0f22ef6939d498d1bb66d999204f99dd15574f4116cd8825d0e821f75390f0a2

Analysis

max time kernel
1702s
max time network
1707s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

user.tar
Size

16KB
MD5

45bc1b86894077e7bb8ff4ea4378e176
SHA1

de89cd5ef7a622203316bbcc77a81e4f3bbc9602
SHA256

0f22ef6939d498d1bb66d999204f99dd15574f4116cd8825d0e821f75390f0a2
SHA512

779fb66af6c124f9891a29dc90fccc345f2db5d4aa9a0cbbbc895c9ecfb3b7f6b6bd9e93968448388b2cdeb1564fdde7b9f9ebd97e6d77e8b924717d88d9b607
SSDEEP

24:SMNpUMFY7+UgGACNqmACk2ggPGjL1zLMvRsO:SIpU9vgXCNmCkTgPRv

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 298523.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 126020.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1864	msedge.exe
1864	msedge.exe
3832	identity_helper.exe
3832	identity_helper.exe
3084	msedge.exe
3084	msedge.exe
4204	msedge.exe
4204	msedge.exe
2168	identity_helper.exe
2168	identity_helper.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	4564	7zFM.exe
Token: 35	4564	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4564	7zFM.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 1192	1864	msedge.exe	100
PID 1864 wrote to memory of 1192	1864	msedge.exe	100
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 3336	1864	msedge.exe	101
PID 1864 wrote to memory of 1976	1864	msedge.exe	102
PID 1864 wrote to memory of 1976	1864	msedge.exe	102
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103
PID 1864 wrote to memory of 1136	1864	msedge.exe	103

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\user.tar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac22446f8,0x7ffac2244708,0x7ffac2244718
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9091734481589611185,3516731886365198973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac22446f8,0x7ffac2244708,0x7ffac2244718
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2383675059808293958,3488941919064734826,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac22446f8,0x7ffac2244708,0x7ffac2244718
  2⤵
  PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e3b416dff51ae4c43d04dfe53a1cfb93

SHA1
ca5c9dac3fe3c94ebaea963626bf0682c074f8c1

SHA256
dfc8600408427b9d6c23235af513905c9154530670ce75ded3cde42bc7df9993

SHA512
cd7432270e7e154cf4297139bb40af4239dcba456aaf8b1c8ca8ce8b9228dc7f3f2f9833aa54e583af7f98c2349ad1e6c8bfb71cbe0be4fc3b11c11e6825d02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
637bb1a02e76d05efb9a2015b602e35c

SHA1
219bc46b8532e8cb57e687c8dca32c6987da37d0

SHA256
cbce373432fa17352ffc8ef27ff241f3b1e606c7e0b03b235a3b3c779c35dc35

SHA512
beddc55a4d300a2de7f26925d8744a9d8a7e35ac6939154618f02a8f8a0a105089f2154f0c822938b19c4bccbae188ad42d774e24a1ce0298156c6a8ab26b7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4d56f56e50de54d1a4228dc40e135f1c

SHA1
ae02f87bfeb4d41a40e5b99540a98610328b1b69

SHA256
845f1323fc87434993d91f4f9aa8bd79a12acaeb6d4515fc5b20645d9dbd50a4

SHA512
1d95d5eef8b34c8b2a70dae134dd82f4807832749eb2df3a9f0a465052bc6dde957864e7d83b32e2ba39b9e92be9fb072ed2208e04832800bd318af2d9232798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
bc1aa8c3f90da727739bc3e4580914d3

SHA1
0cfe26f5031f8b84d108f1289b6cddc70eb7f8ad

SHA256
b7475aa5c7fdbb3cd5624591b88ceda9ff36fce0bb8e21d7ecad2372aaf5826c

SHA512
6507d9cb392f700bdb8611312dff1968c46efa57d5d2bd515add1d5408292f8bbbc01ac0eed10e6c5c1e2a2dfc1a909c46b2fee06b11695de004208ce9c89b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
cde3f94b4126aaa48e7f5e5a68de26d4

SHA1
28e74e01e090b803d68fd44807acbfe660311a8c

SHA256
be896415184c2ad94a222790e9d226901ec12607411ee9fc5519c4e55d222f37

SHA512
c203d2d0ec9de67bda067d2ae3168d43c365f5495048921a04722848fb751ab6da8df936ba04becbda24ffb9773dd56bb3657cd70f6fdf522cf4c672e1a33573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6fd7f54bd2f8eb5d2456db77222e214e

SHA1
2cda810d6261379e305f386f5d8d1abe6cc38556

SHA256
49299ee520a0fcfb4bcf7c189f89a62904485281a8193c88c2cf8a6e2db0eb9f

SHA512
4907b28447dcabe36270d5a9125e348959138c3688fbddd9c97bc7e42212adec38ef2eac3aeceeee72fa3729868a71d6614d6dcdc5e1dab030088b47c20de36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
71d7274327336e7d912dab74b84cc762

SHA1
4e7522d7218566e7f5860724b227446ea1651cc4

SHA256
0f19a07d2913a8f6863fd2a1e14c5e37f40033b45e9c14ad0373ac8e571ad029

SHA512
2a72684d312c78ec1755ec549b081f277853bb29b4a2b0d4358ff043beffb9ee9ed55189cf390b93f86aa7e8364d986d24dfc36e073120f228a8bb59f7b044a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0e582786c20c16f8685f80a33a3c6b0e

SHA1
35b77aec434ebc60a03a7e85811986064c9c9445

SHA256
3009c4c3575147408b459e2c3b04f75d14e1990383e7dd7210f76c362f86882e

SHA512
96dc7816b33ff4bea326d213cc4c107bd87aa9a06ca6b3252567f538a0874aa941fdf6020cf487baa667b7634d8f8a7042815f9c19c5f3146ad110bf0394cb3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
c7f996afc4600a4ebf1066f250bd67b2

SHA1
3a07b0603ccd947d4103dbf92d8e3e2e07e55341

SHA256
283fa855d4d3b36e67e37a4b9f1d4a2d0eacd46802f5c38a59b821cb4006ee6a

SHA512
e036641b283b8c791ff98f38ddc70313efd4b52ba41ac90c951c63040682661a0828b12841acf5bed600cbec277df7c7f1efd7e2bae8d625224ec4fdf4e3750c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
b746dd5546479acb0df2b530f09a7193

SHA1
73b91e69eb8177bdae34150dc7605d5e6cfc43d8

SHA256
448e72cceae3e94e6cc9873f41e6c156917ee7075812dc01a5ec0401a146463e

SHA512
59cf03eb5f713e147e21593b06eab0235b077f146bc2c6def84f461e34f5db93a5a9f8f2485245705543ed70d621c1a53894637ce2952fc9bfa6863f17aacdcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d28f7d8632421e8f0cdabb4091b30543

SHA1
91a92213db5a6ec5e608270aac35cff91c03675d

SHA256
7a90b869de15369cbe8db4ed0a94cdc189264ad62f383ac2231b48c970ed1ccf

SHA512
6d57e4abd9db5ead5befb3405f6ddef2b92be670c1e4cf1561c57cc20b935623f6bd3820fde35499ecdad80e7a0ad012546621e1ad684c03168d3efd3d6209c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fc048b03c875574d9dbf6970b8e3e7cf

SHA1
6cc6a11f4c5458d551ac8f1460873f3062f23cb7

SHA256
c4ee5082aa4525059f9fef658dadbceb2a5ff0be19770a96c1a59ebd70f1a3e8

SHA512
4aeda3a89755de71e6f7c82d4f81ea2bf7e29f9b35debd69d6177a69df484d5a51759228a1d5eda55d12c125222af4c20092f225c6d55fe938153a694a6230c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c4213f60451855c83f3a2171c7fc0b15

SHA1
d5c5e50c8f15363a3c50591f825d6b02e90112d3

SHA256
71d22c0618be1b091496b485f019a19b0abc06d3362bafe18c095f4c5a2f2968

SHA512
22e7417658a9c9548c9f6fa70dc760665b17dd1e0f0fceaabad46c18bfbbe6c66702aa854947580294b457c8e533fd9761401a0a663379a631b3ce2023d9cae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
04e35001278e0c4d529b9137fb21c454

SHA1
6d2a908d330d66a65969b5f5d73da593a9722bb3

SHA256
46862a69d9403f565b9b0d92c2be8bd6bc36c19a7fb486546e910808d4b8b020

SHA512
b5b7c654df931913099689571a1b4b70049382fa3acac56f538e53c81d3cb825a5a7d6e4684cb29176709e93935be72338386dfc51fa7768a18d6bc10ec60a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
decd3a3c9af780bd299f6c11b969e485

SHA1
e7d4bfc95997078fe1de4f6d765c962da60aecd7

SHA256
a2c9341b258c8a9bbdc3870c6da5667f974fe820d49f802fce18f94c9f88c3cf

SHA512
33550cb0516fe66c7377eeb230d29a7527d5a2256714a6cf5b5c0156048f7b9d0480c5193620011ae22dc6fd24e99b1dec40a35e7062ef3b7c10458ed8c0b8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0a4dbde54392052f412c42956ba2e0b4

SHA1
7e1f9902538f569722dbc36b37b2bfb5bade7cf7

SHA256
beb5c659c8e0c284b589bd5f7f76b3996217ba42f978f9da3217475dff3cbfaf

SHA512
3091323b53604db818bb742ecd658f1a3286372879077b510e96410f5d28940e25565ecb7b1b6d231f642249b1b6bc822b9ad97d079a8ef6c58ff09996fecfd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a95bd20adda56f29bfc2e7039b3f0bcd

SHA1
2f3bd032ceded6842a2ca4e63dcedcf694658958

SHA256
babd6c25494f6af61429013d40ee321192c3607ebe608c75ec886d7b251d1e33

SHA512
17e37d353962ef267add00df631f615d29a9b1ead89700a1589a70018c957b111934a45569e0776fd3287f4549dc97902f5b419bd4df229e9d32904c76975fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52c228e5503ff6f087f4a8df1f4c90cc

SHA1
7d5653426d41c099e70d55bd8d7587e609f7d27f

SHA256
3d1d7d67709838044f7396bf76cad617b8e2b85a77f1b145814bdb7bf44a323f

SHA512
d2a799b11140a88530c7ba8fd0e55cb0a58c19a2fee205793fcd86fce368ad8ddfddb60f21db6c9b84c13a099e49e6901c3d41484d2c6ca6d4176fd5a588d56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5f0f97ac13b804aab86b298856c6e94

SHA1
411e31acfed7724c7c65856cd0a876a6436aabc5

SHA256
3b88d741a1666fa62bf2720d153f924a9a13f14ea28a884fbb3ac046efe8e2d0

SHA512
cb1494b6a45012288c247efeb7e313fd1abd445231a020b0053807f7ca290390c7e673f8fdee1dce3f4414a859f3b8b5c14db73515392c2b5f6e71202eee2fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7271d42f399dfcac56af5fa370aeb72

SHA1
99d8dc17fbf290ee17133e497036c32a39ee6ba6

SHA256
2ac858473d9f62f7663c160fea7bb22acc756f7f65f31a0dc9e15e1e530a86f0

SHA512
2df81f1025c3bf48c4f69ac701c7f27a87ded2db344e34dbb6e87dc9f5b7cdf018a3391b146ddb90020dd05b7de3b95cf3108d4052d2d6cf6052a43741e81c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6d1b36f60b95f5bda8a268de1649486

SHA1
88e11fc74e976514b0f62ce3431f532a3cb2eca2

SHA256
4c5f5c7e6926b974aad7776d1d474ad1445de749473defd74885a579ee4d3051

SHA512
a35342306c4d7652defcf4ef974f0f60bad0c33fab49057097edf728d32bff612b2adc3530aae899ce4a6e35ce28ae81bc2596265b2106af4144fa06d99ef318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eba16c4a55df0d12b0823a9f5b57ac33

SHA1
4c7854692d095945aafd0f7b4c42983f1066799d

SHA256
fc267ed6db90a3f650c00d4e7011f583938d09acbadc2ce206176660a2efcc60

SHA512
558152e07e16b7d66f8984914f609d535146a837e043f83b1b7218e18cd27297ef95ffebcc54af9c74a5b2e6daedcfceb91ee9f553b2dc690196812d4867dea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd8376570a8881b3a6fed92bc03771e9

SHA1
b3188892a8d13d6ec80c6028a0613ecfbe30bdd3

SHA256
6afc502e594296d881f91fe89147ebebf39222e2bdb02adb73052b9895748ba2

SHA512
e4cf1b6b1e222307d7827bbd43e0cf330390a4366f5daab5ac769118d2a9a766566e63f1944331495b1ca295607874be8bdb59b3bc52c99c5aea481cf6e67b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e8b6adda47c10ff6907b9b6e731bbd11

SHA1
c543962a426fd94cec71254af2144f600366ba46

SHA256
b6b023c06ab8fa8d7335997f0bcbf48d28fd9d808e8a338e8e30517cba841975

SHA512
a52d310f1f13f24ae74e441d652ed1bd5f5f19284b8f65fbd920b43519ae8200b603562f51591ced263db6b46b7db2a793f682ef238900a83784b2712367ce12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
ecc4ea4fa6a389ea4e156b347beae0a6

SHA1
c312b80c11d425e9f3fc7daa5cc5751d65d1dc97

SHA256
2d5163754434b5f595be46b789629d20b5f556fc7f62c720408f68987ea26d4d

SHA512
60b4911c60ab968859ad17937a54eae5450ec3f75063f0916749e629e91b0f1f2af85eab937018eff07a4f1b81105a33f30abcb3ff503deb820473d1db494e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
ca2d878437f042b7a4d5b2dc06435383

SHA1
1cd813737a6017832bccfefeb99df89a77ac153e

SHA256
3b52676d7610b4caeb5115ff6c319362332d1aab3c0ef5f91c26396b284e4176

SHA512
f9e0927599dee93462f72f20524efd4682f575c82bea4c04d635a9b02f08a94c24a7176838156686fcffce09f185ded6c94591737affe7bcf3e6ff5764a290f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380652860781373

Filesize
1KB

MD5
8bef9bf24054644b26a8aa60a60c805d

SHA1
16d6b0f00a3ee2e5f6f35ec46f46aa594eb3aa58

SHA256
28ab46ef17def20a6137fae47e8712247f96f1db1e4ac79be52bd90bde811152

SHA512
7d929979e91b8beb1bc5eb9fd37628a00cdf75567c50590aa8d7406da6d32e3c2e731ce6dee001cde48eb5310c73cd4d69af2c18e3d0a93144cb248ae8685184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380652861027373

Filesize
1KB

MD5
e295f5dbabf8073c426ab119cce5fa5b

SHA1
45910c6e3619eb37e050e92105cc69029a32afe5

SHA256
42d342418239502997a26fa83f4f413e9ef1db320a935a9aca95617671843970

SHA512
45ee553b9e4fb3f1ce022f16699ff44f124f58deec7797c8bafc2eca96686bbb775fc2dd4c1a56c11e4eefa6e5d9b7f0ba5bbb135b1fe823cb0e77e8d161a760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2666a58138bdaafbdf341fd3a5b23ba7

SHA1
bb131403c4495029601a340ca5b47c076e141fa6

SHA256
b8b1f5b961f5bd866f7e7e3b9e1c7f8bd7289431684cfaf56551df79776332d4

SHA512
1bb749441383271df396228416b9a6584741a241d44d9c5525f308a1f42ebbf47ed2af26e6db3b6fbc5c5154cf834f4bac76a44ebe34b59282d78eb4ab1bb6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
927bbea0d8e0bd952be9d4f86f4f66fd

SHA1
aaa2ed7f4e3b6b8cb4b2c88791b9dd0833730a3c

SHA256
b694c8bdc3b47e4f7d7df6b6ef6e7736c09e940939ac15462cb3e521a22bb521

SHA512
76d298690e4305f0d55640a878ee45020265c7bc0ea55b1347bc26ac740f7ec664bf37444d88a9a736b1122bb76b0690a760660290d460561a1c64c38cc094c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
17f441c56f5cbabada974a75b7b597f4

SHA1
990318aa640ebe85365babf239886378d15abfd6

SHA256
b51eb777e02900b67e63dde22f7f000eaa0d4d96ee2172451526710203861e5f

SHA512
e341f70643640e86a0c242885349b13b2df15f32c1c6e5c90279724cd665557eafc34c560395458c791e08b9268d73f5e95283ce580f72e7143baf5587b0b338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c37c1.TMP

Filesize
874B

MD5
bc12800968bd1ecff5fe3e4c4992464a

SHA1
9ae2a317fbe29ad51ac48d1e835a3cbf158f4d12

SHA256
cdce204000a4ea37bfc1436b7cd41f8c1a47ad8aa64fb6ec806597b823a6678f

SHA512
327834fc16e424370e27922846ea8304bc975ea489de3c37c9b9a84f58410eef6cf6c059511de8502a8ddab172e94120907835cb9a4c89e4213b8cfbaed304bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
cf00443ed846bc4db3e8caf71565f31b

SHA1
74a5f1e2d6060bea3dff04f34517a7e51420de99

SHA256
88e5fc9b625a0e1a362fff2fbeeb12547d6c2d86f49b1ee16476675a77bae884

SHA512
13aadfbb194c77c328fe90ed812465d9911248cc10a454d209807ee04966dc2e48d2f32a79f84ff4f9effb9189b2ed87cf6c4528afe72ae66e173d56374918c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\efe1fd59-8cca-495c-8003-949f25911f72.tmp

Filesize
6KB

MD5
200025f809056d1602ee5c2b50738b38

SHA1
ad9b51733cf92e69eb4acfe22a82d7a3a96ab86f

SHA256
b43da363f6cd1bacd0a9338aeafc2618d027b0ad3a5bdc79448da013b7386d57

SHA512
381c41e1056f2f9208c08d262f22c84e28caa02d3754905ba3f7bffe0f291ea9e171f40d3f1b2c5659f7622f7e0d716e27963d388c26e029940920a5f128b1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
306a0f816ca0e36149cb03d924de7b94

SHA1
ba40337a462b9adfa8766a763a70bcffafa22b20

SHA256
5fa525ba1ade2f54f9bf39ecabba2371c23e587d32cc27b193400c1f7b7fdefd

SHA512
e818c3c79cb4addab6210e7988c15b9d97252ef1cf3db05adef24c71c256993a296310e75ef65895ab71bab07c9e5c5f825d2c6d858ffe99edb7b8c1707d51a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
3a6cbc6cd5601cbdb651027750c322f7

SHA1
aa00d60833d395f9af6ee8b0e7ebd94fd42a970d

SHA256
aa5efa13ca903bf3dd060281a770ec53c956c551448729af3688974799456298

SHA512
b8fead0ff0511ee71c4337f23ba7d028bf72e47c2df3a5a0b3139477f49f1ac28cf50d5581a367678a47af672218fd0ae34296ee27aad0fbc03b4d94562a8f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
5db4303c0096cae93de194a654cc3ce2

SHA1
88cab82a3716e808bbe3462266c333becf2011e5

SHA256
b47ab895ba012d10c0c0f3bf53f01be068c827fdd28391f001bd613dc0e375a4

SHA512
d02ab17d26817d192e68f081d7c5cb91ef9edb8c36dce357967b7e8db44640acad5d16e5a3725d6afa61a20e299b0104a38d5a5f9a422a2add6f6f110806ed44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
5f20989030f08065a11a97211289dd7a

SHA1
95e39d71fbaf8c1cf8bdefd1755c27824cb4d421

SHA256
eae620fb8cfaf290561bcaa01262162bf0936855b161ca3c36c7be8274e0077b

SHA512
97a46b4c0e47a86a9585860b3756f5cbd0d79cbda9cd844077f0849c2fe253692031ada2a82ef2c4c0c9d061a4bd4005064de0204c736e545429ee027f3dd4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
8462719307379a041df3db2e8d598050

SHA1
946088dda0e358718c34235d73f1ec23338157af

SHA256
387be79a779bb542cab44fa12f9e7075ac9da56f77f0e39cad86f412611a8981

SHA512
14f1fb5f929e0d446c730e736f1766ae3ac401a48cd902a89ba52f052e6436a7c7c73ea8797c6fe14041ab63b2f71baa87270fab689f3a800dfc0fd16e1c8a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8f13e7740ec4d20c6c5a21076f00ae43

SHA1
1c58d9e5d3cf5c27b75283b724404e4e41a42c3f

SHA256
655e4ead97656dd647239daa0a10e1cc88125fd5e13146f66377e1ad0dcf8b89

SHA512
26df52da6f6d61f32db776a5e02a4ac0e410e1318ba8b0fdb0ae2cb76abb10070f3b0b2cd7644e5f7f81802570c99f563e0bdc1b360b35117f975f8b07d0e324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
733962d8c865544ea5d37478513ee385

SHA1
eeb073e84113b9b1a9b3ae9adc5e3db1d919cfd2

SHA256
31a6e254de79a02c29b5b613ffbb68062e7ba9eb6cff4dba373d142a11a61978

SHA512
69c598e5119aaea2e6092f06ef3672c8264ab7a493fee589a3698a92a57f5fbf5e625e53024ce499b16016268d9f0a4ca2f798cdcbf8e89523c86f5f86ae98b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
74a14b8112024a99fc892e7ac1ab871d

SHA1
38262a3e52488002208454fb1c5c012d6e4c9c32

SHA256
5c72b0654a13a22e742c66402112a403580c6a7c5e0752ff9f0bde9411d7b8f1

SHA512
14d61d644c71eea7c1ace8fd75222b59c6fe6e473d55842087da17ce34df79cff044bd5928766c4dcac1a827fad5c952162a20899cf615c4ec598b0ad24741c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
2ac0e9550a06af37db2959aabfc084e2

SHA1
1949433519c9d587f66d317018a2fb2538973df9

SHA256
f077596d48d72f781d8dec4803c6b360e0a6d193758952e70a8a42f309595d91

SHA512
cc943996eb97d1f64408d9c66290e65d7ca499d318cde1492afe46e461964fba97b3c01bd884e23b63870e3808682f981345de7eced62025ca2be58d5d82a43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7916a8bcb9cbfd58b3efa47c0668dd62

SHA1
330f43658390a36ec73c4d6f380e1f1a6cfc09b2

SHA256
d5baf7f5875e79b7c0ec42c0e0e0e3b53d64f137ab71faeddbf3b628d323c290

SHA512
bfe71050bdccbe88d940f1a35df7cbdbc226dab4810663e6fdcb6a9fb8382ef0b0939914a44ce876998343a8241e36b78c5e409c39eaa2c599f94a1395b2e763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c07afb8ce98a4affa648e4c440565e38

SHA1
2e5885fa9b5015d7a340d894ad09c0d6c23671b9

SHA256
1073b7260888c4121954fa1ad218a86244ba4c8ede11b8bb6b3be5a20f986116

SHA512
b07614b00ece2ecd03754abebca3fb182402b12e2f6c40d1c10683b4ae938565234b398492646d7020d5da37354fcc998df77e2d84f92e6c97fbf1da1029c883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a2afeaa47fb9b04758f3f87b6eba8381

SHA1
c9bb97fdac42dafefe3eb14e5c3ed64bc4ab5c8b

SHA256
faaed3715f0c17a3a773bf5f13472c92b82db5a74200fb6a4a76b25076ba63c7

SHA512
95438befeaa68d8eeba63c386b90203db40e0fe3acaf1a2bb6c32f5e32f236102e3d8739477506a07569da00cd02a635cebae4618c836adf82e7e6b51c40d738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
72b2a80b3c9117cfdd709f0ff63bd71c

SHA1
e25bf69e79477c80c425212e510232081f9817af

SHA256
3b87cc53769e146aee17f13bdf9ac56d54c8b36c3457bfd35e36f04ae2472472

SHA512
8f77ea85f757943bbcf68e062d6d64454e449b185a1eaa459b0d9e9b3f987e142ae01146faedb7db891340c3eb5f0fcd56e9932fcdc22708b966375a689ed137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
d7e34580da80c02ac057afd1d44cdfa2

SHA1
f2ba6f62a6459bd3c10899dacef76409e253b330

SHA256
79730d4c39bd8714c73259eadf36b80a6483cee31b74c72fd59edb181b59f274

SHA512
01f2e4181553d795c7aca628309f17f6ec8cd7f8f2b0498ee7a01eea52112d24bdae292a8fee70c8bf80db0f94b7dc4ac17a385645129ad55682c3ce7524d058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
4496b16ec0096f18ef29d2a4659c40bd

SHA1
e72e31be6fbf8ffde529b04e88684dfc7c8ce383

SHA256
f03460bc327f7bfb324e546e135ba4aaef25453f94d969d36542dede55e4ea8f

SHA512
7f57d2f5e3d87d2b128aba8d8790a169489c99f714c4fc3e0cf231bb5fda082a73c32486f73c4085be97ac98c7345068cd82f070c22a90e01294adb398d6f535

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 298523.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit