hxxps://getsolara[.]dev/download

Resubmissions

28/03/2025, 16:47

250328-va21hsywct 6

28/03/2025, 16:45

250328-t9pnssywbw 6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getsolara.dev/download

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
118	api.ipify.org
119	api.ipify.org
312	api.ipify.org
117	api.ipify.org

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_57145433\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_55965348\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_1327503402\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_899622614\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_899622614\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_55965348\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_1327503402\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_57145433\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_1327503402\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_1327503402\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_57145433\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_1327503402\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_55965348\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3052_899622614\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1880_656806035\_locales\ja\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876540923090396"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{A20E4B65-3529-4839-BD9E-E472FE1336B2}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{5817AEFF-971E-4785-821E-0E3C493379FF}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{4B5B440B-CB7F-4157-923D-F5EB884E8740}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3052	msedge.exe
3052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 4108	1880	msedge.exe	87
PID 1880 wrote to memory of 4108	1880	msedge.exe	87
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 2420	1880	msedge.exe	89
PID 1880 wrote to memory of 2420	1880	msedge.exe	89
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 5544	1880	msedge.exe	88
PID 1880 wrote to memory of 2176	1880	msedge.exe	90
PID 1880 wrote to memory of 2176	1880	msedge.exe	90
PID 1880 wrote to memory of 2176	1880	msedge.exe	90
PID 1880 wrote to memory of 2176	1880	msedge.exe	90
PID 1880 wrote to memory of 2176	1880	msedge.exe	90
PID 1880 wrote to memory of 2176	1880	msedge.exe	90
PID 1880 wrote to memory of 2176	1880	msedge.exe	90
PID 1880 wrote to memory of 2176	1880	msedge.exe	90
PID 1880 wrote to memory of 2176	1880	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://getsolara.dev/download
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ffaf6daf208,0x7ffaf6daf214,0x7ffaf6daf220
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2260,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1992,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4268,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5188,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4708,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=3668,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3612,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5568,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5996,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6356,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6372,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6372,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5296,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6892,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5352,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,17350528166734796645,11361336836310222205,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x210,0x7ffaf6daf208,0x7ffaf6daf214,0x7ffaf6daf220
    3⤵
    PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2172,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:2
    3⤵
    PID:1260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2508,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:8
    3⤵
    PID:5840
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4180,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
    3⤵
    PID:5040
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4180,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
    3⤵
    PID:2996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4600,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=2876 /prefetch:8
    3⤵
    PID:208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4664,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:8
    3⤵
    PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4360,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:8
    3⤵
    PID:2092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3324,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:8
    3⤵
    PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4764,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:8
    3⤵
    PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4656,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:8
    3⤵
    PID:4924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=764,i,12886681738310144100,15281644065220818466,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:8
    3⤵
    PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3052_1327503402\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3052_55965348\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3052_55965348\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3052_57145433\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3052_57145433\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3052_899622614\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
09e83912b3e4e66ebef492388dc6ac83

SHA1
63f628ed7e6f9038a6b41d7b675e62a98fa70620

SHA256
e656f85acfe2804b789c854fc76a9a63cd149df03fe92c76fb964a889e981e2e

SHA512
ab33bacc5ffcf67e36adbb6c7d4e16c7138e1a1c1ee91c8fbf47581765d6d61695666bb31204e059a42e9fac5eb2df956442863ea49d74e8ca6bb1070f3aa7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4186deae4245fe06a0aaaf1570cff87f

SHA1
b5658232adf7428b894a29652fefe7dc7bab3414

SHA256
f3c343d370303196c05e1f89dfb367b36f4beeb5177822f2e0cf126d83fa08db

SHA512
e8c21213b40e21858b51b8eb63a2e61b78d036de60995adb7af0971ddfa24a1f777025fa37590bcddb901f70ee1c44df2e997d5234752c20d85b198b0a46d775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f37790e-2a14-4edb-944d-8621a735b9d0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
134e11410f1f47bb3709ee7fb34fff9b

SHA1
54ca526597908d5cf5529ef158114a8b3775c3b9

SHA256
14281cebf72373018c2203d9fd741de81a79be2bb85e726814ba082c5a832943

SHA512
7c360c0ad3afbd0c073ade30fc09e37e42df91d2e816f24f281132732ed7a2ed32a619724004ccf74639e30bbd06505be1528983c362561d38e52092c91b58ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
01f99561a36bb5f737030b37aa289da6

SHA1
b8e16effab83b8afe03460b95e29ae0a2b6914f3

SHA256
1d43fea4d1f99b0c930a6f8dd8132fa06af1255186bfc0ae5bafb9d08de353e8

SHA512
2a639b793c09c10ff7ee6c425e6500da7888f85c813015f9409431960fca020c89979b7d45645b64a8ab5f53d870cccc9870bf392b0e592fe2c82a3ff1471a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
dad07af63907a8c315ae3f2cce4807c5

SHA1
f1176a6e7403825a88a30dccd39ea7efcaab5762

SHA256
b55ed55951c6870ddd3292f9bacf4b48e3bc65dbc04e94644ce2328011231cac

SHA512
f5c783387fef65ee097687c791c7ab53485d5ded6a397f1b2ab28f7435c29268df3443920134efde35ec1c379320d494947ef84aac894b03816d4b09c1c67674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
177639cc5227e8f359c4d06ca5416977

SHA1
3bd75eda7cbcce82917988d5e2fe26fb66e99bda

SHA256
20cb0269ced1914a712bdb1ae3bc34adfac76c51dd3c8f57893e2ef7c6d682b3

SHA512
b155e91722dcf086785cf77fd81b382b3a0effb817a646893c26520053c0f899a4eab6849f0ee802d615bd0bb80b2d493bce643d13e6c5514920cc9da2b9d704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
27KB

MD5
638a4990025383a0f83ebf29bdb84a68

SHA1
153e8818dc42f598e47fde8cf398f1447649a4d0

SHA256
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

SHA512
59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

Filesize
16KB

MD5
61e4576e6aa91cd435fe92f085fb0a3c

SHA1
fa21a6bad3a461c8f0e27b75913c8f1cbe0b2b62

SHA256
78d8aca4e50e6ba58890b68f8c3d6e562ff0b16516a0c3df56be18b69dca6aa9

SHA512
b250c2940f7ca24b763bfcd4d39d0022d6441bad54c415b9848ef949f8871f219289f044301de03313bf8cfa53bb2797c5590acc1b32889b0641f7a13b710bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

Filesize
421KB

MD5
ebf6135831d99928880aa4b7455c6efc

SHA1
61b707634ba0be3e8ca458bc0834ee75c03cb328

SHA256
2bdfe641573e6436a169a21b10eb4818a636d6c9f1dc80158f49abd530ae4a05

SHA512
864cd39c293066735ef91c211462881ab6a8608347dc2f0dd4a3883c8a57196eac195ba7efe0a37c1eb219b89ba1c30dec6256f37af4c43325145a44ce65ea65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
21KB

MD5
1df4c58bb92cbf68dc41c0661de8309d

SHA1
42c06c56baee832ffac4f78997f374d5503e9281

SHA256
79fbacd3c251f6fada1a166f4be754b3b774740dc843b5e5d3c62080a88b4c46

SHA512
d011bebf8e6034e8222fb4c2a92bb6254ca03e92c93a5a3129a2421404c10e078beb295e6c3bed5265db886430af9aff39abd0b4572fc91e938c124dc8bdffba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
121KB

MD5
d9ca3db893b95faf7bbb37317f924f42

SHA1
40d3fbe6b946bfd821e5f677f01e6016404bb257

SHA256
c1904eaac2c9f2b78a29b9f7f518fc8fb1661ae4076a1ff1b070e4b5bd4d1b5a

SHA512
3a340a95eeb44c7378da36054d0a536bbff58c5b2b23794e69db85f6fe777f7c63b63b96cdc3e63be216436962c3bded8996966557f46034cf81d0fa5ac4bda9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
16KB

MD5
529119a24cf31bc96b42690963fccc6b

SHA1
7d6a26700e9004be9b39af56e5d473babf50e44f

SHA256
01abfa4a92414d942f6229926d656e72a3a5ed99bdf45cbbd15ae466c46d3cdc

SHA512
dd1c22d8e0739fe3c4820c33ce2c90cf72e3f9ae09e67fbfa1aac4d7c99775ab4954b57dfb466e4c0fec6b0ca2e5328bd567b3349e91bee46eb8ba101177574a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
29KB

MD5
54cc137a0d193d36f8775b59942a3991

SHA1
44c01a1d46c1d0cd7fe006d33842cf10166bb0e1

SHA256
305a14b55aaa6362e9f08f6ad3c81744c39f6300d4955c2acf717a8bad848730

SHA512
7b08b10ff0d8bfdab0f0554a891aee52a9f88624a5af8fc17ad738631d59e6ceef4bfde44cff957dd5fa28916430757974edd4353cd820fdc60c2473f1cb1e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
36KB

MD5
0a310b09ff23fccb98caf9fcd1194714

SHA1
efc58407ba34dc330520ff98fabaf480cfc8e263

SHA256
a2fc7475f0fca4b2c5bb66536da12fac864e34301fb53c41b46ae65167a0f44b

SHA512
fe8e3286455c94f196de9924dc5f508757cfebff5457cb872891a40924c08fb80f97c9aeb74849be4aa465d2a88d83eba771f1a0cd1355750771eaaa683260f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
267KB

MD5
29c186f1d728ce552bc5cfac94814e16

SHA1
f5fa7c27b33154c0a3d7538d98b7d4a8e29da1a5

SHA256
d5bce960eb87fa4938aab71099a5516451d87dfd829dfa41f5479ac2a4d4c507

SHA512
409d5c46a9126003be9f1442428ab406f799df7d65d9ed2acc00f66f57648b05adfe4ab300417a58ad2178b2bcc18f3cfa7a2ad97728d8ca7ff9a1c41c818165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
51KB

MD5
50c13ab89a475b626cacdb6d32cf0eb8

SHA1
8b2cc8ce92afd779302a4f84570e2c06a28e0418

SHA256
da4ca66bb16697f354ba683eb9e84736d71825975f4d44733ca3c7c5def3eae2

SHA512
e5cd615b6311335a340dad57d6f2b441f0461f57e40911116e83765a2cb6172e3ee9341ec03e310b88f7cbf1d0f6ab9b5acd53a56199663a8feb12c4271bb782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
249KB

MD5
49d413e88a2242cab7813c87d5327ffa

SHA1
49706327bcddcc8ab6fcb9034fe0eaa767c384a8

SHA256
23a2039b2ea03b7cc62b8b0d6d75748da8f5f8d28e93b11c7a9ef39125f25888

SHA512
aa69837f12da7c98779667c41338b1b705bf9cdc5f12573ff415df63031e27214d412412eb4e38f0ebbf2c0f8751a952e4da5ca1f017508453f314083a210547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
88KB

MD5
7f05551a679dc3b72e664b63749323ab

SHA1
9963581a35e38aebf80319faf6928e2aff53c7c3

SHA256
4929ad02875064cf4f9d5795a873febd02705db43b660019f6d00b3d491f1682

SHA512
ade1f9dd9802b22ee95af1f6c0c501baba61c54f57eae172fc60cfec4a5963565492cfb03d75b977ced845389f718cb62e408947a82a54cd75486626eed48867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
143KB

MD5
e758e267facde692a8baca02cf9c375f

SHA1
000801ca224e565748118a0141d43f5f3105504c

SHA256
09a51a7e0cea98f25feec9be9c381ddf0dd0670f73c61d6a639e8e8cbc703d00

SHA512
dfc5891f13b668e4638a7d31bd18e6cd75ef7e65ebbf3b2186415653a12ba1900c1a2acea4568fa5e8969f186e7a70eb45314d8e75264e528c09b0c6f9048d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
117KB

MD5
1cfd2a6310aaf94de18643be45d40356

SHA1
7035228922d1fd196d2a46b0f8c4143fedf42d54

SHA256
ce292995566a70a1f471dadf20c61ea09bbc8a05790dd14d3f1a349cb86ebd53

SHA512
1b75378cfcaa1226280fbdc864f0b89b0505efd8a523b0f22a83a4717e27e0f079a8cc33c24ae3880ca60e1a2a3bc5629554f387ebf9f75e1b5b855aa5e6def9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
29KB

MD5
c48dad5f984e1d7ecedb89e6e73e94a7

SHA1
843e55eddb99a9800d779cb9a860eb0a1b5e3821

SHA256
304476467e3fc9e244f8d986a405beee84da3e81646c64c8476d70e64e8c7ad7

SHA512
c78e81ceb18c94a0b8c95d2bf976a29278f2daf6c552404c34ae2613a98ba138453b431ccb0ab08ac4565633449fbd22f13e7b91a1c3721bb29c265650f390c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
29KB

MD5
4f67bddea4a4b56fa44f7cfe3d8e17f6

SHA1
438d0068eea5ebebe51681e9a99f4ea32cfe15e3

SHA256
b12c446b6906a8955e13fba049813b7367342208f2f605e636bae8cbb7c2a847

SHA512
341ad30b36804ec19a0299e99e95ca576474ea85eb853f986f0e8199481e5e5f6826d71ed660f408b0dd7bce3e2d28e873e64799a24c5803247b7ab356a276be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
39KB

MD5
7e7f168b968f8bd701f8a78558e39f8a

SHA1
89632aa031face8285a32cd9a14810cad3f41a80

SHA256
e3674fa326e7a4ed37a1ebb2f57fac8dd90f98e0911659ce180070c783357d18

SHA512
114ab35ffff1fb1fbf65e29c79fad9eea148ba4c223ebcec94e272727e2245f7eb55deba5bfde7f21288a6ed223b4024800033f178f00c668acb1e3cec5f0f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
132KB

MD5
1d7012e3e121e2a4c9205319bbdcad25

SHA1
bf8b365695211b01b0adf81f2af87c8a7a8d21a2

SHA256
f80c73a6e9806ea702e0af252e813b0be6b1202d04d8f3f324f240362495b4fd

SHA512
2a492d7c0c168d733c552675dbf70947419090ad89bd639448e340b28ffdb4bb4c057e6a8b5362fd27bcc82d1d1a8c16f8ca281e224176e7a19c09c71c8db4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
68KB

MD5
d6dc5cbb0e7d5ef032676a0d7e450e19

SHA1
244537d5881fe761a464c458f538c3ef41d7b683

SHA256
aac63876103cdcfb575607843627653db77798fe3e248001fea6cfa2cc6c526b

SHA512
8a4488a693bd966606adf7886265fbd18e9419aea60714161db51d1a446ec5abddf35269c2be6da3fcaf9037097f9694de6152c51a9ea31fe7f240ac96726a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
109KB

MD5
08a9fb672fecbf2f952fb8eb88b8fe62

SHA1
8dc439972b3bbaab26e186a1f36d677e6bc3c048

SHA256
9d1c9cae178822807e0ed632a67cdf7669324b06ee09eccd51684a87bc22a073

SHA512
f35205af285d47def82d066080c9eecfd5e2f44dffa2343133355316617cab0bcdbeee50e0d52a2fd09d589f0aa2d23cf8f4a22ad5ba778ab911d5f12f596f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
31KB

MD5
9c6039d3720aa53120f18354a20f27f0

SHA1
2c1da444d666e3cb758003f3f3751b23b8722a40

SHA256
d1c85b26645e7e1110628372f7b90ef8e26eccaa82fcb0a2967aa1d7eea1130f

SHA512
73963d38b732f0fead7759e2626f2b0de65d278ef69db9690a25f93b949ddb8f0bd5e4bd4cb6a4fc3fed63e611a518b561477f5c5fa60f633fd215a86a8b2e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
36KB

MD5
949dd7b3171ff45b351416d476a06b81

SHA1
6a80424c4ff251b73c7da94d993dc6c7a00eac55

SHA256
b86ff325df0434800e36d35c9c49ec905e579aa4cdd1b7ff55858819b7835268

SHA512
4fbfd5490fff4642ae4e47f6318f5d7a0aae82b81004ad2959f7b6360ba7ef0924600fe145e2e26b17189a984bb63bff408bb4abb29a1ada85bc24623b422d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
20KB

MD5
4b24739c5ce349f1148058c3fddc0237

SHA1
2adabee4da418cfe0263b2f6177eae8377f353d5

SHA256
1690d4123a016bde38123230c6dea716d9f6f8d9bd6d78d4bc02204a5765f4f2

SHA512
4fdabe9a33d0b1f2a1d1cdea42ddca9198158b7f2c2b333908ee30e2787ffcde58fee5bdea456702e3fb5209daf3e19028a14c6eadb0ca94668a7ed1e866d255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0b81e8e46f28c927b7c0c08abe7227bb

SHA1
c8e22a6e2ac6a05a885ee92ecbf6b03afa00cbaa

SHA256
3bc28ec7ef19f06194b71a722936f9a743c299a64fc6d72c85678dffec8d1bff

SHA512
2cf6e8657dd4e7990c488b4edf6414be729e4eae95ad85c67d8df7c9bd2686a8830f806551b28f5a7a38cf3eb203da42d859e8e0c02e454ae24cee699ae17817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580dd6.TMP

Filesize
3KB

MD5
2194930fc49eae5eaf920913f2f3d742

SHA1
2c4b9c44e15d5556e951a1d3f8fdc06333ad259c

SHA256
7e1ddd32b57cded790c9adc2486014a47bb9b33acaefd3ebd89f6522249484eb

SHA512
93b0cdcc9fd0de65fc6fb2d3641f7b95577142960ac912c5f741a21c2020a1edbb4e8cb62466c2dfed4f2b8633e0b66330429ba2773e91250d9434178ac8461c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
8acb2e9df2a7d5ba4da7f43b0b0966e2

SHA1
7348c856afcc84a855d849bc72ba121be787f770

SHA256
aad27c04e185defe8d9db7a4a42e53706151a02ff2bb408548ebbcd0f494e874

SHA512
16da830e71de6ac0ea13737199366a1b5e881e66d20e512b12a816e6c6f3b7988c1c615f79b4567ba20bfb505bdeab9b193a547369cc112682b7b98926d2891b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
afcfc7c441b87a22ac521f95e9440905

SHA1
b28c727dbd245eb02fe0f5ff4d7000a9bed2b9b0

SHA256
e23bee6ca221c159a5845fb393d4b8d1f0718dd18bd193fe6f542f8d7cd28081

SHA512
dc9ed87b3db30f8dd96824aae5b933f8685cb13aaa8bd6054352abd8d86510091caa61b262d43678e189179adcb1acaf3debc95abff365dddb6fd300292794e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
ec030fd2e10df34e9fb5266b86ea8b93

SHA1
69debfbfe768afa35e0f82f8e1dd8e1544fd3635

SHA256
dc57dcfe22a41969bd5ef82a5b9d7c943081988566594a2560950c7140bdd622

SHA512
f2e6ae85c186a8e8ea482c764510bbaf6846143ebf092947a90bbfdcccac0dbc04df5a229ece662db3c2b131c02fae9d5691116d9ea3dd2f9f0c7b6681e7deb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
087c2c91eae11dd500d95ef4e0754649

SHA1
09c318b420306bade47b9683dc941b8a68de05f3

SHA256
75b5f220769b4f758f37be71eb52e5b774f03070c3cd92c693193295d6327dfa

SHA512
7e1d6fbcebb0f5c489cd17ad93a350036f9f3be22817840b5fef7c4aca27c523ab176ee814a09e33d5c85e16c26f1acd6c0e9e9e486d88f18baccc9a4dd186aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
492f8f09eba002834bed3e35a6b90e2d

SHA1
713c3a4bb55f061f10c788d664f3b47f02453ccc

SHA256
ad5d4532b5d98e76902cad8761785f36f55627cf97f1820774608e6a2f340d02

SHA512
818c0b90e76fbc6894aa649c7b7c2f30652227d4f5892e0e88fbb03b4667197f99bc32dd166de2124f395caf2609cfc41e9c90cf3dd6caf827c9119dde4e8b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
4b460eb20a59fb65695ed71080d69bb4

SHA1
21b1d2b8b837e108862ece71f78f86d1b1d3a7c9

SHA256
08af82634250a182c290f4d600d56a3ca544e507f24b463793528f0c86542f40

SHA512
04c48153475a39b81b3a5039f9c2abe935cce41e4d5407cfc952715e9a2558698a6c62f7067510268dd33a378c988be1368d61e927cb6e3f6c8cbb6ca8a2be83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
ecc84347bb109b604c37a76d916ef1c6

SHA1
d06852752e2a70aff0fb6f810729df331c4268f4

SHA256
ac599e8c81f330ed81fac09f3751159e5f0d1dc02a860d50412a1444ee966796

SHA512
4dce0482c3a57866ad67a3355f99fc22c79627473c4c2f0b86e59f3eea3c85b4e33f57e97c5d7d95882d803ca17f7fd21219d8d98fc5f4ba5aa3540af5e3cfb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
a2855353f9d730996bd9830364521839

SHA1
02cfaf05d4b2d0c6bc5b14e633bcd4df1673c92c

SHA256
55a2d6ed7f4c6ff54f6f8bc4c0d68e78e3b2ccfb0e5ddb06644730e7061f44de

SHA512
3a02f6d523d35300a24c3a8184d841067f1b820cdd6b1bd7113a12a2314bae248c6e3a6b7823d062092331d892b60d83019300b0101c77aba5aade756b2a1b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
50828c5a91f5d431a3c1affec80b4ef4

SHA1
889549ca9873946cb34cb3cfcd1a998a3333c5aa

SHA256
5ed28c9830dcba9f975669f59b0cd79a0a17f1d5cafb64fcb26e280b9f5eb8e1

SHA512
d211015efca294c8d658d4b3c319c63dccec02300fab7e6157b9e1cd64a5fa2b9a3fd234b99fd96b8f106bca0d6d0734b8c4108a5b56a5c731a8e07156d782e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
0cd29536458e821144a5ce21a9eb5212

SHA1
41feeaf9f2705a72beb8d04e3fa134ccbf3d4ad3

SHA256
f16b2295b1473fb7e731d02a1b77c9db80d95266efe2388a90857166844ca1bb

SHA512
ed663dde23c90c87331799a4b74b7baa666c4b0a23f6e6c5e0c9e169335df5db731324cb0169f31a8bb5289bce6a076282fbf6db6a734cccdd3155b0706a8184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
a2ffe68f4c4c0207929b2d7c3783cdd0

SHA1
a82b67d3d016aa5ebaef77433d777a1c5e325bde

SHA256
022c434aaacbdad848227f7c6f904bf1c53079978a21fa6a280a5a638dbaa759

SHA512
20fcf62883e0864b39dabdc740fd1af8448411cac90cc02a130f83419c3a12660b7b7c2a68bc39f531fa926120a4c7556532dd6b89c5cf6c0ba15629f505e173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
91e5c8daa890df9fdf1c2c1288ad9951

SHA1
03a0c6413c7a23f82489bed05f70df3308c17fd6

SHA256
7f73a77f258a8a39c29825626f0edc92da526c1c2b1406d0ce028331123ba1db

SHA512
3af21b9d606e1036cf7921972fb16ff4b4cb39a151c78b240849bcaf306fafb7b4ebd92e90a5f73c6f188a8fa0dc84dad7b090ad4a1d57b5f5def1532da39321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
b57adcd9e8673493ab6ec69a15b2c416

SHA1
4056875db82cf96e1c8b7e248fef48a29792c062

SHA256
dc8b9c4fd8e52dc5cfafaa6abf9210a972972957066ad69bf7eee2baf73f33de

SHA512
a2deb80683e5eb68bb6ce797274896176fc882b55168adffc89bb710d5d59b9367d271b1cd9eb882f6d052579b8eee828d2553c745b730f78debb09d9d086c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
002fc2ee11a19da175860f2286a2b6f6

SHA1
84d99e50bd98913eb6fef809478994a92de80b84

SHA256
2542f701703b5a622fcd6faf0600431102aa9034c3d30930c9748bb868aca5c1

SHA512
9056c2621698be84be88da708003e4940dcc113a24416cfd37cca8d1e927fc8c92bb5e9e98789000a4ac3413bfc52ab008ed5430c9beb28aec8ab0e36a314c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
fcc54c93a69464d7efb21918f83432b8

SHA1
940aeb8305f2975651c66e0706293d0e87f9681a

SHA256
534c895d26a812a2fb08905fd04c7e085500086da3fd8065b502d25bb5a88e39

SHA512
7b66b3e419b70ec93cc36e42711d4e69c010aefc64884f15926aa2521c92ea9b6583e82a8677b9dd077a3335bd787b39ed8c93f0d4f967b005c9d5dc2654fca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
d5f1620bce0fc7bc65477e01976d7ae2

SHA1
95e7b65acf1ef8ef66d0413cb5c1aa89be27c0a1

SHA256
875d1fc1c71e153ac7ab63f0834e5097eb4c5ef54aa442cfc0291667ee2781f3

SHA512
ada450182f7da2bda05e642f6b0bfeeec79a49a770eff31007dc9369e948e03b58d2d3de7e5c82ff646465c611b31ff74a7cd780d285ac6b50a2db303e55c8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d713e123f0226868928b522bd07dec3e

SHA1
5de210ec072638945b04a1a69481e2ec3b75cf6a

SHA256
84f9806782b3feb249955b1c30428e121f8c25db47d2f565a9fe2c05f895aacb

SHA512
de3f8c4960b33341e537d7177bc66ad4a63d0a67c5bd9c04513f312445538ce2bf3af02815517686c9b5370304f3c5cbf32079a8d392b741d4123fd6e1483cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
7d5e6bee2ed6e8888b7d55d38b87cbf8

SHA1
696fca782177397b836f7b791cc9da221aeb42f0

SHA256
8bda572dd34225b1c216cff2a375de8995be92c7e0fb90b52035b7648208e310

SHA512
7775e21bb9948b398d6538101d0ec063f277ac14521659211c79e87d58b4f8d3bf9fe34d5f1aba7989044aa1beb867746e4219e7dd04a5d23acc47a06e809820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
691651e56cca97436746bad6a8318919

SHA1
5f7e41f71c65ba58a0cd2c4a66d72cf983c2079f

SHA256
9ff3215e5b27d149cdb1caae53f6c97445504176503ae8dafa8bcd6d5d148641

SHA512
d2182b959412f91359027e842ab7da12ff387f3a3ee972e207927fc5331e8b1d2c3ff56426f9cd4f155304e596267ac857aea406cf253c588cf1a36878eff1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
8d03d04437f1fb7cbd7d772bc75d80e6

SHA1
4ec8451bc1c06d97daeced7402ab5aebade7e027

SHA256
285cd2efdb7a7c16836d1462e83a10dd9a13cd067685e444077fb5b84a9c6b4c

SHA512
c00526ea0343bd5fd000fb90e339398138d25c79873697d5a617db3867b73b990d393e0ee07665d75b8ba80aceff10eeca2e8a22774dd0b60b37f1b5233f76e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
c24ec05d5eb1b088c1f6c983e91023a7

SHA1
7080c3a24db7f19408c309fe076c92eaae31f508

SHA256
e2e57405706ccfb02fddc81b92b7f267b0e5308104ee5af4ebc97ce3cd441d00

SHA512
2a4e3c325a5703368c5ea84be7e3e6884916b05c41df0708e089719a312aa3a4ea74b8cf747cb108f72a3010c587c2d67ee42f0124da8f2ac79c2868c0fc9c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
d27358b20567a6cbcd184ce63ceb1cd1

SHA1
9902933cb22c187fca284dc4795528e5da3f8553

SHA256
570538853e9f8177795c323877db25262da4415c7b66dbab91cbb4c31cd29f3f

SHA512
677dbe7598c3ac191122eab2e22d54cca138a6d01456a238c979a2d6811c73f31c0267e26d60ad2fb5d718f959f4babcff7361afbb4ed7526cc034a1c428b1e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
0b2c3c3c7236e09ff046e029843b32e0

SHA1
0253e4965b37d189599406c5e375823e37b1e723

SHA256
c8b8033c306951ff59fd1d18eb1a23d9df9ced65537e63af310a98e8eb0c4fc5

SHA512
665d7e60c3bcdf39915397495c1ed7bd0bdcd2348500707ed1b6c68b549eca285b0cfe9f1e278d4eb048fc4d3abbf480a769558cb965c062c8174193e9da2fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
86c4ddee66216449a9514cfe201f67de

SHA1
30688c3e91009445d607b4a274094f92c02ad380

SHA256
7658a92f0d5283524700ec1a9c8194cf781d4c3b93f599214c86d5bc20087b63

SHA512
9476042802bfc778645bfb3ab7f3ea7d74cd68a403bdbabeb47b3bf5998757ffb820af39012778ba233d91415345186317386e8afae566c1febc04164803ca6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
a3007f35cb721fe9a20e9017bcf1690d

SHA1
c8f043b8d86d156dfd59cee8bda799614014851d

SHA256
70fcd7e9e325a7c3251cb3d5cd8d27af5afb044f9d123db5597375a523c64f3f

SHA512
d2821ad2440a737d7e6b31bb50165014f223e722a12866e99dce31e09b8532b09077a91991d5f0a6bdde154845a3742e130c40b4a56ebef0012fbe7fde2fa4b1

Download Submit