e36962c7613c7cec9e09e4e20d044d59f48fd5b7f969bdc0251703f2dd0998bd

Analysis

max time kernel
147s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20250314-de
resource tags

arch:x64arch:x86image:win10v2004-20250314-delocale:de-deos:windows10-2004-x64systemwindows
submitted
18/03/2025, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
67	discord.com
68	discord.com
89	discord.com

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_449852842\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_449852842\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_449852842\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_999627430\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_999627430\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_999627430\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_881608040\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_881608040\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133868123599318417"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{154336B5-1B1B-447E-B7D1-D1E387D51938}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{F7578776-6400-4A28-80A2-5EBAB4DBD6CA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 3028	3356	rundll32.exe	85
PID 3356 wrote to memory of 3028	3356	rundll32.exe	85
PID 3028 wrote to memory of 3320	3028	msedge.exe	87
PID 3028 wrote to memory of 3320	3028	msedge.exe	87
PID 3320 wrote to memory of 2080	3320	msedge.exe	88
PID 3320 wrote to memory of 2080	3320	msedge.exe	88
PID 3320 wrote to memory of 2596	3320	msedge.exe	89
PID 3320 wrote to memory of 2596	3320	msedge.exe	89
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 4336	3320	msedge.exe	90
PID 3320 wrote to memory of 1700	3320	msedge.exe	92
PID 3320 wrote to memory of 1700	3320	msedge.exe	92
PID 3320 wrote to memory of 1700	3320	msedge.exe	92
PID 3320 wrote to memory of 1700	3320	msedge.exe	92
PID 3320 wrote to memory of 1700	3320	msedge.exe	92

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7fff1e7ef208,0x7fff1e7ef214,0x7fff1e7ef220
      4⤵
      PID:2080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
      4⤵
      PID:2596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2128,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:2
      4⤵
      PID:4336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=2560 /prefetch:8
      4⤵
      PID:1700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
      4⤵
      PID:4120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
      4⤵
      PID:2084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4188,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
      4⤵
      PID:1328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4256,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:2
      4⤵
      PID:1348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3456,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:8
      4⤵
      PID:3284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5220,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:8
      4⤵
      PID:1580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5364,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:1
      4⤵
      PID:4112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=de --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
      4⤵
      PID:2620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=de --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5164,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:8
      4⤵
      PID:1608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
      4⤵
      PID:4500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
      4⤵
      PID:1768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6188,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:1
      4⤵
      PID:4384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6732,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:8
      4⤵
      PID:1220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6856,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:1
      4⤵
      PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6604,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:8
      4⤵
      PID:4984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6568,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:8
      4⤵
      PID:3360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6432,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=7300 /prefetch:8
      4⤵
      PID:784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7472,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:8
      4⤵
      PID:4544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7508,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=7640 /prefetch:8
      4⤵
      PID:4620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7792,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:8
      4⤵
      PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7480,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=8004 /prefetch:8
      4⤵
      PID:5216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=de --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7916,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=7932 /prefetch:8
      4⤵
      PID:5976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6220,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=8032 /prefetch:1
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=de --js-flags=--ms-user-locale=de_DE --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6152,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
      4⤵
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4116,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:8
      4⤵
      PID:4496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4840,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:8
      4⤵
      PID:5660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=560,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:8
      4⤵
      PID:5648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,2855570102831896359,1917696712188065359,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:8
      4⤵
      PID:5644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
      4⤵
      Drops file in Program Files directory
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:2316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7fff1e7ef208,0x7fff1e7ef214,0x7fff1e7ef220
        5⤵
        
        PID:5512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1896,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
        5⤵
        
        PID:5780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2204,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
        5⤵
        
        PID:5760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1956,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:8
        5⤵
        
        PID:5840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4084,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
        5⤵
        
        PID:4160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4084,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
        5⤵
        
        PID:5256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=de --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4088,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=2764 /prefetch:8
        5⤵
        
        PID:5080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3896,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:8
        5⤵
        
        PID:1448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4708,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=4652 /prefetch:8
        5⤵
        
        PID:5044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4336,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:8
        5⤵
        
        PID:3796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4568,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:8
        5⤵
        
        PID:5796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5052,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:8
        5⤵
        
        PID:4724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4988,i,245727681083225036,18199379239138134052,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
        5⤵
        
        PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:548

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c4 0x2fc
1⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2316_449852842\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2316_881608040\manifest.fingerprint

Filesize
66B

MD5
3fb5233616491df0ec229ba9f42efdb8

SHA1
18a8116e2df9805accd7901d2321c3fa92da1af4

SHA256
946f3a9e019b0d80f5671de782f295132341f663f74aebad7628f22e528d6d52

SHA512
e9b17ac626bf6508db9a686825411e90d316a0f1dacbf63dbec5baaaf6b96af4dbc9a7332975b6d5c16c43757d79fddca6b888ea97bc07a8dffb1b3a06366b4d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2316_881608040\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2316_999627430\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\45354b4c-60e8-449e-9302-e6fe6b9446c6.tmp

Filesize
6KB

MD5
80959649edef96164029760466ecb7cf

SHA1
4a25a664f86d05937c4af5c10dcd029742e8a571

SHA256
864a2ab10f4fa2c4dcdce7d5900567dcf088c46814aa632ef70852141e2f750c

SHA512
d4615fb1043f3a1516a3965e0a76babb379166e19c08e3a68d56ef157324c05bf7bf365fea0b1e126a22cacd4eb0bef186ca8413669dbacaa8f5caeb56e8fe2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
eeb4ada83ff4e2e37481edc3ba6130a1

SHA1
5f4dde9daa0498473618d8974396c17ae83c74cb

SHA256
30e0e2876fe572245f7f12949f937ebe2b11fd21ec3b7c1b213e194ed03d1ad1

SHA512
464245496432445ce64ceadb111dc74a78f7af6bdbbb1add1ab6f26b796beaf9411ec35964f43d5941fc19bf19093075e70537631b5c1fec2bccc03702472e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4facd0ff10154cde70c99baa7df81001

SHA1
65267ea75bcb63edd2905e288d7b96b543708205

SHA256
a13534df0cd0a79a3a1b91085a6d575b47d5a9aad7fc6d712fd2616c0e95a23b

SHA512
ad8d2b965851c0ddc23e92ae151b3b0b2bcda850c446f4278bdb0754d6b42ead8fc034b394749578a27b33ad7e4ab0633f974dfd4773fbe4d93ae477f00b73f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
049e5a246ed025dee243db0ba8e2984c

SHA1
15ec2d2b28dcfc17c1cfb5d0c13482d0706f942d

SHA256
33071ca42c472861a2fabd0f82f8b03ef0daaa6796b24b83f3df02587e4c3d12

SHA512
bc5f6fa6a8cae20ab40eae4552650d75f38ebb158c95288a79d9f332623bb507946513c39d19c00a5aee323df01f0f1a51c54594ef1c293289baf45f4ae2145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
ccf40ab9956a5868a1d2fb854f76b026

SHA1
e4e5df6878468892a578fd9bf3a9abe9419b2db7

SHA256
9702dacfae4e87e267de861244f11e39d58efdde10e7d970fc3d473364d39722

SHA512
767f11d5d9cbbd93ea6ca1336ce070d1af5c694d9f63f687a3012b0e6fc404a355faadbad85d8c15ef3bbf222ce5b39000e649d060e2c42ee0e318928347d825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0643ceb1459b885ef150fadda4f604e2

SHA1
ac5e254f93dd90f59ac35ba39ecaf118c8ac26f6

SHA256
df9d11d86da62f857fe7ada50c6f76173d83a315b13efd588db6f63d71cdbd33

SHA512
ede4f39eba7b1526cf0f9fb904be2d6ee802a9429919d76a25358a960aca0eaf645a9ecb75c6a74d8bdf34aa78cc7a6d240704f6f1b2893ca1b97f11f074f424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
35977ba7843ab73099698e83835e4f6f

SHA1
bd2ced51e301448f1b7a5aa84dbf7c35c3f1bad7

SHA256
b9607344c7797b3d5b196d77b6ebaa07920e22a4ba7dbe7e995171939bf8c45a

SHA512
71b8a321b1c20ed4ea9df0fe64be18cf6d05fdf6c63041562e71c120b0a96149750113814dd4cf7a7e6d3e8fd0cc0355cc151b6a5116dbf0353a474fae6786a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
2.0MB

