hxxps://www[.]bing[.]com/search?q=install+virus+on+computer&FORM=R5FD1

Resubmissions

28/03/2025, 18:53

250328-xjpgws1q16 4

28/03/2025, 18:49

250328-xgjtma1qx8 8

Analysis

max time kernel
201s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/search?q=install+virus+on+computer&FORM=R5FD1

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_199709335\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_2079982357\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_803956521\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_199709335\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_1490713504\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_211867323\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_1490713504\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_211867323\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_803956521\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_1760757030\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_1760757030\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_211867323\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_2079982357\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_1490713504\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5912_2079982357\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping756_553974782\offscreendocument.html	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876616198373318"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{3F26CA92-8192-4E11-A194-9899E6FD943D}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{7A955F6F-B615-4C54-AA48-B81D76D8A094}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5912	msedge.exe
5912	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 4056	756	msedge.exe	87
PID 756 wrote to memory of 4056	756	msedge.exe	87
PID 756 wrote to memory of 3492	756	msedge.exe	88
PID 756 wrote to memory of 3492	756	msedge.exe	88
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 6000	756	msedge.exe	89
PID 756 wrote to memory of 2076	756	msedge.exe	90
PID 756 wrote to memory of 2076	756	msedge.exe	90
PID 756 wrote to memory of 2076	756	msedge.exe	90
PID 756 wrote to memory of 2076	756	msedge.exe	90
PID 756 wrote to memory of 2076	756	msedge.exe	90
PID 756 wrote to memory of 2076	756	msedge.exe	90
PID 756 wrote to memory of 2076	756	msedge.exe	90
PID 756 wrote to memory of 2076	756	msedge.exe	90
PID 756 wrote to memory of 2076	756	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.bing.com/search?q=install+virus+on+computer&FORM=R5FD1
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b8,0x7ffb6c2ef208,0x7ffb6c2ef214,0x7ffb6c2ef220
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1712,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2168,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2472,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3256,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5200,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5064,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4348,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5976,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,13113185890860244425,2254878259087929204,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffb6c2ef208,0x7ffb6c2ef214,0x7ffb6c2ef220
    3⤵
    PID:700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1736,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
    3⤵
    PID:5500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2392,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=2480 /prefetch:8
    3⤵
    PID:3032
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4100,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4092 /prefetch:8
    3⤵
    PID:5836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4328,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:8
    3⤵
    PID:648
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4100,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4092 /prefetch:8
    3⤵
    PID:5968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4836,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:8
    3⤵
    PID:5496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4844,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:8
    3⤵
    PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4852,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:8
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4884,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=2892 /prefetch:8
    3⤵
    PID:1896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3904,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:8
    3⤵
    PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4956,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
    3⤵
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5064,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:8
    3⤵
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5028,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4996,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:8
    3⤵
    PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4028,i,4266009509202554125,9222848515836799037,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:8
    3⤵
    PID:5280

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5912_1490713504\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5912_1760757030\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5912_1760757030\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5912_199709335\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5912_2079982357\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5912_2079982357\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5912_803956521\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3bd776c3-cba6-4c20-b9cc-8127f8d0cd8b.tmp

Filesize
40KB

MD5
2a126debc898e4aec90e2702757d2ca9

SHA1
bee1492ce447f3a445ce18201f0e55a0fc9a4421

SHA256
7e62d8947b73272defcd0f1df1cc8fd128c645338e8b3c942d31061a91030d94

SHA512
4766abffde4f4a4e4b49952d99025d24ba2be2460af9ab19b54f04922229b1198d8ed050e01b52ed145350d3bb2319acbc8c96199af7f5bd8e66f46eea2a4feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b3607049da2a494013ac244be66afa64

SHA1
a7f44af6b91cf0c93e8be313abf397dd070269ab

SHA256
68cb39c643a89b5717664b43ef2053c73278e5919130804fb0420289c9ce6fa2

SHA512
08f2e4063a45e2a6affa2e36222c2e3fd672c52f062cde82e7d7c7c4a841dc35f034a402b6c76fb3bef24beffe846282e683f67e3f99ba8ead2d83c3a23f5f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
dab995e50fa2dd3337c84b6f1b0079ae

SHA1
4823a0f6b97e08a6b9b0c13e4abd6c6967a227ef

SHA256
0e3573243b78b0f8d404367c49e31d1dfef57795b334a2c5842a1b37d97ba7f1

SHA512
554a3d56eb9e9ed56a7886f579407e0e93efc3dec9e9b0284fe04ca989a62c9176ae693451cb10f3baf8504da77fbb64cb18d75a6335ef51ec8c26d687a3ea1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
3642b15460f9c57edf59ff51301b9014

SHA1
c171a45bc9d7291586fa801f4a77db2dccc6f740

SHA256
e7494207a818969686f7cabc88128ec14c0af3f5e241d4923b1887f93e5b250f

SHA512
7d9d7b37ab8d19457ea5736c920b3210aa99710763c77b12a66dd555d741b5ccd0ec97d53542d056c4d67e484b71abd7c3dfca99be4b9e7f367dcfce5ab084d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
ccba72e2515535d13e864efe6bc854b9

SHA1
70fdec457909c9e37f118939854d4cea3d24d980

SHA256
4afb1c0a82448905e0fbba0f5f7c974c3a9505900e252504867b3b3fb5a6971f

SHA512
73945e61bc504f2ec6b1a401ef8e68d352c827a36c2740d3ea9a02e8c2f2744744af61496dd1e73c60716277544425abb8196121b5041caaff113b0d3c46dff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ed3d62edfc4abb2e8cb7d86645ace55e

SHA1
b7a0f9fd2b74e0d3391556feda3503c37df16f60

SHA256
3cc313ea1255d6af8077574faacbd7ac83d8c9fd66782828c793e4b6b131f0d9

SHA512
7fe85c2abf5ece66fadec31095774df8735b4f8ba4e76b6bc1022341d044fe1b7b57f964dce81248abdfc0ae9a28e8925e7759726772b8eb3c795567c667cd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
df82e198eeea831ef992879d0653d8d0

SHA1
4ffe4a70ea1743eb70fe995cc495a66e9bf4adbc

SHA256
179b044fdd6a57061dda382d7225b065136f98e0a60267def587ead07836076b

SHA512
451a19d4b9aadcc03d2520bda62a719015398f6e7812aa505e073971972620a57de57c740db4f7679c25c867d66a0615db198182bee1cb2fe7662831bcf54ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
187KB

MD5
0cf4d6d732f7836d3b6bf9971d341cf7

SHA1
21079c3142a0aba0c634b42345a432b16f6f87d4

SHA256
352b388df81700acff3b6c347c20ff7d5fcc6e11cb929ca631dbde32be7b8cde

SHA512
6551a7fe258e0d1f90675f9a10f398fd24fd9abe97bd3c5ff9cc2ed86d6109b20938634c2e0c319ba1a166d70409b31ae9a1605e20f823777b13914b7cfecb93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
16KB

MD5
80076f8343c36172304dda578351cf4c

SHA1
84e96bb2f3927bb9ff70192db6bfb1b2ab098e81

SHA256
987cddff89fb3a8bffd4102fa9493beb84c63d822faa0c0308046294b95cadcd

SHA512
47e13798bd060ce78b5dc583a9da20910c93c6d5c096a8088d0b6d22df4ea2f3aef0121de117062bc9839c00a34cfcfd742e1627ba0778c9a8f67540357332eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
24KB

MD5
90b8bc4458cbed077a78c73803960a6e

SHA1
1559ff3bd84aea7862d2bb1bba867a95e2d74006

SHA256
be1bb2e4a8f933f485e7f0cc28caa5498ec1eb6b58c780b96b53e596d1e66b99

SHA512
298456eaf64ddd7411457d5e4a97224005bc83d80d18c5fb55969c3a715c525622ca5f72df1ad22aa92ccc2391bb1d2057e3b0277e0e4b350596616656b2911a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
64KB

MD5
54c07aff64efbfa7cc409c2c39beee1f

SHA1
484508546a33fc90e6b97f6240601ecc135c362e

SHA256
49c44a97498af5cdc2abaa89ab61f43895326914e942068e4bcdd946627ea065

SHA512
39c0bbe4cddd7eb1b17c6690b580a650640a1aed61ab004092af6cc870286c13dbdd59df763b724b7b022d6d071a18f02cfa751710d38954eaa1eada5b9a1abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
26KB

MD5
46d72f6516d89b722b914bbca0d9b021

SHA1
d9149a7cddb848854317eb03b8e1ebfefaeaf572

SHA256
c7d299c9bb315db9c29e791f6bc7418a646aba9a980256871e689d9b781c13a9

SHA512
5ea9392800f8075705619373d2d7f54718cf5f1dbc12c18cde74a8817d6d51a78704347e309ce978598a609e7133adccfdd0524aaee2d88e165901ab49b5199e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
77KB

MD5
4df5e55109fe9cc3e7da099af9e4cf92

SHA1
589ec71aafa2a93f7f9ba0ff3e8cc57a65eef427

SHA256
2b8d5bc9b7179ad57fcaa4bfbcd9399feffefc86b7e7dcccebb89ac3131d9b1d

SHA512
1f15ddf573f685c44233f325edbc268ea3dd32d52b2dd7340fd04ab960ce75d132edbd00b66253c6c9324523db753587da2f6ff23f8a970874275c1c941b5103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
474KB

MD5
782dffd26455cf41dd4d19bae27a9615

SHA1
46f5793f8c8f6884c6960fdfd5830136833d27ed

SHA256
c440758e3b15674f702e6c3b6bc2ecce7fba31e9711cb77ea9ec1d123df80f2e

SHA512
4f4d97bc04d71ff209177d6797f6f9ab96d956acc58ae03a3c7c2308cf48b458ab5d52d4bbf30c96ac8ee717c36c51ebaf9910b483a6196962e9f2d582073374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e2a4d5a37bc5bdd761118e149ce35b21

SHA1
a45c1ab1d654d7da56aa6fda15281b6e2f6b78cd

SHA256
74a303a62503307342155435289f3e3b28cdff3a62008bab99b55d7cc4bcc4f3

SHA512
ddafa048753409acf7e0e9167c07129ca1c78b5326aeec883b906799dbdeff039526f14db4b096c0af4a6306695b9c65a4e51148b4598640571e719fb783bed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57ccb6.TMP

Filesize
3KB

MD5
dc56ee8bd3d33c38424745f135560727

SHA1
5d13a8e680cd034e02d099d316c77ecb3db2c04f

SHA256
80e59443ba94bfa577076e43ff5b3646672e6f8889aaadbb6a66151c4c740acb

SHA512
7de55f52d00f97773acb2db3b2286a004dd371c72d9e323e74db5accff8bcc36dcb605ad54aa0964f166a0c2b3db7e0c0bc9acd6d582b46c5d7fa1572370dbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
89d9b630dd4a673f81a9e682bd95e03c

SHA1
10661fb7ec5b34382aa782ed1c1850477c345ead

SHA256
981cb45b07fce40048aa0fa657384a03e0b38693b6370eb3f01ccd2786863e17

SHA512
e638387eba8b061dec19ab1f4d1fadde31f09dcea3781182de80110d2e4614611e60bce57892ea73925e6500e9a39aed120d88681b182891fae9bd3444bafa84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
76ed23b334670ef4f906b57d455947fc

SHA1
d92498b641f8a6f50291025d7525b39018d77059

SHA256
98b5dcdecc440103e4e3b440473f6bc033c8f8f489116b7cef9dccf4d5e80c54

SHA512
b02ec81d72a9470393a16f0c5c059f1ca17004ba4ae2a1c207f8a363521be7447df97eb67710a4341eb032bcfd8a46ab5672fddccb22fd98f0ab2525fcf7624f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
f185f710e07ef845ce06f101c92dfe8e

SHA1
e705ea708304d492186e8cce5f1aec80abf2b284

SHA256
3fff1766ea931b431560ba7f937d48587753eeb168a1f1c358a1bb8dfef18474

SHA512
41f1afd4ef44dd6ebb91c2ca8957c6487ab3dbd12f70a436915447567fb60ef590b24ee54b50a490e27126f3eb6bfc1c9a24bb32da49ef449db78855894c39ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
49e33a90a7232122a5337c5eb41a2183

SHA1
f7e7713d59f4378e278c2639d3d989dc1671d9d8

SHA256
1309d245b9f590de7f31cc46a2bccb390cb67e967f1873a5e15b9b3d43ff98c4

SHA512
1f0404ebafffb961f39ad75b44d81aba372ab34261ca7b7246c93ba5863cb6ddd4dbc91ab3838b96df77b287b0747b43075d46243baee614a9eeb860ecbdd3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
28KB

MD5
539b66e4b01e19f6ab90c03057733957

SHA1
51fa06396d1ad94a5f2e4e811c414a6c80e50ee1

SHA256
976f94dfefe5fea6c184c51f4cdb37bddf777844aa2e1d9e8edbf394931d93d6

SHA512
81469d7ed8b8a9de1b9279d69e3fd05bf7b1715b48e5f58da06d285de25a8075f39376709c8007ba838031fb8df2a14e324805c81028f69f3052fb6e4576574f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cfdf4957758f85dbbba110e8a28ba0cb

SHA1
e332e74d018ec10ca9da42794635c1ad7b806c1c

SHA256
edcb50d0f8a16b02f0d5af9515d00e9d0dd08bb544c4bb19ad320ca802e9b83e

SHA512
c0db4bcafd94ad80381be36041e3649b2ec5dc8416cb87ff2ca72f17e3213f29510082fa25905e5836b2d52d42b62a404e135f54e2392f9a99a8a5e769954bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bd4f64208a1a6820b0b8ab2d4ec2023e

SHA1
bdc673785d012f7545264bcdda1dd3e5127d48a2

SHA256
b5b86a05934fcdbf56634d6165d1a06d9825bff70f6c4e33a96b7642e2cc93c9

SHA512
121caa364a9460c16c2b3186146cec365dd4914b944b72d2e9461e852ca61dba5b6022b05741858642f4510fc3661b47a5f2669b4d118aff0d7f0d3d7de0a7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
ee64714876bcdc2f3259b6012057c94f

SHA1
6cd87570067b3158135c3918571e2868500bc359

SHA256
27c521e3cb1319cbcc0f79b0fc39f38ccedb9c76f574d705a847441b64a684c7

SHA512
2b0c4e6e0c22b9e8b22bd799ab4db7b337a39637c4c30c37e017f0125f13a392be09dbfa65a6d9374d843e22c34ec7bbb93cd61b26616cba643ddc185c410390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
350976bd66f640c5c5593ae868e2a6b0

SHA1
f015c01833615b207aa24a903e7dc4e18a9dc365

SHA256
c7eaa5c175a8f42ebe384db5cebb567af53b444f3b185b6a1b20006da8305ff2

SHA512
75eaa0537ccc62349ec15b42f2ab6a7c444000f4243f216180b2e3a6e6a1ee66a0fc6077dcd7e5ca71c8a6704cfb1c6af2ffa5dba3733e91b1032dcbf6dff947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
1c3f5af68f1bf4fc27062d64dd8eba36

SHA1
2c5b6aa84ae7ca361ac45e9c5635e9ab87a82e2f

SHA256
7a719fa40d9c8619d9790a918dd95af0bcc3228c7b7c1a470ffc62095214d890

SHA512
7c95899bd776bcda72425516a6fcdf3c550125029ddbfcae414349ace37c9d89ce8ba1e22775b2251bade66c7803963d9e229e0b534059b80d59733f1a25a2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
68b50eaaf32c8f069e2c9ba7a20e5c64

SHA1
a9aa9c99bb2ac9ea30d0c874b4feeb4557d08c54

SHA256
67f5b6c7e889217f50cbd090d1284547717f1a495d78456ae7893ef2eec467d9

SHA512
d5df9945ae4156388a9d5c4c9dcdbe0f9fdc0e25b824b48c9b0300365e6f0384859c00d22e228352e3fc9f6aaad37dd7d3d4bf05b45bbb6b39a6971c3af45f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
bdbd40c39af93cd65976aef7ad571486

SHA1
97ffff33098a441443e3efc0956d4ee0d081394f

SHA256
1567ed0ad12846f68b24f9104fb8d589489487ede7dfabe6f304b40b2481fd4b

SHA512
383c97d7ef0157ce80f347d4f9e8fdc9d3da50beea331b1b28377390880a1bb12122f15fdc730826ead8cd2a39405ea92581d1dc535ae90e497a8b2e2659367c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
7fe15663ae3dec421d79c0be81086995

SHA1
389064b44c309dd6b9dc18ace0b121008d6b445a

SHA256
cca9e35624d6d992fad85c14c343f7c919c194a9d4e11ddfb82efe459fd873b5

SHA512
995ca68fe4aa8a441defa0de449f61917891f1d5dc936674b3fd7b1862271a451e1a600d9ccadca2565b42265cd4b54b8911ce83384cc144c005015715b043c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
05885023a939a5ac328291af6686f359

SHA1
dfecd0edfd0d59e681ec6bd6afc746884b7a1ab2

SHA256
f3bbc1c6a826534edcf8206e4085f2ea5d6ce4a43ad36b316703d8a6e93937e7

SHA512
7d5946be0a627910ca9b1a048eeeb3d04ba52747f2a26f68a989df7173c701fe7ff056b0363e47271a25c04447950567e392181ca2724883c9f16213ff82ebcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
71216a7f3da8df6b5ff458753c2ae2a2

SHA1
3ca0bb1f67c57153b75c3ba2e33384776a037a87

SHA256
e9688ea765c91a95db30c0d3620756d9a5fe3f16f93398f6470f95a7498b65d1

SHA512
f4fd581a19e374ee3289ac4f5127359d5ef19eebc1638971574e11c77387fd1d2be96f4b849aa478fa2b992a06f9067bab5198315496b27a1e8a0a975ddba690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
82c9d2973f115dec9a69318c5ddf52ef

SHA1
5d44e096d4e9a8253a3e309a64acd7c53b75dc07

SHA256
de51a4abf59eff6d5512d312732604cca3f874527265ac9add454812554778c7

SHA512
c2d62acb415c87f1cd50e094ba066940d08db5e99e59eac0ae8082488c86a0d8d9171888cd9318bf8cb0a2ab8289a8739b44d4456cb17042ce9c618d83aed686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
0c13bdcee372cf7a118560f7aeb5e7fa

SHA1
8998bae3db2c2737d633a80e8bf3143b96833b40

SHA256
0f10ff631a635798855a91c68f90c57a54274bf40c4ec7cbab698be9f662dd6c

SHA512
5fe4d2711e023eb1b3552b7424e8ca1547e319615f7f3281ca96d46871217be444ededed77f3af720392f0abc061c34ee7d5fd42cee3097c6470e018d7872d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
fc07a48622939f66331b02aa6e876781

SHA1
0d029974ccb8cb14a3d7f80ac50d2dd2dbd78d72

SHA256
0477585612da43d4e61ee5557eca1290e2cbb5fabeb54388ffe6d5108cd7667a

SHA512
7949fb32bb548b6819c4b4dd57264c0e0696959e71273dc6abe52e856203c5d2a590179fd97591f705b6c4bdbdf0bc5a0e23b5fd892b8583f075fbd3610e320a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
75e8cb43f15a96d89692c508dbc8f430

SHA1
4012d46474f91b3598c836cd2e8a2645a30d2dc1

SHA256
45268156a1c6b8f5e5400ee2404efde6164ce61fc7de549fda561216b14d3c47

SHA512
e4caf9053e81272505062837e593b9c51110db733afcf9e0f3617578ec27b4ca38378cf19bbc082b7e3d8c99be2d9ee9e04707cf3e4fcb0c7708808f2c63d16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a8c73712-2dc0-44ef-b3c4-2a5c8782c8fe.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
bf3821d6158ee8204ebf74ff2361153d

SHA1
9bf740fd5cfb1ff5ff9bbc07e80dca5a4959bdf3

SHA256
349231464886fff84301bab32cee001e13dc5ff83e9676321aff9cbb2f231145

SHA512
c01da308f8f88cc2124bb6a235f837fb21acc6df99b300523dc45920bb53e2f3f86a7b2a8ad6cec62bdcd721efaa1834e70621a3f835b5a127a2fe7a565d56c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
038f558f7a3befbd9f34d82408c99ed8

SHA1
062768df98383fa1677bc04bddb70052babe9c6f

SHA256
0873122492627168830c9cc2b7b35a929c1fc6aa3748f2ad382cbbe0a6be70eb

SHA512
c54e4eae370ef48347805cccafc60243d592b06ac65f44a1cff0b7782a1e4e4ad0af42b86365152812169e5dbc963970b638ffbb5ca1bfd4523a26380b7d60f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
97ba8d3f47e12a43cec79c44cc40dc16

SHA1
78991d4835e2b1fb3c8cde560b365b2f3107611a

SHA256
6d635e280d718ad42b604293865e02586d04473280ef2699e88eeb31486a4667

SHA512
004ff6941bc8bf802a8d4704fde78ca91cd72db14264469814b4819b553e05d5bceea5fff8555b69e019b30a408324e1e8bf6d46514b0287009b821c201577b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b7fa3467943312848b85bcb7d731a41c

SHA1
d860c4a7859cc8c68fdb944ae535eaa542bf3f2b

SHA256
a3102ee02c3d08739c7694b9320a9368fbc3ae561c30a902b663163c960c4d7a

SHA512
f34914510c7512095edd1773f64a6c5ca96aa9c228dec374f854d2c232c76c25d0e2b2171956bf014762064d9011d013ae506c25432c832b5f02b6e5c66c1438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
c46a803ed5f9c3e2b38d3d5f29dfea24

SHA1
140d1ca1c3574a166b3412682b481bace0542608

SHA256
f23edfb5a54c915d2010c8d0a8af979df412a75805ce39c507564504b728cb5d

SHA512
fdf4fa7b75ded04509d1d09f7e5b3905486d96ec0f467ef50a5632be68aec426d2f58c6eeb856e79d0384e05b6f6b304bb0b4a6a6c1cb8b60590c1f250bc0a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
a9f935069b8f5f8174f43236f82dee56

SHA1
974e31e1141e3a3133435e31e59cb9e3ce7004af

SHA256
a48e74abd5db6a5afa0a866ed5aff3b7e8bc27cd9bf116ea30fdb40bbe362ef7

SHA512
348586002780404585af07f3cc4e96a4c66bfc608c439248be23c32b24d368329c25d1bbd6384dd04735e08cb498fec6f21847e44a6a5ed8a6656c70b927d08d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
ef46145899b8c5e1472393e21d979240

SHA1
42682361ff4b113c3d7e5fee359ed178d69daf3b

SHA256
fe5ea5bf7d3b58fa915b815c8faa2d36e8df8dfa8677cae91d05ca112b570d11

SHA512
ff8ef9ec5bc1b80ad608f0ee3e00feb0169d6ffa395e2c648df4024e5581daff9744e7116a9e96c012b697b3d674c500c5f9a23a40493aa91e56d0ca3ad0f5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
ef6eb985b570dfcdabda91de1f650eda

SHA1
ff2f4664c052756b892ad6f51ad3d71596279542

SHA256
fdaf159fe627e4ffffb64dfa8cc6be7f3ebf6a1ae13e7ee3ffc39ae2db509b4f

SHA512
f3397be2c8616209f9d3a8896fa32a6262f71996f3dad56d02d3b70ed35c2d74b3b0a294f6ebd054020986bbd1062654a640e720e124d662f8205acb889d4cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
f638fbdb13f3dce2bb16e84230c001bf

SHA1
7c9e1c3cc8da8ac01c894202db52fbafb1af27e2

SHA256
ff29970d474996d4eeaf369c0026a3a07ac56b90fad4820a03cd7fe430fe3a24

SHA512
b9802516c59f6e3110077e151b3259efd25992fa6557f879e68d61055697dd8abf7b92c7d7fa05badff609170d238d1d279925cf2cc0044b2227a61d3e019f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
67ce4776f30d18d243d7a9491c73b29d

SHA1
4efe0e4af2dec25ee7d0fe2e83949dd8639bda40

SHA256
fc8be24fbd27de50d64fd994382e89acef8fb6eaefa25bcf1fac1d7842e78f2a

SHA512
49e2e25d96b17cc7a43d6164e4b6c225ea0542a98eb16b4816b1b51ce4cddcc7a6115beb0338f6998d1ce1e948417f141dda571905a66c610edc4f33c9a91e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
d0581485a58c03b82490c5508bd08ae5

SHA1
903b6d9246679c0b241dce5354e41cbfcc77a70e

SHA256
5874da5b4ee3802fe9dadfc59488e51bdc642a475fa0f91bb1c0c0fe55b9f0f7

SHA512
03c4a5be2558afc96e5d3899f38f86ef900973f8364dd9c92b0e0fdac0905c2115a88d85767ce84252128610c47fecd529b18f88e2a4105a51c1f5ce1f6f1317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
dff547495e1931e687fab476967b5251

SHA1
7f72c8818f50bcf200adae2c14472ff274f949b6

SHA256
a435ba34c6c0cb90029ad858581bfb527913285527a3a3ec74e66971d503cca6

SHA512
d6b725dc7f695d6c377a434e22048656e61aaeb57f119c794aa05365ce22a35ffe8fc3e3a7eac3466fc882cc5d3fd110dce51662eae4866f18acf9ffe407a4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Filesize
20KB

MD5
3493a461b761cfc72ae7dcf24d00b945

SHA1
4627c3cfdb49c0423ad6727ed7c7157e00cf202d

SHA256
accce568812f810f78fdf81a2a7d35b31193fc9228061a80bba46d221ba47e10

SHA512
e4a3bd25e7d1834739ca9fb9694d2dc79481bf7e1ac5edf621eadbb002644db0345b99df44a83240a18243e1712f8685d82a5220aedd63a8b99afc92d33d4db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c9373f1500993187c979e8c495753a09

SHA1
68c15af8cafb9046667aa80d38222f453f02430e

SHA256
58583e12db28f299a12f10044babe92f2d0ef4e71fcb6785bc95d9513a8efadb

SHA512
6b1ab579af55dad4c277678731370f720022dcad2f301a9fb8fd9249b6e3a7f101c9a4685ba555afe061568a62d6c5c8c34c77bc1a749b98205ccd2e23b545a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9500964c53bcc2fcbdde66b79a42ea4d

SHA1
c179c42f1bed3f4d97838d72c93a55d2844e4968

SHA256
a155097c97c2dcf940dcd898d57f623d23bafe64e95f86c11ef525ff240f85d2

SHA512
6cf0e5c2c2df8d5a6df86f4ea98e645953f6ff1f32ed1889ab2db2c5b978ec61e7290695e76f314403a2b26df4df1f67f2f399b9e4835f34bc6999c0fa0f2f0f

Download Submit