a37534183f6518beac2db4d005798efed9729

SHA512
8729b2973ceaed0bc13c5fdbdb16ec9885f2607f02b70e098c546a2a3b61caad286b023c8edde4a2b9e49f640aaeb76c3bbd426301547366434f94377d5ec218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3746c85929b0a2f45e141cc3afa52a2e

SHA1
802a3eb4fb4a1f09a3bc2e032865a9ee70cfa5f4

SHA256
bcb7783865b2559fd78efe4f47ca16a0740d17b0ced19062325a7538eeef5028

SHA512
5f0d4d0064849a37aa0c1baebb8d385ddab40d208bb9dfffb0dd2a5b53255349e16b10147c5d8cbd7cb16efca75a49b61e7d3a6edf58fffc6b1c2ad3633dd556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a702d7bcbf0e17eb3b13a67f503cef55

SHA1
a8e701e38016069715da3dda2f0b73863c9fc505

SHA256
8ed5a73e9ea29b7945d545a07df08c62039dcc0cfdcb24717566b4679e2d826d

SHA512
22d5b8bd7961312c20451c9b080e13c6b9a3cff42a9a0592aec11ce61597209b6779d6f5f7c907b59e1a7fdc79b46c608a3459671f9733ba584d3856f8f42f15

Download Submit
memory/5984-320-0x000001572B510000-0x000001572B538000-memory.dmp

Filesize
160KB

Download