MD5
8788299a9e778daa19925f8c55090379

SHA1
9e652047a01022c6e06db0fc805f5e5c88db698c

SHA256
bbcb1f0c0b1839dc18085477051e6d3d419d9805c80b69edac449c069b525b64

SHA512
5946c788b8cad0e7bd8313ad825c1e1fcc2bedadaeeab14e461f47987489000c3a9b0eb9776f4846d96d855cd308ff95e542d22c69f85bd417e994dd4c1924d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
9934fe5fe19f0e3cf0eac85c1aa737c8

SHA1
ed6e2618c0b5410e8a9a6e450ac83f5e3caf140e

SHA256
905eb50b507baca08c801adfb62260e02d990c0c7ef7e29e71281df610dad121

SHA512
909ebb4142b20f91e9c92703e0b1bb2aa9e281f4379f28fc3a684fe57288b57babf48a19b438433d195e24b7e550c84a2d006572cdddbd708f6d72678e577ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
54KB

MD5
b4a681b2764e907f8fe9f8eaefad5c14

SHA1
ad4d7f726f68dfda5157f2a150682506e2994c43

SHA256
4b8ba2996bc35e56becb135ca481788a6b8d9cb1d58d2e70bd4b11547f49ba6e

SHA512
52fbacc3d9c539bf124b18047e7e44cd79a296d71942f2337a8a940c0e8d7f54029f9ed9e46ea7dae0190aceee4969b8d5a799de7827ccf87cd7ce8d6ba7d52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
20KB

MD5
10b51a3f5acc5616ad1ecd7b9ff5c01d

SHA1
254de1a36d6fdd789f5175e18d274a2727790d65

SHA256
545034c747697c57180ec09e19c89dbadf60b4b0599d4d1191609e74a9dd77aa

SHA512
fb1f602f5a9408fadc7a2e45189e043a763ff357a7aabae3b12a3cfaf3f0420486cef723a9155461cbeb955350f8d306e33bf096a4a4eaa8f6e336924a007b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
42KB

MD5
d59c7c259cd11161bb08308880a97fff

SHA1
425f7b143a55011511d17e44e0dbe2cec47c33cd

SHA256
5add901ac018ac37cbbfc18f71eb3107b84eddc171744920cd865168486b1436

SHA512
fbd3c44cb570382a289e1d5644a6d7e0beffc498378d8a6f989274e1e1b56e6bef403b23170665ce07895962efe34149135ad7d73f2deaf4f1053cc658288e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
20KB

MD5
d816e2dea43b1d88e349b1035b71c1cf

SHA1
8bde94366128fa54a83ecfe18c40765f71390a6c

SHA256
90cd1f0fe7e2998bf1716cdee83dafc1a02b491b2a471d168a4ae31f26947fa6

SHA512
a3a93dcc1b4c658673609931b8bab84c2447083aa99bc3e5d4239b63956731bcdf6f90da7a5fe2ada743fca533f06bd2ead77ee7829be8778448f1643736bc0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
56KB

MD5
65a68cac9cd09190abd490ead07750f0

SHA1
f67a834b0a574b99ec7d11046bee89e26a9be54b

SHA256
1c54592c2d291f03e33f8c43224d0d98305cb8c41cd68982f5c03dd8ff8787a0

SHA512
6890d985739a139fd087023d7a3e3b6b2a34ddd1f7e79d032bede2ffadbd21f65e77f0a372916c209f537b12df613ede079c0675d3c33f178b2f5e0dc9b64602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
38KB

MD5
ad23d6423ca3a77dc12fd90d339f28ee

SHA1
611570d873c225e7aaa48c8be084d6f35253be96

SHA256
4c02f6c99aa25564d21ee0d9d23b84c8dc355bac0748c60d7163214e1b996afb

SHA512
6054b9ded1ad961f03e8491c7620a5f0e3cf6ef52021296137025cc09e8fe12b5ec9ee1f8b180f0bd7669bec0c34c580569913362709775455ac2eb220d29f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
168KB

MD5
fe5b80463c87997c1ea2090c651c655e

SHA1
919ea2c4ceeeea9e8e0d2545d2d14fb5f4493e73

SHA256
757543109f2b710a20be0f65550521677aba3ece17a658cc724de5aede916eae

SHA512
3e20ba54f925276401abee23a39ff78d37a7a96930eba35eed8907dbaf5f8360bc18c713d8de9132d42af88f08380f76125f144f8e621ef644aef50b49329f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
58KB

MD5
03338dbcbfe92df09b851d71a0deacbe

SHA1
3c3ab284887d68f75b5af20dcbba6f8b74b3fa01

SHA256
52431d4c51185309febadcc86fb90a74053745428d17ceb8fa25b20b1a85d98e

SHA512
e4a8242ea482b7ddf6a913d018b0f292aef7b8ac6c1ad5307d9cf62fc55a2ec452627e30c947fc6de860961a5c02ab3f5dd7df32a43b5a046c948cde25865404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
36KB

MD5
f58eb7472a54ecad1278ceeaf4392290

SHA1
20590f842af1f3b0b96d221014ca190243aa0317

SHA256
5ebee56e7127626f66a07864007fc8192e768c04c59e825bd4c8e6d062a9421a

SHA512
ef65c93237e356cc69177e5a7234d9c9ee999ca309c1e512e0ea6a0b3567eedd5fd5cd784a0eb5c16ac198703ce97da58a188e9be129b4af2a60ac016041ad50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
74KB

MD5
788ff2635f50c35477380bfcbf04e3b4

SHA1
8164f498ec9f2ffc32741f19b07b1ef9978a4d93

SHA256
fd2bca0b0ced3ff805bdd614c53ced194ff9d1ebd1173c07504a963f558ce04c

SHA512
d75228a4d8f67a641703fa8896704f497ad596ee17f6b07c837e7286e9452ec7141f438928e8a904c91f1d6b5a60fedef6b5f5e1487a4e8229c6fe17477f2636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
29KB

MD5
c15c79ee2a213713563a71192cefa947

SHA1
08665bd63370ac8595a409be6ecccaf0dfd164ad

SHA256
247eb61f7deebe51536353e4446c5b12b2e925d12a93ff22216275925efeaeac

SHA512
e5f9ed3cc8951832a7e977ed81a5fb6603791504f77ad9459b46f7ab2eff5790c98436d8a316dfaac63ab2e9e1b52a10503db9a7a4fa000557ae78f823f71e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
70KB

MD5
38b9dc6bb57f87ace5839312d9418bb3

SHA1
74f820a7e468bb99a1936551bc8122809a9309e7

SHA256
0b6216f32254cc44b3fbdad4934383eaef4581017944eee4ccec10b3d296dfc5

SHA512
9c607fd18cde24637b011e48158db86d239b83f41bedbb38d8ed2506d6001b233b1128c40a6b97e25044aa36944a0af864953a7ab382fbdfc8bf63188d7dc8b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
23KB

MD5
a0b2c1224150093f7608afffd68761bf

SHA1
d1fcc737d131d6f44bfd5fd24962e4f87e23dc0e

SHA256
38a88f20086d0ad0a2ec85ef1b88ee34924dc2e610b31dfa74c3f91b80bf0862

SHA512
bdc1b3bec2cc116b9aba67170e42699e8572cba165527f95a82e13d6d32cfd99d3d33787310cbe6dbd245944d8049836ec2fa7abcf78a100636e0d788130b74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
41KB

MD5
89293e3581eae0da58d2929048b94cbc

SHA1
a561c7e479921d76d7b19fb01370c0db3be3d50f

SHA256
d96119b78667044c6916225371b47d4409f0509c1b841c6f857546b8fbc4a7d1

SHA512
76921a5cc87255378fd341e1bdd656d4ae0b1f3b9090b6291010a03e677e7a3c4d128e939668e4662f593152b2e9574ad3b742dcf4d09fd3663fa233abfd6870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
16KB

MD5
e832c7d114585b807c63dda8f09e0a43

SHA1
d71824f0f77f12688ef82b6065b9a820b9d26b44

SHA256
f08fb663cce1db61e186e402dcdec258ab524f5b71fc8bb8c670a9d45ba7f4a2

SHA512
f6ded55a49e2397744cc76e2c5b9afbcf8c34e9dc2a8eada8ff77ee8deb8b067d9aac61b22dbb28043c4070a87a7cc840017e7375530bbf54d5626f13f075347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
37KB

MD5
3d6549bf2f38372c054eafb93fa358a9

SHA1
e7a50f91c7ec5d5d896b55fa964f57ee47e11a1b

SHA256
8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104

SHA512
4bde638a4111b0d056464ce4fd45861208d1669c117e2632768acd620fcd924ab6384b3133e4baf7d537872166eb50ca48899b3909d9dbf2a111a7713322fad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
73KB

MD5
4cea6249242730acffad31c4bccdeee4

SHA1
7e7c30629d9a89a69d05055e1eec8d21f247a644

SHA256
61900ea4057a6df440bd98ac5e8bb59edac97cc94d9648b9faf833ffc6bf6a62

SHA512
dbf83504a3c5caa92a1283b3b8d29dcb2ad67efa7a56cce75cbc8aac879fab25e1e6468e7721194cfd7b593d5c910149760921a291f6b97e67ca31b8994cdbd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
177KB

MD5
980082c4328266be3342a03dcb37c432

SHA1
4179f54fd61655067a20a2b37224fde3d8e5024e

SHA256
1b03dae61d613604b3d41d61cc4bc2e05f19bd27c7ff2638242f9036f2b8794e

SHA512
4495e9336ecb6c1757d856e7db9233aeea5faac126b8e876ab1f98dd2b4dfa390a7f6667691cfa0a9137f1960eccd8b5db0b4bd47e9bd8f552eda67e5de4b16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
32KB

MD5
e81f97d366668af16d4c97fd7bda647e

SHA1
6cd26ed4e4f68ed58773452b37b223f0bbfeef42

SHA256
a3b49e230228a7baed9481f0603f30308adb3fde3262c53e779ea1a9e7ba5309

SHA512
0388762e275b22c5490c71c479927bda86bd4617b0ea3c370da760c0db0faf85e59da7769f268919a50c227ee17a8a8f12e9890364556098c3c59d53ed703876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
23KB

MD5
9e7e3e93f6205533c9552a4d57a086d4

SHA1
a1a426d7584a61db8905c49a5e7ab4ef0dbbe0f3

SHA256
4702a8efc11a3d3a0c8d162137ba9aa5dc8630130aac6275f891beaf383a44f0

SHA512
efd72fa5d9c98f9556bc1a32f62065d3de5f8a9fe65e65a994fc6b534e6ea1b8454724aed8e6c06a383104c2197785ec64e4a6ed39653e1109f623a870507abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
17KB

MD5
545a3842167f01179e3dcd203c350698

SHA1
0311a84073b7ee56039b9df722d6b4d2651fe04a

SHA256
2951d976d7203ff56c2eef546b9fc6c1fc67ef105b3880071afd0323e7221050

SHA512
78453323113d3857e89877ecdf2740401ba7208fe29184f240a816894efe6918367fa31b035ca38b65cd4e946347f2072b8de886426640f6f825a84ae0e78591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2063c703b9803fd0bb4af63317e532d7

SHA1
ed5f608c5d9c868ad7890be5a517a19b94a5eab2

SHA256
edeb515f77d144f07ec585f84c85f2eb2917d85a342705e69ca0a8d203127f1c

SHA512
b3b34ba8f1c592f9c8d179c74af08fca53bd23668cbf5c3acd237aa143eec23cc932fb7cd01a1fb03617dd499b120ab9cb59cb5635d035e2b0dc0e9dc9b09c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8b756f0b99c13f025b487f9cacf29bf8

SHA1
d60ba73d806df0a97a3a2ad077e7b0f69df3b9e9

SHA256
fce93a8577ebf87c6fbf68c170561cb4c894139d4281303e2b05b7433236e217

SHA512
57f50f876983d1845816b3c80e1344525239b6e3be3911e8e801a3fd806158f725ebf6567db59ecd13e151e8570c3d6821f1c024c32938afec1436140e2def3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
999c9814cef3fb4e75ad00e62274fa9d

SHA1
78c479b77446e158c918655fea4f21154e12e96d

SHA256
8352356d8c5c027ddf92e850d4ca52e053fb9e8a962acf5b5a2c6958dacd187d

SHA512
52f53239d090a0614a27ffe597750e43722ce315c45142e744b15a02cf36837f332fe230270dde8cf5c6caf78a7f6180e247ae76c51906b4cad90ffbb1887c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\0a7e5612-ff2b-442a-b760-7c248629a0c6.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
cfbf43dda9922d0fe6b67bc80d34d241

SHA1
d05dc80f8cb2d7973d43059b6e1aa82c8f082f22

SHA256
bab2537f8bb3fecdddc1ddcf2870d9781bb39e97ee0293d728f9e1266339996c

SHA512
bf82e6a00feae24056e4781e751bfe3cbc734c8e0f43109dec89f994455a8ceae87bf344db340679a1e76278db10b91c0679f1c4238157331503e09403cf60ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
108KB

MD5
dce75467df0d1956229077ff11781290

SHA1
88713a6f6bad24702c17c5a326612b536d1bad7c

SHA256
c228c531fd131a1e69706522f0c4117efdd16442666071043bae4fb75b7e72a6

SHA512
da96a8c6350621cc048cb2dee991e4cadf6b84d107630e0958eea7d034fb9c586f466539e6500e75f750a5ab2365a9209747a63172e6128235e3b1e18369c91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
59a2ccfa8c0e8e9bf69f20a345ef275a

SHA1
d988a3ee394cafded958e8e41fdb226c7ef0f6c1

SHA256
7ecc9a27e5ef1e00b11701306e54c67d4da969238183d587c7f742671d056e8b

SHA512
abab2f0a0e59997ad1b64fbcce08acabb7d96900a6c5b062a2a9c138f1903d0a58d8170a67e5e38e8d7ce3e594095d37eee4889b6b90b87f04e3d81a7009c73d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
9ecba7f8ba3074076de250fec5f8df29

SHA1
831adedd6a0f39656d1fbec913a6f96c1bc0e5eb

SHA256
6e8a24e2b973bdc6c8cb3f202c5b6c79f332eb23b7f2fb981056501dd7cf3af4

SHA512
8b3bf6b90927d919aa3fa4ff8bffcec3e8b3c4b5380d665af57cfebb67d4132884eca5e7ebed9815a7f3780d54f1e315971e330e0d7e2d6ff7061242069300ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\d36bd4d7-2965-4c51-93cc-5b00c9e17a0a.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
75303eb123bca569630c0a2d47393f1e

SHA1
ab3c091412ce7866b5055d7a919eb8d600325695

SHA256
144e1fcf0dd8b3027442dd4538466da4f925c5aadd33fa1588618e7a406fee88

SHA512
8489d8fa00446b03bfdaedd4bf3acdcd6be00eeefe1e2cceef4b2afb8146f5ea924020efaca8f3574d5541b143ca5b8207721d280fac51109c7decc7a8d30715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1356799dfe0d4e905fe379516b408d18

SHA1
0a6b011ec5bc0acdfcebfade975d449422b8892d

SHA256
4ec1b74641162435b4edac4a4ab04e2e90bfd95657764e711033e7eae5384f2d

SHA512
388dd14866ced48c23f8bd6d6f45a6da492af5e336630ad83ac02580b57c9bd98fd713ff4f97a2b7c0ca554a444ba3eeca4afd42b9b9926b989d2e1cfaf252fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a9311ccbf5d2a45f7bcce6749b73b4e4

SHA1
8f5a3a810a43128deb46a0f977b8e4e5630b97e5

SHA256
c85329cf11cecfd95758eeab981254d514540ed6e10a79084662b03ce4bfa4e5

SHA512
11b5156d571f934f962fc3c74abf047568463c66c6f38c6953694c2742956ec7ffa9085837669bc1c873e4a2615a9c95cee170217c4ba47303c208af17b36826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d690ab31b758a10866837dc27ca06174

SHA1
88149f3f466082fa9e29fe3c2e8ad4574d51c05c

SHA256
d7114c5daf5adfbed24aa2046d1aba302fde88a9d96a68d75091216f7ad1f89f

SHA512
a62df391ae80251d46075b48e399d8c5869d7811a61c87a04b79919c34e37de9f8489cc0a1ab6123e48d7e3592e64a04430c75cb0027a088685d2f221c089355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
6d649e32ec975b0f1fa5ce709614038d

SHA1
76b5f89077fbdf7481be288707bf19d45a164ddc

SHA256
a1a3d3cd111c8d35b572812802a05549688c5265b455bfcc2f33cc40c3ba43b1

SHA512
1b8db9e6e32e8bde46b1aa834816eb2921e74d4db4a760e0cdef966f28acae650be8a40262e7d5937b8edb41b9bc2518ca04b31ce2ea34e662025e5c4ba949d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
7038a3bf506eb0fcb39832dfe326b096

SHA1
fc86d5e6379fc6b1448c569b55f24d2291090343

SHA256
1f8f3caf17921ab98f90029092f43709a32d40a878ef1cdeacd7288b524df2d5

SHA512
893a467cc32fd1384a51d5b87ecd30b6f8ff3134b5781d50e4c50bcbb417c7176d037c71ddf2663836192b68bcce727fcb9ca258a4a6b8078a2804a016b2e5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f2788e1f23a2a9ffc87363970ba26911

SHA1
67c3cd28dd15d88dcfcadf476509ebf6e5213ba1

SHA256
a931eabf424d5000e706d255a3c503f3191ded6dea58615d2ac823b4a23ae7bf

SHA512
351a2b338500ec881e839fd157758c0aae61810e62a63aec3b44696d6854ddde6da83863a38d7fab6ebaf2ab6a73e7bb1bf4bf10c13eeba470e5f6dfefc8f974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
5KB

MD5
aba1ad8cab374d9fbe364de91099b7ec

SHA1
2bdb0e9fd047934e566f3c8817fb0494b595e1ed

SHA256
281a9e676531c30cfe3677557d634f049e84164bd329f2032141084f1f8752e8

SHA512
7ad400d29141f90f384dcf9f7088d23feaa3e13abbf60c2fa16a04ae4be4f906072510b1821540acd86734921932c92eeb040baf1bfd0fcdf7666d781807fbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
868B

MD5
897cf963976e9453c2a21b4fae09b33d

SHA1
3300d41eccc06d3d1b91ec69792b1343a00b400a

SHA256
6cc5d2e74e88b6d13fce2f625c450eca51dade23f2a2ca4cd21277dc804e8bd8

SHA512
646746d331bcc62047a15b1e58145b4eabfeffa22aa015b9db9170af6e7f7c6eb8601aceac219091d7f65c2e1fa6e16eed6c2f9f7f05e6462c5759dce3d1d1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
21KB

MD5
069ccd86b8abd1eceff3001438b13dd7

SHA1
c4e40b91ac9d71e4cedb300675b8f85e69f58e31

SHA256
9550eed59f51a914bcaf2d3e27074f67420bc485a0f28860d053a35d948ac04b

SHA512
95bd03f19cc58409f19ff6cac8825f4fc8001425b46c6826b331e631c1d7537528501284f8e49fb19dfb8811d390ad08be79bca5a2772494d9049ce1a4afcf67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe59f478.TMP

Filesize
465B

MD5
112c32f6e7e244ede9b233e8dab5fe91

SHA1
ac7f93fb0d9f7faa305a3dde6d701586677b6ae6

SHA256
3169047938058a6700e69001cc0b33f64d43594400305203d9cf1c03e6ffb562

SHA512
f6af3fd34ba62b8cc356e866c281a0b06e353de7e9e33b1b9207411fe69b0bad7762296e6727fd99db86142c099bf992d4c3f65c11cfdc643814fceb78b39bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
20KB

MD5
f8b1d12acbdae2e6bb009b54ccbe04d4

SHA1
482f9234872fe7ea8442e5ac360fe9c1eee5f566

SHA256
af90418d85ae5b9d66be0a30fd1eff398eab0d6ee4f490df34ba1c86870fd003

SHA512
9acfdfb24d8225806e082ae2cdd9a3effb3cdc1c168c11be632beabf56e5b61abe9cf213416c1dc615037f4c60d5129a93eb5b87cf04dce722e935691ae4db52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe59f5ef.TMP

Filesize
2KB

MD5
ee334aba4dd4fb9caec2da190449504a

SHA1
83d86913e3555e9a83208a777607a621965e9d77

SHA256
762156ec3519d73a52878b137bd506781d5ce93e10336f2010ec52ea9ab78536

SHA512
5863b59c91b1045cb69c5a8feefc32d579f615c3d1480d13369aff2cdf521e7d991424c4edb61f58b1da763e0bbb98f02cc56b0d9fc01236db2f4acc799b58f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
57f8e78188847ba63d233345e69aa3ca

SHA1
789404b0e0b328a5afd163c50b59046300f0273c

SHA256
0ce966ca9024cb196ff4a0e91c83de1d0765f0f39b6074e522bf8724d1e320e5

SHA512
23cccc844b27b945d4c60fd4a2d235100ae992f622ed0cc31e1086c3b714f4223ca70bdcd0092365d52bb0b00e1bff2e1856488f3f2bd6ff3956371c1fe9edd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
77595731d74077f84e156daa224862b8

SHA1
05081e08f40a23df7318a93b062939b7fd5d48ec

SHA256
25c6c934d48b0fea83e3f2ea3838ce9fdd69de4bedd9c74af8a0f54b58cab376

SHA512
59adaf25022d8d4d2900192460ab3e6d9c5b1d500d4557dae836bb6c1ff61919245ba31ba5487977c736efe96ea5e0108ddcb00d1b26d7b456e251604eff49c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
742ed0655fe7d5c664901f744f3f1c02

SHA1
89cf6d19b1892e583c2da8abc289a9521d395dbd

SHA256
6192fa4eacc1ef233b6af093e0757104a7bdb55be7efab5aba0954fbf69e11eb

SHA512
df5e2686519883f246c1ec9a305b6aa1d4a71aac41fc3c5357d377311bfcc1459bce62df063e69031a3d4c05592c6b8a0e15edbb1e7ec89c9a23aa18f9d7b85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
75044507d5a576c8ae19b9a1863cf6b6

SHA1
c87a86233260ee2a06e0e49cfefe4d702ea6390c

SHA256
ca3a2df3210f4d1aa7da7b3d5426d51e3b6956c095eb76a1db108820fca356d7

SHA512
86285b12a02bd67c582f862030c6666111be82cacd8c9b628f4d0ccf991a46a1530847a5713fddd086c51b0039192a3e4ec5d4d4cfc62f19cd16ef55be08cd67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
cd38bab6f37812fab2228306300de585

SHA1
606507dab40f3b5cfc655ccebed9f7683e945fdc

SHA256
e77cc7dc93cc94a8dcc61ed03fe8d79f0a1ed2f695fca7e7f49e192a10dc54ca

SHA512
bf850f87662ddd706fe16b63e1473bc5f5b80b4c954f1084bb04d61b7e3b93ba23c040a126502604b808bd34a6590933065418512567b209022c3b9faddfdd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
18b91fa3f7fefd772456bed93b6253e8

SHA1
f035f954c0a5b1c056831a594274e303d914379c

SHA256
9f2013c80cc7e0c523cee1d8246a6b47525445637ccacd345f34b7278ff4457a

SHA512
ab52f84a49d53df667bccfcaabcce6d4df705e523e14f2f037a3673937ea840ea9d3e393ed5c71dd916531899ad10d43f6eaf5a162114ce004afb122279a4b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7c01025306b2f2fcacdb00b7d7451792

SHA1
32ea40e45f512122503f3830a66f8655e2b309ec

SHA256
e3f5da4d9cd4dea28fd5b1c4eefd027a12e32dd5268e112630f2accc33b2fae1

SHA512
c10438235eec8890f0eff349245ff5fc2ef1b74c1ab4ef4db31a9e767fc42be877d498a8c7d198917418e430d42dc734506ed156ad750a33815c68e30f793e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
f3b8702d0e3125b6b5586312f8547c9d

SHA1
b5661b35c487c014f6553deab99278772b03e069

SHA256
cb0c3ccb8cb5ef515f53083088f24a3a62af1d0dc17513f33bdbb31d4a7c5967

SHA512
a203f7b5d36b40c51eaa2f0138d9e98e6db1d1c7c8d29854cab411c1571898b8a4194401024b1786c9c8aa373e97fee36fe863faac3d5e2135b1b1e053409be9

Download Submit
C:\Users\Admin\AppData\Local\Temp\0c3c13ef-911d-4e6e-afe8-c62e9d053f89.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\a56f2c04-d5e0-4df5-bbc5-96191eeac657.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3320_1036909147\a8378731-e673-410f-a901-615cffa6d926.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit