hxxps://ads[.]luarmor[.]net/get_key?for=-EPlkKwMovVfs

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ads.luarmor.net/get_key?for=-EPlkKwMovVfs

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
328	api.ipify.org
329	api.ipify.org
330	api.ipify.org

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	32	https://ads.luarmor.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=925e085e1bd9491c	1

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_977827400\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_977827400\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_977827400\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_977827400\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_868940371\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_868940371\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_868940371\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_868940371\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_868940371\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5956_977827400\LICENSE	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873753727966897"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{7DB9E8E5-DE62-4183-B8AA-D1B899D6AE42}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{AFE45CD0-F93A-4E2A-8791-0314A71EA991}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{3AC0E96C-D8A0-4ECD-841E-5488D4D94BC8}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5956	msedge.exe
5956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 4168	3772	msedge.exe	87
PID 3772 wrote to memory of 4168	3772	msedge.exe	87
PID 3772 wrote to memory of 2948	3772	msedge.exe	88
PID 3772 wrote to memory of 2948	3772	msedge.exe	88
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1260	3772	msedge.exe	89
PID 3772 wrote to memory of 1636	3772	msedge.exe	90
PID 3772 wrote to memory of 1636	3772	msedge.exe	90
PID 3772 wrote to memory of 1636	3772	msedge.exe	90
PID 3772 wrote to memory of 1636	3772	msedge.exe	90
PID 3772 wrote to memory of 1636	3772	msedge.exe	90
PID 3772 wrote to memory of 1636	3772	msedge.exe	90
PID 3772 wrote to memory of 1636	3772	msedge.exe	90
PID 3772 wrote to memory of 1636	3772	msedge.exe	90
PID 3772 wrote to memory of 1636	3772	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ads.luarmor.net/get_key?for=-EPlkKwMovVfs
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffb2cb4f208,0x7ffb2cb4f214,0x7ffb2cb4f220
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1908,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2256,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2612,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3468,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5032,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4880,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4992,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5588,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5592,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5736,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6068,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6068,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5492,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3592,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6500,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6644,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5212,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6472,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6804,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5204,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=116 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6812,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6236,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6432,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3528,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6824,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6656,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=2888,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5496,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5568,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Modifies registry class
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6688,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6276,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6448,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7208,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=6756,i,16957718921512653927,3405662475657691302,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffb2cb4f208,0x7ffb2cb4f214,0x7ffb2cb4f220
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    PID:5716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:2
    3⤵
    PID:5312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2008,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=2692 /prefetch:8
    3⤵
    PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3352,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
    3⤵
    PID:3880
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3352,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
    3⤵
    PID:2968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4560,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
    3⤵
    PID:4236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4716,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4704,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:8
    3⤵
    PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4692,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:8
    3⤵
    PID:876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4076,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:8
    3⤵
    PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4888,i,2941756516721961894,12620381844160103250,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
    3⤵
    PID:1264

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5956_868940371\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5956_977827400\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5956_977827400\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
195612f0a5ec14b2559173b8330195f2

SHA1
5d443b3cd0b3b3673d23e53e2a9f03f762ac849e

SHA256
20ed78c3e84ae5be6f7ea3371d65391559139ccfedf75cbc9734ae96444d10d0

SHA512
96a1e380a2433d75d3b093c64d9a75334992205352e916493844990de65d5d0ca538f1120e09650e56af229265975f19b3eff97a58ba0b2c324a2935235b7fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
e9ccc32b9876bced7a71d055906b8f6d

SHA1
482a3c2de803a3f3e51ee519e6bb0557ce85b857

SHA256
66b308308a1c947722386758b9db6a86253d141c6639ea5a288db5673cf3f3bc

SHA512
03d15ee77f1b0c7205b4492332db33dba8ea78ca80e2ea37c8404a577c6bc14556630ab39ceb6b30aafcd09aeab91f773b8086a06ffb79adbff70651cfb0b9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81b5b926-d384-44b0-a5fa-41e72d80a4dc.tmp

Filesize
36KB

MD5
8b1427e8ed9f64b57eb8509beacc5a68

SHA1
ccb91c59d05edbe748aa4d81df3e1ff0d6726a1e

SHA256
db42126b412674bb163a11793c83d550ac24202744da557644afa8f8009e9774

SHA512
0c5945c5410b199744c26ba22c387f35d6814eeeec9e3d13ce719ba85748962d4a63cd96f05047201179342aa9bff84c351455dfbaf46511849efa8412d94ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
57f2f90b1d3ead1915f86059287fd38a

SHA1
2045e2e137d18f7684db9fd9f98629de9a010265

SHA256
a186ff1a8a33bb376d8e52a79fa388ecfd9b6ffdd96d5d5f98a12650a9b8c6ee

SHA512
5e42f1507de40af9f6053c19fece3a8cc69159ca77e27ee72379ec09c75114f673a35bb7069c3673b310b5f978bf7530f6bf6d1b1fd7a0f5441d0eccfba0e724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
841cf80202069ea0114950589e276175

SHA1
718707c046fee19b9c32015fd274bb18635ce723

SHA256
2b96355b8cac452538e3eb59a406990e96e292e122c6f6de339985a085685036

SHA512
df5cbd13530376fa6697d204a78db72b48f3d00c89e060e068315678a051428626334c4d23812dc9aac69e368bfed96ff06f09ca8e8716312d0021fdcbff2dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
059ce0578b05465f9cf5e047acb2d392

SHA1
c7017bbc251d64bde3a13aaee91671e9a74cddef

SHA256
d5f16b7d2118a31ce6f7e840f6a717a81c7190b869285273e51d8acb5d58d7b2

SHA512
9f375f5c20fb28576f589f20ac2842e42d6f613e15184190f313362ab99c7382ba4f0d2fd19ae4e5be3a0d06b490b3f1571f8cf7f30b74c82fadd18468cd3d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
04830b24bfe3261d6e06ea92efe01e46

SHA1
557ebe0b49099cacc8be3d70366c005ee2b9e41a

SHA256
088fa27ed8cc497c3ca44dc9d0c6b40b1ad2273675a49e2b957fc0d9c5c53030

SHA512
5eb593c0b6cb40a71739f4531ab4c6884ddc796f75ed09c17e78cefd4d776b71c5046f84d87977f161264a4ee200a26ccfdb70ce1db0765aff05a78fe8227986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
34KB

MD5
2099c4e670e1912b8368b019bd4a5423

SHA1
1da1ef6c6e896db9053a132bf9b9eaff6a860c6c

SHA256
ae3fcc60f3bae4411ced1b665a7fb41b6aace8033327fe0cb745ecefed2554ab

SHA512
03b4027e62474043e81eee0e73a8978b26ea95829bf9d17493e41df0d57fda1153e2fa38c6a8eaad5e62571c8f0a2c697df4ad302ec2dc1973b37ffde02f4fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
16KB

MD5
2f4e25dbd3781e2b1a16e2010aea1f1d

SHA1
4a785c99ab97bc73ec3689265e1278063b25a2db

SHA256
aa3510994040aae8e20555004d611261aadd00fd0ff57761048a609865f8c2f0

SHA512
ed21e9a6c35829582095258215c3fe1fd2aa2d3236e73e2bf1767ecb562807ed30deb0e26c0364ee7cd1fd991c7e637efdd74cb40bc45aadb583b2bd81dca2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
16KB

MD5
942d38a358842fbfe9b24ff9a26992ec

SHA1
81f3b88cfbad04596550bd25bc693984a902d413

SHA256
84a632fec22bcf77eb12b1d343c5fe342f5b9d597f8c4a88d091b1a26d142961

SHA512
83c0bddde638bb61c7ffaccdcefdaad6f5e369e9c94ef1b818b31ec91fdcc40435775ba27d3d33bc333c019f0bab6d9e6120efba5eb113c6411e4489e208320a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
57KB

MD5
2419a7d68cc3be24b293c66a274bb279

SHA1
63283c422ed6d9e09122f8ff6cf8131f6e6990c3

SHA256
385fac57f095b21c98919ebb74522c9e4e8a4fe9c1fae50a2d0a498ab09b80d4

SHA512
1751c12e47dbeca9cb4272fdb5845351d52c150e5da837f952a3f2e5d16c54120e013cdeae82e14aba67f6c8dd28900ebaa9317b15dd14bed890113c1be9bf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
30KB

MD5
81182f4b684635f6bdcbdd907ee66f25

SHA1
a1f2f151df72ede41397c8131bd47a3ce85575b3

SHA256
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396

SHA512
7fa73f476b084e15f6d02189f2405ca6d8d7b12604304fd4a3aeb71e8ec3e42dda64b062faf270d1272fac76b606b2e34fe0bc1a18f518f58b46a4162af17691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
18KB

MD5
96562f907076963ac631767e8a42e39f

SHA1
ffb4562b5895fc52ef2caffe14e5a7a9ad9ce971

SHA256
c74c30b1a4b6fb6180ac1977966eb704651ca1f05d52f8e3af484785f829ed36

SHA512
e0b88464aabe3b05eca14228d7c3b241cb3dbb7f587ad6892e5f59580773668bd202d64d4dd7523880e930233f6dda42793c5c8ed8cbec2287ce68081e700ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
61KB

MD5
aa7c1211baf113f0b44d832fa3cb2a22

SHA1
64a09cfa1d74c70cba7462e2258d6f6c1e3c96b3

SHA256
b0cc0e3749c2761f351537539cd9a583b827eaf79de315ebe331584a60a1d380

SHA512
856be778e9bce897471710ff565cb21b55de8717c89150fe47aeec67a2da1d709606de305062cf213070982781d9c3de0781c6e3e298598990e2be2e38bc2a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
62KB

MD5
17ea84bfbcb96c642ab0b852289a48dc

SHA1
f9feb86041f8a68ad22825d8ca93fe3372524709

SHA256
cd256cdcd9a6a95d125480964adce33ecb114c0140eccecd74c9e37284136244

SHA512
451a41f4bb248ccd8663419756c0565e251e73ec6d88e9e929b27d9bc848519280e6faabfb1ab4918ecc5e91902a258e7286e3923c0fc674ede650c90dea2e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
29KB

MD5
a4aff72aace4c7b38aee30d5c0f17ad5

SHA1
c05d47d5d0dc4db837b56a17ad92224b21852685

SHA256
30883e41ba0bcafe5b08329ce1f9fe509774b184f27be461770b3ceb4c95c455

SHA512
007516cbc72a4d7d0ce2850774f51ad6f43d8d30782130b86277ca499f7843ea975d343079d7bfd30c502b75c85bd7cfa04605893c56a38a77501af622ed2c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
213KB

MD5
6042fdb1f6f4e442995ccabd3c389779

SHA1
bfb703f6ab52b5773145f4238d6c9e9228011859

SHA256
eaad6891a77ecec70a70851201cff0f90ed4e2a9c32063472b7eceb379868259

SHA512
deb073c1ef8f9ceba6755562c613b4f9cbf502185f7f0c783cc3dc21b56e0971b6be1101409ca3e0d59a6f20817f66ab224ad53e8d08401933f01290911283b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
33KB

MD5
6581ab53c220b5828e37162349375431

SHA1
1922912ca5ab6eb5a55db138b183b38d066e85c8

SHA256
a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293

SHA512
b8fe079bd4aacd01fa41799999452b27051a4ccb4dbb91d9e1f2662c5d6112032b1633dfb2e31db71f57fb4511a48b55646d034bd6f81caf017ed0dace0603f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
113KB

MD5
5ebe1b5004fdc742dc8f7e1503056977

SHA1
c0ab35be0731a9de04bd47c26fda3cd79d2a40ac

SHA256
fcddc362abb70443f6133887d9813be6dbed0a01113914475a07c1f338721085

SHA512
d905a08bdec10d19e5925e79d41a590c1182b8ac6bcf3b15fef0d3d2487423979cf5c7944f182db070344102d5a7388e761ae33de2806b263d3289a214edfbc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
34KB

MD5
a143738b4e696ebad0e357e76362df70

SHA1
5c91c8d4ebec8fad519a52e2bf9b33ed3c78f049

SHA256
9a7b723e8c4a829a34766db761a04232a0904022b3f393d0b25d5d64cf8faccf

SHA512
9b059803112e88f369e8a466d144c994561c4c288c04df7618a96d675258d77b3ab53ab9338df5869cb72a21bd7b26fad9934a7cf6e7d421733fb9b1008f393a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a9

Filesize
47KB

MD5
ace5ff61218392a0099302b66b317af9

SHA1
279e01998423ed7cf31340fcd3b0d62bffa86f2e

SHA256
9c0ac44394155bace6c43542e99004adb630a6d018fa2eb8c39d5250af7cb3da

SHA512
c73c4a1364ef771a1ef39e42eea241e761dd06a9dc8ab598fece514497a0d0e7b3927ed75e95280359a20692bbed8d6f07605b174d7ece1a82b21f6be42e9876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b84729252c60e936bed6f5c31fe947e9

SHA1
d40417526d552f7b9d7ab9d8a8abc1d009bc9cb7

SHA256
31abff583099f7b646729232d03f51ca8967a329aa4ebeefbb466124e490e54e

SHA512
6ac567c7ad9325d82d1fdb24165aefa1a44330735d90c3901a40b2e074a41ea5a926190df7770b999026c1e6b1785d4390c4a6ab074a12995e2d9af719183ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5823ee.TMP

Filesize
3KB

MD5
a88143197943ed39b9247fb14b4f3c67

SHA1
db47ee3d1f278c9a2cf39ae3609176bbb80465de

SHA256
33201f8d5869d53b01ed05a949b02d0a666abd1ea6fb9ce41f7791b024641e2a

SHA512
971ffef73d16cc4387b817d18d542aa2852f2009c80158220bd5a8258446ee312abc5ae1f16e9d6151596f1ee69903585e72c773d4e53a5a941d78051281aba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
9955a9d7462d2a651cea5135566879e0

SHA1
dda0f58cb8e3781c54d51c06317308809c957cd8

SHA256
6ac199019da41668f4af6b80192530c9cc15fc3f98045b3a50e2c854410d86a6

SHA512
b13d1d837ea2d953a0f04ca39fb61955194c89dce541d92d1398cf6d7f090951bbac6e80c481239908f8127aaa819a7f0fee3608dd2ca2ba78fad7ce0d0c7db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
36KB

MD5
6b8098634166ae8aaf513c80234ca698

SHA1
d6c6a1126f4840b8c556c6f2787e53de7ef21bca

SHA256
c95c1712decbd21b879d8d2b0bcdf18a9064360c28cc5645a6d356ead7f3c122

SHA512
9c640c09f6a635c9d3d7dded0d3a670fb949dea9879e816f7f26b5a39dd9b1b7d152066803d92dbffa9e4d137c0a388f7a64380423690a9cc09e48ed9c4d4239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
658df3d4007823549c8658f25c09dd45

SHA1
d34eda1d6643d5782c8cd4df517b981a58a453be

SHA256
370a07f1018a91dc5f702cefc70828f7957c91c14cc01789a34a927d8e8e6566

SHA512
f5f74350029fc16bab752e091489496295ba6146b49ac29da926b9a9e75a761a387dc19cfa5a4ad8b4a86bfa338bb98c2a080b3553216efcb4e5e17e8f7df9f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
0044c52e0f1e6e9cf6a7213d324bc654

SHA1
2347bce13b69503cb3601e82e577eaa0e0895d4e

SHA256
60b0c31d08358c4178b21abf20be3da630782ddc8fa101f6dcb45f48e7026a5b

SHA512
557f11b9e975317587a126ceb3350c377f779ca3e8f3eb0513337a3f5bb520727d1a6048583f8b4c6111229b4ca748497e0598083f8c7a292c45493062af2003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
04e61beb78da8614b78b14452bc4b395

SHA1
2d14cc77d8c0045dcdc5175f8481c2bd4d6f36d8

SHA256
5c45c521444f099cfdf7f53618e137432d6410451945b465b10e0b842b835fb8

SHA512
36483b9a83904fb4b5a57b7927b92fc7fcc8677b2f8b9b9ba8831e9bcf8c774b81e3fef0d37b90f6acfc019862f894a14dcdc17472f8dbd54b8140d4125f1835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
87d7fb7d8b3c3d26687b269bbed9dcfc

SHA1
7ed98e41827c430aa2fbd29be1ecb6986c80d844

SHA256
9adb9bd7c46ea8ce5e1a33ff26e89be31c1a7e163e841f5d2dd058be02f8ddf9

SHA512
b7c0df1f0a8c1630714302de2081cbd8161e22b4c5be691ffb444934945869a6ceb58b4f2cba91959fe14e77a365e735b907683673325fa2ff39956abdda6a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f79b59a53ff8826475868e775146ba28

SHA1
b8b03a4bc96768cff044833b3a1a0bdb1ddd0ca8

SHA256
d41d3cdcd74b5148a4bc93512bbf5280f593c4e6bb90c1bf6d9051828d90997d

SHA512
b9fb7f84180b66bc8dfb0237823fe4330145fc495eaa0ef4eb4739b12d9a995f97655f42d59ca211c549c91ccc0e4b0649b9ae0cc046aa6dcc5e65742051304f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
3f6bf4e3dc2759df1e907adac1a4f133

SHA1
bb76c35716b2efbea5224951af823abacd9a0012

SHA256
febe9c88699b69a7d62ee425c7a5aea9e6bc51c2ad2bff11ea6271801c04ae39

SHA512
f7b9e1e4143aa4cafc2a0db763b92966b241de2f163a34b6246d3c9e1cc24a642928270060bd4ef75782d1a2da7ea17eb50e95e917a955c33e12fa2e32c07a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
328B

MD5
5adaf0bf3f5ea7f03b3d5f8459d70e32

SHA1
c1fdd5f8d74adf4e76449f633ea8fc9d7305b203

SHA256
9fdb11b88346ecf94b5a0432c0aebace5c717bbf93c650ab43cdb354dc483168

SHA512
6a087d93920f5ea210e9873fd09f1426f977bc9eb6a9f44da4f93f7903ff9f48aae203fb46ce3c34f76d3bbb8bb2778b3af295190118a66647d14328e490fb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8251ad6d8e70051efdc67aec727b118a

SHA1
710a58c10fcf281246b4b7ac36ed4c5b596e6278

SHA256
34ba0168b5664da672b7194c0ed6266ab2373ca5881885eb1adcce151ce62beb

SHA512
42a14f999271e4abd358bdcd1d33db6c83dd646a88dd59b31ec1de8f4e0c0445c650ec72fac8d379a113dfbe10d0725ab9c69aacee1dc9df96cc2e1e2348e39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
77e0d6285fad7f90fa3e3c5c8755f222

SHA1
8bc43775ea6cc5d42e5230783ea6480bb18b3daf

SHA256
d9c322a16a7ac12630a977f5cafb1bec2f994dbc979b5a7114e65d4f923ec802

SHA512
601437ee36b755bd6de1ec02d4a50826c1fc614ec3358f57f03f3ddbdfb043833e0075924723104a959a3f8af3091b504285c751fb5be7bab9335a5a7f20fc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
80a13cb9e6f53d7400d410b2cdf3aeae

SHA1
d93766448fd98d9fa62c30c471c99c294fff67d6

SHA256
535270d88e86e6a12263fdd26055b6167d0f2853b6dd3fd4994941663b137520

SHA512
d9d302361c7b965de88314f4dd94aab1ff78bd2dc2c2cfb691362c3f2d513f2cb5e81853d9677e619162416e3800179def5ff9b093e3170e61b09e6416264b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
5121045029e556520b3b63f0a1f70c6e

SHA1
4b0bcc27b10efe6d27c0837f16438e0fdfbda304

SHA256
f42625175041d2c2b31bf7143f1747e69b5b5d54531c938325486baaa6be5bc8

SHA512
c809d2f6e42adf2e1893393b0bca5be149f0a43631d660e03e3638a146ab0e2356c4f761ee3ada886400fb93a9181918cefdc479546fc5466359bcba2a80f22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
902B

MD5
72b988f8cfba4243ffb0b1403998ca5b

SHA1
e14b47be46facb2b607b63c1176c9a203dc540c3

SHA256
8fe27a458391e5c93300d551c6bb5d412624c28d4dc51be9c34835268e5302b1

SHA512
7803076990ff8ab7959f1fca6320330aa503fcc1e68d4b3faf8d5f5295351f2adc94ada7e719339d1ded34ed89a048b407bc458decc51fd504baeb46285b7e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
e7805de3adf8069b9529f32d5ae9da19

SHA1
532fc459dc13d4a8effe50fad95725858f1d13ad

SHA256
bc5112446909140393e847264309b12f02b7f0c56c8de324d9e75400f01c1650

SHA512
39095c2ad108f81065d210ca78755dfb7265f554768ae0f2e0d3acb1624bb605f1101ffbe2aebf8711ed2a8562ec86319aaf2e6b3204558d870540f34576f547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
eba7486e5fe037a5e39b8d764c666acd

SHA1
044d5948c2f67e6eb89862d112b4f57042e9a9dd

SHA256
13f48d0655654592a64eaf6834ff3f8e4d977ffd543e8095ce9518d956459747

SHA512
aebd8d9c43a635e4df0c6ac7852c837e32c1b8366eb9a02f2bdae7c84cb8dbb8bc5144084a05280ac51ff34fd4b9b6fa8c64a2e4ddcccd0c1fae80ea42b3fbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
76fb92fa589513e7ef58ec8e93580952

SHA1
6bf6528b2cc47b61564835d6e6ad6ffc2aec549a

SHA256
9d25dd19bc44d38e98b63fcbf084fd2ea8b06ceb35c352c73ed975a46f3dccfa

SHA512
2768f69ae3cfd099ac416fdbbfe9c6560259b3290e3ac8627f7f49a21965acd37ab4ae78f48fccc1cf26e5c84ea042527f045f513679a8005c032ac601e529e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
f9cba6ed7bbd6d5e31065fa3c2cfedd4

SHA1
de9f2b83e79f2ea78e4464edeaf443d6be8469ed

SHA256
e88e6f43fa6304002791ea90ccc5d0734041edf2424c6120ea4544b31e049646

SHA512
f8e3c0f80e3d3fabddb59cdd0c51829bfe87434fba67665b6ad541cfbd37c42a67f3336fc33aa00d0d6b083df9784d9ba330edc053a855a535d039d3aa39e75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
209f52b00a3fab23e237b1f5c178de73

SHA1
9011c2a32208592be4718d7ef6536b47489f3c59

SHA256
eeddf7edf78454c606d9d8c5a4542efbeda38d99b8d8fd7ce93d8bb8b79dd42e

SHA512
f55c0e38b7d0e5e1a5e6241be4d7f50b68b64528d0e6d14179ee279ffc80430d9fbe2f2fa9635f7d6a3a49ddf96bfb21ebc5413800f6c0fc6188e64cf1fed150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
8c0e1d6ffcbf265d3a57554c61ab27da

SHA1
bbb2989e054d0b91868b932698f07e66a8da06ee

SHA256
6cc33ef72b97bccc13741040d882f3d3e2620a0d908f74fbf7060f03e0141698

SHA512
7e2686a48b186aa279725035c0d9c541ebc65be91440d3855b39663a2563b1599ccd600fb835e48e5ce24b5d60c9d17a584c0a4610eb14d17a5936ea2ed2c056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
a3fe22568ca5db7f2e2e91fd20a4fc8a

SHA1
0144bb34326b00905d0e3ab9bba5eb626465dd0c

SHA256
1a35e909a4c4a3123f26d92bc5640d380e59e61bd2c809de05815d969be240bb

SHA512
5a53050ab8cde4da6f8bd1782ad5ad25404c701138fd023dd0bf3eaa7643a7f734af5683dc627db629aab47693f4cf75a8908d3abb809c69fba36c5cc08d774b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
d827c8bc23a8d5971484abcee3dfc0ed

SHA1
81848c4eccf81074779f201babb447c92557feb2

SHA256
481df1ef75ae72f3c9d98c6748b93497d7b586ed8c4d9691fbb95ca4b326fe22

SHA512
b8f080660ca8aa1f046fe31633c6c62b2af49f209d37274636fe0a7245ca08619c3906177e7eca3d93e62d63a42960ed36bc0e12f9bff45d1cb062f1cc109c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8f49747d54d5bf5263f03f6a1ad7d569

SHA1
48e6308795d9b30b4f09040eced9fb13a38afdd5

SHA256
f731ccea453032cfb016ec52cb2ee88b2ab4ee6a56647dcb1539c1a7fb98946c

SHA512
17a92c902f20fb13da94751c7aeb50be4c8fc990a83495ce3eadc6e0a699fac48065ca542a2c49badaf05031d4a0c73e8cbb0f370fe730f7a848e115d92e501b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57ba38.TMP

Filesize
392B

MD5
f833a4d3b2171682b5e29bc2afba5acd

SHA1
2cc92bcf9aa0a076f85d00a863e78df2c7e68b2d

SHA256
043116d0b5258bbdc64b0493995a80bc4bb6c2319329e1bd2675bf48a4497df0

SHA512
61a57d019c87658cb836f49641fc8a57a725bb11970a091bf827ee174d98e721545389db62425948525e8686c43cf7f32af5ddd6c76d15a9e4465283c99f3575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
95472479beae3c490e1e8d09f5edd01c

SHA1
4ac8550362e69c36875b88e11c3636dcd2ab2708

SHA256
38eacfae1a2528c6e8ab9a2fc44a9a22758506484f0d823de66270b2990eeabd

SHA512
c88bed95c05f56dc9e2d60a400b709583207e4890883ecf644d323ae78a2a73233ce5df781edd01979a1faac10c4d4781d9d325fa2677844787d0c004a4809f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ef9212fa4cfb93cc0bcda0c941d68bcd

SHA1
964fb21aeebd53c1e0b12d9cb84002c1d9b08c91

SHA256
2b5ae5ea0c215ee33f7185ee97556054881f8c23d657f3d9d5c1ccba59090968

SHA512
b06faa227155bcef3cbd2988ec721c8a73bca4403a7c7b8a28a5915cc5b2d319d35abd6555ebdc1e52e186ea732c9f0744f33c4102b1afe9a957dc8b5143ce29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
a79abf9d0d7ff9466364f7bfd68cb773

SHA1
a6b95086118d52a00c4f4774198fd9bb8fd6a143

SHA256
856ea93fb83d2f40a50a7aa8a0f107a8b4172d39dbde42375718fa2754662f11

SHA512
47dcac8a84a6068404bf6869f0b56cf58f036b6046c0bd64ddbf9d935fe166828ddeeb4221db57c5c0f8a90df31322f1719c08972a3049f4e1c371c96f81d731

Download Submit