quasar | 7b718d668fa3aed991ee8b9fc8f76fed543e5045f411369df659ee4cf09a0413

Analysis

max time kernel
664s
max time network
679s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
01/04/2025, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Clientv2.exe
Size

3.2MB
MD5

f312e5b89c544d808859a09fbf8e6e9a
SHA1

917b95dc9c0f5ca7f089ad645c99395419914f37
SHA256

7b718d668fa3aed991ee8b9fc8f76fed543e5045f411369df659ee4cf09a0413
SHA512

2f894bb5f89e403fd22c2b2437043b8e79092f4d019a10fe13db3b89689374c6379af7372723bd343095b1b036b773d8ee3e1b95b955a452c46e0dac74c51b5b
SSDEEP

49152:wvdt62XlaSFNWPjljiFa2RoUYIzlRJ6MbR3LoGdkTHHB72eh2NT:wvf62XlaSFNWPjljiFXRoUYIzlRJ6W

Score

10^/10

quasar quasarv2 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Quasarv2

178.83.80.11:4782

Mutex

01be4b22-353e-48a7-a4fc-41ed4d3b5081

Attributes

encryption_key
B729697B6EECAC23F05DCF0A1F0857B793DF22A5
install_name
WinStart.exe
log_directory
TempLogs
reconnect_delay
3000
startup_key
WinStart
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/memory/6088-1-0x00000000003B0000-0x00000000006E4000-memory.dmp	family_quasar
behavioral2/files/0x001900000002b244-6.dat	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
2740	WinStart.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1217726372\_platform_specific\win_x64\widevinecdm.dll	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\sl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\128.png	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\wallet\wallet-notification-config.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\Mini-Wallet\miniwallet.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\am\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\iw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-ec\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-ec\ko\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-ec\pl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-notification\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\wallet\super_coupon.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\sr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_210946619\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_509068432\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_96747135\shopping_iframe_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-mobile-hub\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-notification\pt-BR\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-shared-components\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-tokenized-card\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\ta\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\en_US\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-hub\cs\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-hub\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-shared-components\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1217726372\_platform_specific\win_x64\widevinecdm.dll.sig	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\ka\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\kk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-hub\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-hub\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-mobile-hub\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\Tokenized-Card\tokenized-card.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\hu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-ec\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-hub\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-shared-components\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\Wallet-BuyNow\wallet-buynow.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\ru\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_96747135\edge_confirmation_page_validator.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-notification\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-notification\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\ml\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\mn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\vi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-hub\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-notification-shared\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_826921408\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_96747135\product_page.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_96747135\shoppingfre.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-ec\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-hub\es\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\wallet\wallet-tokenization-config.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\wallet.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5096_1999367944\_locales\en\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\app-setup.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-shared-components\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\wallet-icon.svg	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\wallet_donation_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-ec\es\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-hub\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-shared-components\ko\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-tokenized-card\ar\strings.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3132	PING.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879998365437641"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{A0E580F1-7C7A-4C44-9FAB-51D2BB17EDF9}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{07B9790E-0588-4068-A85E-86B832F703C2}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3132	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2308	schtasks.exe
4812	schtasks.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
672	powershell.exe
672	powershell.exe
672	powershell.exe
3580	msedge.exe
3580	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2740	WinStart.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	6088	Clientv2.exe
Token: SeDebugPrivilege	2740	WinStart.exe
Token: SeDebugPrivilege	672	powershell.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
868	WindowsTerminal.exe
5096	msedge.exe
5096	msedge.exe
3580	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2740	WinStart.exe
868	WindowsTerminal.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6088 wrote to memory of 2308	6088	Clientv2.exe	83
PID 6088 wrote to memory of 2308	6088	Clientv2.exe	83
PID 6088 wrote to memory of 2740	6088	Clientv2.exe	85
PID 6088 wrote to memory of 2740	6088	Clientv2.exe	85
PID 2740 wrote to memory of 4812	2740	WinStart.exe	86
PID 2740 wrote to memory of 4812	2740	WinStart.exe	86
PID 1096 wrote to memory of 1212	1096	msedge.exe	96
PID 1096 wrote to memory of 1212	1096	msedge.exe	96
PID 1096 wrote to memory of 1416	1096	msedge.exe	97
PID 1096 wrote to memory of 1416	1096	msedge.exe	97
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 2352	1096	msedge.exe	98
PID 1096 wrote to memory of 4616	1096	msedge.exe	100
PID 1096 wrote to memory of 4616	1096	msedge.exe	100
PID 1096 wrote to memory of 4616	1096	msedge.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Clientv2.exe
"C:\Users\Admin\AppData\Local\Temp\Clientv2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:6088
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WinStart" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WinStart.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2308
- C:\Users\Admin\AppData\Roaming\SubDir\WinStart.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\WinStart.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "WinStart" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WinStart.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cornhub.website/
    3⤵
    PID:2412
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /delete /tn "WinStart" /f
    3⤵
    PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UkbS68eiu29V.bat" "
    3⤵
    PID:3108
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:4520
  - - C:\Windows\system32\PING.EXE
      ping -n 10 localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:3132

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f8,0x7ffacab7f208,0x7ffacab7f214,0x7ffacab7f220
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,2911445723385348597,12082893626237767607,262144 --variations-seed-version --mojo-platform-channel-handle=2124 /prefetch:11
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2096,i,2911445723385348597,12082893626237767607,262144 --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1956,i,2911445723385348597,12082893626237767607,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:13
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3428,i,2911445723385348597,12082893626237767607,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,2911445723385348597,12082893626237767607,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4864,i,2911445723385348597,12082893626237767607,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:14
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x244,0x248,0x24c,0x240,0x29c,0x7ffacab7f208,0x7ffacab7f214,0x7ffacab7f220
    3⤵
    PID:4268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1704,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:11
    3⤵
    PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
    3⤵
    PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2480,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:13
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4372,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:14
    3⤵
    PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4372,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:14
    3⤵
    PID:5860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4628,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:14
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4636,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:14
    3⤵
    PID:6032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4348,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:14
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4892,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:1
    3⤵
    PID:4996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5108,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:14
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4436,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:14
    3⤵
    PID:5364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5528,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:2852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:14
    3⤵
    PID:5392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6480,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:14
    3⤵
    PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6488,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:14
    3⤵
    PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5976,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:1
    3⤵
    PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:14
    3⤵
    PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,2163787715272669215,9805799863452521744,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:14
    3⤵
    PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2f4,0x7ffacab7f208,0x7ffacab7f214,0x7ffacab7f220
      4⤵
      PID:1944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:11
      4⤵
      PID:1820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2140,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2516,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:13
      4⤵
      PID:864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4380,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:14
      4⤵
      PID:2436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4380,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:14
      4⤵
      PID:2416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:14
      4⤵
      PID:3144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4660,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:1
      4⤵
      PID:4360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5096,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:14
      4⤵
      PID:2656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:14
      4⤵
      PID:4868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5480,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:1
      4⤵
      PID:5520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:14
      4⤵
      PID:4940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:14
      4⤵
      PID:5372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:14
      4⤵
      PID:668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5348,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:14
      4⤵
      PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:14
      4⤵
      PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:14
      4⤵
      PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5996,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:1
      4⤵
      PID:2552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5808,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:14
      4⤵
      PID:1524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6372,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:1
      4⤵
      PID:2212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6340,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1
      4⤵
      PID:5928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6740,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6840 /prefetch:14
      4⤵
      PID:3916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6152,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:10
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:14
      4⤵
      PID:1448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6608,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:14
      4⤵
      PID:4112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=776,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:14
      4⤵
      PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4452,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6592 /prefetch:14
      4⤵
      PID:2744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4004,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:14
      4⤵
      PID:572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3996,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:14
      4⤵
      PID:4896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5232,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:14
      4⤵
      PID:2208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6968 /prefetch:14
      4⤵
      PID:3576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6440,i,8605999714380200413,13828577143497610335,262144 --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:14
      4⤵
      PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4408

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\wt.exe
"C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.WindowsTerminal_8wekyb3d8bbwe\wt.exe" -d "C:\Users\Admin\Desktop\."
1⤵
PID:1668
- C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
  wt.exe -d "C:\Users\Admin\Desktop\."
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:868
- - C:\Windows\system32\wsl.exe
    C:\Windows\system32\wsl.exe --list
    3⤵
    PID:2100
- - C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
    "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa30 --server 0xa2c
    3⤵
    PID:4888
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nas.tntaddict.net/webload/Clientv2.exe
      4⤵
      PID:5796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:6116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json

Filesize
509KB

MD5
c1a0d30e5eebef19db1b7e68fc79d2be

SHA1
de4ccb9e7ea5850363d0e7124c01da766425039c

SHA256
f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

SHA512
f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
58ec18a0a48bd476853abfadcc2b4bbb

SHA1
24adc5ac263eded7037a155a789fde5ee4c926c4

SHA256
90e23ba408184fdebecf6cea7d3c4ec415e40076e64a13bd632c65992456c0d2

SHA512
a0b6b8ff8a024ad02d91ccb634377d89447ac074261e36d091efb1797e77efd12112b73d3e3460e5642277cad0a8f1fd1501575089ca7f1107e05b212aedef1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
55b3224202d48741e68af77a8a53b298

SHA1
d7a214b1fd6709ee327e065f55897d29450a9e1e

SHA256
9425c2158e8291bb00bc4c0af52015e4427b6ab90f680e931d4b44acecd4226d

SHA512
866c447af123987293df7da9bc72c6187a0d1c49f8c2871edd59e87ad1411bde8142c916e2847c492d619041c355fc1cffe2b720aabc56be1c9931b1369fdfe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
69a3b41e86053cf6734ed78ae8563f8f

SHA1
6558dfd71ca778b2939d1aa00d5996a776747cbc

SHA256
1a7be83ff64e244449c41aeb5de7e481940bf787510139241042d0ed69eb2261

SHA512
922914129f21c6531295ac9f2b18a7047a92fee0662c13e1166f106cfea40bad8df9334350923a64b6407cbda88b252af106d3791cc025e1a1bef6d4e6ea44d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
19a88bad99bffbae6102e191cfedd75b

SHA1
df476b325df883b73eda1b2349bab45aa22e808d

SHA256
0d576dfbde1712b7288e4561e3eea75ffdad84dc50a77ceb57a6e9c37d60465a

SHA512
9ec5eb487d8c8fc8e283a94bd43afd740edc4df6a4509d83629416d040586bd42330eb0da6dd41ec1e5550bce9a6643319ff8584f8638a9cde9042fa406825fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
a75dbcc814a9d3e49dba09799023d288

SHA1
6648f29b54fea0275a27ed722ea9a596cbd83c8e

SHA256
3ed81b1bdcea84fd47f8ccc403a7321f68933017fcb645435b59850956197e42

SHA512
74c6165eab65a891b33dbd2b60d193622a9bfe5059a3c0996f0cd98e32b947f58ff2b42e74276a675dcfda275a4c25b8445b6f5466a45f8bf84ab91d277a8c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
78d598ae2d62ceeea4bf2f96b1012381

SHA1
921e3711935f0dc43669f95c984a7805681d4202

SHA256
079dc4b6c417f3071ad4d8ad7804fce9654596ab2bd44e8f2a810e4ef07e28a4

SHA512
f93c692bfd7e966895d75b5e95440608f8ab2c2184b3f06d1a688fa54d2b00ce4778ce1fce3c01e0bd30e20d6cb940858a157c78809f32d4a6db639e03f9ca96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
00c3f73fa4f1956c98358f7eb789905f

SHA1
c371191de67e6312efe33a0250b57298ec770a69

SHA256
8b5b507494e922421463d013f70e89f1d1423b4778b993a95ce85b4eabd476bf

SHA512
9abf18152a91dfef531876d7ebeae90cd0a828cba01d0077bf6714d51b290c45d961609acb35f6b6250b2564e5a1d2377058b33868b573d04cf108d8245f1e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
932e081810986b893ff344b2e6bd573b

SHA1
634f6a9a86ff0aec7b5e7ce1ac256225680cbe15

SHA256
cdedd9a918e882e9a00bf2730a26555a4e928b3375e2aae0c153ee603351df99

SHA512
12947814f27062f1f275f7741ce29402594894c7899f66758875eb5e482aea58f22d96452fc225d81ee000def176c5ad0103b19c75503981a6475296a1bcaf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
b4d5a63d319e2abc630894391cf686a6

SHA1
8cef1039c0c67063b2bc98e0c097900a4bc9176b

SHA256
5c8a6a84ea043c98910796bb50fef22f906706e7e6c2f57ebfd950ea90a1ad7f

SHA512
d5bce2a4086f5ae477b2293d0643a0b134855256038e046c215946ff81cb4d5e6acdf8f95eca87bfc8620b774588516e4477bdcbec59e78a98e0774b879494da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
76fa77161fda70827b55dd1137b37f81

SHA1
3c9066b9c1b3405fbd905aced941a2206fbbea8a

SHA256
b98cd12855942972d027b863b9b24cd06df3d4aad347d3e5bba0a4c1a3248f9e

SHA512
e9b62a51925d96355c4a5c76703e2e1ff97ff9f05494436b593c2b15304f705a741af2fed60046fec5eab4b26f79a381428a34b20db22c97289f9af05ed59fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
7e119b39c404390310e1a1d0626e6edb

SHA1
57a9605aa2aae765759c5474b595392d4113fccb

SHA256
7938c72f2b0ccc6474e70940c235e60246999b4fee845dc0cff21f7c1e2ad337

SHA512
e7235c94683667652e2e1db03f5a225518ebc2c753e9510660030f1c6b86cb953b9f946e4171af28e29319323a7818a12e0b807c39a891f6b9dbb200f2338ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
2cd7d869a9113aedb4264cb70fc53078

SHA1
ff83de7a2896470de2bb8f97989cfc964d5d2431

SHA256
5a132a31df63b3f8adc02f7dc44c646e75395d64aea5da85eb596a70601958b2

SHA512
0850ce941a4711170d907f59985a08bd4dd017974705e38f7e918dc8c683b452d3bda1d36ab07f4bfbf47cb224c3a68783edac259320488ce54ee4194a4590db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
100KB

MD5
80b5b90c4f3c45f46d57b5e1bce1e629

SHA1
367e3928b8c501a0827fd1b56083824932e9dfce

SHA256
f8f5766093e3c09b37b085fe81a7d8307c69b34710794143efe460ae62bafb2b

SHA512
395fe714443f48f04896aaabb79d852a79e6ae948fbdf1678505be724c0efd172043b36feb8716d9882585a47d23746f2dfb1cfbb18149ab9e71310ba0b055e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
110KB

MD5
856a44c7e5f305d914f73151e46348f1

SHA1
ef7198fffde31f348f41c1fce450f7c83f2724d4

SHA256
f576eb2ecc60fe36e8222e836af2b7a7fc0e2f757159e970631eb2e496b0411d

SHA512
c429e91a2cc420bede1768600604b9e3695d0f29640da2880ba9c2cd528fad536b63e40e142c48275b21c3607ea3e5677eee2c2c4332c894ff70687069dafbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
58KB

MD5
b28f27a82d97f25e31613106be8efb2d

SHA1
9013e804be2b7111941dbee067fc7395db69d8db

SHA256
ecfb139b7cd11233b3298582a21061b6acea1cc77c566d251329856ae0080c0f

SHA512
d045c02788a5f1f4552c055694040bb854e39f7a6b16bada7172c1c7ca77428c6a7eead59f31cfef8d0a119d5e5de831fa1da2c3fe1657b4d599aeeb3edf4f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
355KB

MD5
b7af32f2358aa5d8a0ec3a1a841ac326

SHA1
3e28e126c7b138d935cdf4bcab3a0f0e1b0b3edc

SHA256
6fff462a7a169eecd2227483dda79626a5cdf83d2dc12a02bf6a19e79d570a8e

SHA512
50de9fc5adb05ec3eb9e6447fc435c9c20b31b75e02163130a714c46e6a143d121a6ece7ec96bdee901dd35637793614a9892b4e5c5f767f36aa59e0365226a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
19KB

MD5
3b25fbd9be0594e7d5dd630003ef4194

SHA1
73d1b16b7b95ec2907407f06c3f353497e29a362

SHA256
0ab699ef1483cd423e0880e48701eb0f38d8d250a4f7e63262a5a10e587f6df1

SHA512
137ca7a8f12319721e9ad5a729c14c14cd560abad62366fe47d2742ed30e9dcf5f3a3c1c5607deee579ba9407ce5b5c1c737bc74e07e64dee65e1fc2ab8b0615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
17KB

MD5
a673a4ff37878ab1cb36ed1079a6e033

SHA1
823159a712bccac71c5dbadc14f30b4f3592f424

SHA256
9edbc2b7d4862beb81dfce14ae3ae0cc1df4359c2b535a79c34f4cc5072afa17

SHA512
02f70f2c2441337733ab64539299f1739248bfb43aa4fe00dfcfa558d6b4ee8ebfec28a2146554380f759174d7b4f0d55056bac251a3e870d6fdd211c3c754bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
76KB

MD5
c99f966767a99c2971aaad4890f0d323

SHA1
d6dd4e0199e653bd6663c5203dc3889e9b6c0baa

SHA256
ad5f0de938a628df6b0de66005e92497bb39c09fb8491ea7fc4d5afd600262e2

SHA512
02475dacf307541c4e2801b2e849585d4210990fff97bf5afe9f44f5ee46ae8ba21152295cd8baeeecba3005250d81e7d280007f0b8f57f77247a3e2588b7c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
162KB

MD5
fbb80bbfccc49561129220576edd9490

SHA1
d01bfb70792f4840439c5484dea3f865cd03c927

SHA256
a611ed615edf7ffd619a911cdfa9a97f1978ffb033ca8ee96162a5601cc6ab3e

SHA512
2cd58343b37470c85cce8f9b186c07332245c4eb9355a2c745a002b66713dd0158b6a61e6a5bb2c35caef8555e9f8884ae79d01d41002846c81cdbb0392a3367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
72KB

MD5
d4884786bb37e8fe3714068c141bd5c9

SHA1
b01cbf996599d8bba57cf5c1f2572e0240370839

SHA256
e535e5050fc9a4d522f3d10e08459391ee3d743913005d70628b51682bd02d5a

SHA512
46a2c00f6a129b7f1a2d005220d0386a2dbbfd4bb7eaf3305f25a8ed7d95bbf16ef357ab94e7ea903c7e65cbe7480279641c3e1be87edfa03591867966f1aa6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
128KB

MD5
9b260b685006cbdbb15f9a96a17e63e9

SHA1
393d72cc9d928b7c1696a9b8cd31c3157a1a7988

SHA256
e26c72728c98ef25f40ecdec620c3003884c79a1476738443c544b209c804069

SHA512
73dd76887252e4bcae44a972045c722150953fb08c4d4944df95127c4ed51ea6246ae2b588debea6de59f1aece9109fc9831951cd493b191bfbb5691e9cbe209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
256KB

MD5
3f3297819cd2b781023bb50471132691

SHA1
206d8863f895adc7cd368b454c86715ba027a688

SHA256
bd2aadbf00196cc0ac2fb4c03e46c10ae55675b44caa9d3419d8f71662841173

SHA512
12749e9126de711f23204455aaf9992e02102cf5261e91c3e9f43016a80b83f72854188baed529c0b1ea0c8d78c031e30b2cd70a532e85fd93d1c509fe7965a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
128KB

MD5
1f7e88f5b8888cb31bff7fe3865ea33d

SHA1
1e867c7cd3d600e1509c8ddeb5d2404045c823e7

SHA256
57f9196e28aef265bf9a88f39b71275b40cab35ac0fe03b2fa0621f96411206e

SHA512
733e5bffa45b1f1d3521d8c4ed862ab0af177f0e42392bd7ef26f3a5cee57f3065a0eb66ece9493178431f1cdb09d2a6b31679fffa69f9c25655f3f341be1885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
128KB

MD5
ffeba4a661727be570ec5131eaedd969

SHA1
1ace28aca00d7de26f068008de32e8e2e74219eb

SHA256
8a110192e97d713c3ab3ef078d4c1f8d390c718323f8c60e2778c4980910aedd

SHA512
fd190ffee80112237ba754a37a4c66170c493a14323df71510d121fad6803e798a161a630418a4ee50311be7428c50df7679faa052201bb29db81464e6161e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
71KB

MD5
8f850aaafc8da0df7f8f0a0b682a934b

SHA1
ef55df2e866abed76fe19b05ceb51c1147a6961f

SHA256
d40ca516a00f4b6ae9937cf0eaa8e1f0c2033aaf783dae3c461d68b8b142bc4e

SHA512
15160500824282d1e829908670dc7405abeb4d571ffdcf94532f55294fce77552c832f27fc14b91141ffd2aa142c441fd8e48df8e43cdbfe9283a043da2460dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
117KB

MD5
664c455f3ffe135d9d8bbb5c30b5b914

SHA1
9ed6caaa567aeac866c1f72ea77c537bd5926212

SHA256
9b9c41d2dd08182ea6ec0f8e16bf5f1d9a7dc60ab5dd90747a84362d1d9807c9

SHA512
34967c554d163afdb69841b0f723edde21a189f4be543f8f9691b5a940b674d7b06a7fb8c9bb04a038e41fb86c42fefc8e006776fc1c285a1e668978d21a9bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
20KB

MD5
855fc3aacc95f0c87b577f2aa5dc7a34

SHA1
7ddb7ce0846770ea932f8cb500e57f4fc762fa36

SHA256
78aee06682b9cff53d0fc9261a63f7449e50fdf5dc8823992c93cb7eaaba9c3e

SHA512
019f21b7d475d46396b1332992c4abe248b5e84badcd12ffb36b49a594d477357ee6ddc025d4eb9da79e1118fc65c0b1dd53e5ed62d9ca49743dfb2e42a7c1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
57KB

MD5
decee89e4eac4b01370562d2f4a77f87

SHA1
9d2d34217943b963237fbe3fe9e17eb0135b6011

SHA256
0566eea2fef84b5460a814d41c79352a3db8acdf7df5b861ecce4801402aebef

SHA512
14924ed2855283a4f2c067fa8f2e924185cf306eb731148ff2a99a31a3924ab3048729e6fc52a2c8a7e8e6f6760c4be3a940f11ec0638cf6c507fa74f1fd492e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
59KB

MD5
a787e2b804a3cd85591794aab0aee000

SHA1
42deefa88f55443d97b99edda7f004280607845f

SHA256
6bb52ee35db85e560b13fb4a19ad4ea9526b6985818e326b56cb1eb5a7e5236e

SHA512
6aad3640d079fcb9887d53490a88e92ed3b623306b8a82126adb0526f32196cee1c0db3ba4a51c1b972c4189fe3131a5f8eaf20587e5e1602ba442d9f0a6d17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
67KB

MD5
42304c8cb0c1405dbb8722ff0851092e

SHA1
d29d977dbe442bee281abfef45d2fe727f4e2971

SHA256
852a971f5f8d70afb548e7010a25dca7c0e97d350bee2e8009e8063eeb80bb0c

SHA512
4c0caa6d7deefffa50ab323826df30a1de5f1393810c8adefae8e93667049ebe335193650f3f40b3af5c3e5a00dd01623c0d0d7d7c88830a6732f84644225b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
71KB

MD5
e26f920212a9a036aa990fbeca426d89

SHA1
dd7c42ff2358fc3298a344897aed944631eba348

SHA256
bfaaed077f5060fe64fdf39b3b33d431f605e29b807aeca4922cde26da484c8f

SHA512
d2b5dd0a762713e0235640b6893fa7ac18689082aa0e08ef651732aa0227218722047d279630ef614fb1b7f0f786be1b208506fdd097b7290a638014a063d6fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
16KB

MD5
04e1f6c4827af415993124bead3b89d3

SHA1
fc9736c8a180d55b9f22fff832e11d1f22cd0e2f

SHA256
86e848bb80d1e1586f2059d8bef552080d871057bc318c2e204ca552bc18041b

SHA512
8469b83b6a271e3205bcfbd092271918dac86f6f2c1678c737eae06b1e2468188c070a5de98945462d813b9e6ed2fc54a3c4d9a024bb43316b9ba4c32733c968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
23KB

MD5
48d934a1d733241e473fd003f1be2d0b

SHA1
8b40952a503d60d24a16c9df1354d705f847cda3

SHA256
a0e386354352a4a4957d4f767751a004517e0d01d3918189ed7052ff462fea6a

SHA512
8ba5270b2def46671f02d733aed04e816a07cb593fc2192fe0ff7253b2ff804f4a58e69490c30482342264df0c3f4719c3403aa38002b6f7d179f4b5a49b149a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
19KB

MD5
5325b1cb16db2dc7333df213670667bb

SHA1
5294b3e4b3aebeab53b81d8b73157862f6767931

SHA256
cdd4af29834c8265f859e0fcf68d2994f87d66c353f389163e8a112ebd3426b6

SHA512
a800d75cedcccadf67b5bbeaf4e001c7385fef571997b81a07f943e3fac8f26c3ae226e50305d5c8c11b5530fb4970b6dde7626ad899cbbb49295dad0214eecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
134KB

MD5
2ea86888cffdc9fa78756dc2ee6877fb

SHA1
450b2014d256f4f488f8b35e918c676177aad157

SHA256
d7cab57401d560fded725fc6c3daf444cb1897c578f422936153a5fa6d1c0d61

SHA512
f8d72ce5d3cafbb6017acda7dbd70a0751688a772e0ba5deef76bd659f146b6274143e629b82c9d0f21c07787704cd32820efd0a88e8c883e03080a19f59d077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
20KB

MD5
9d5e7dfd5c74401ee1a9385a7d43d247

SHA1
e781856a557abb5182b4843643d9f8f683e9af98

SHA256
85a9f80e25c666d66d274b91574c8ae36771d9538c0e0a6635d7befebe881735

SHA512
32752d4efba3923531bbc2858a6cc7d299efb1dc149e3ca26873772fd22234ed7aca3b38fc92698f199945a05fd253e1d5a79f0f9281c2929f38987e640069e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
25KB

MD5
5c15ffc0a44853a2245c102d3e603408

SHA1
617f4df9a291c1f141b2c87675457af5194bf494

SHA256
e0dccecf3a798dc8fba781e76a46793d79e43803980f46765127ef7ac7b86391

SHA512
c9781836383e67c1383f8a2f974332d6aa0ad814ab0e95653063c97497860c973b8433ca41ea81faf3b44141e0c9d413c75ce9e693f65d889bc373444c9aae76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
35KB

MD5
ccb75f84c4ce99e97190d4fdf00b09c8

SHA1
83bb906b851c056504dab474c02d8e6536832040

SHA256
49378002d96efd2830344abb44a984fb1b1aa7acee41ca29f7f21867bbe85762

SHA512
0a7489d635b95ca4c2d8ff3eb03007a7d8ed02c356c57914c71931fe5ebf97559c7beac256890aa45a2a9daec642b7e79136c7f5fffbe594d65b9bcd8ba62ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
38KB

MD5
47149471815c63c02e4bee13ce039d11

SHA1
5710246f9ccb359a43b2dc00b280ac5b338311ac

SHA256
06bc72fbc9247cd6e320d10a8d96095241a2540a6be5f309144216cae390773b

SHA512
7671caa3353dee133175a90b011507dd67aae385dea870fa89db184b97b0dc1206fcc333c20a2b1c5479e62d4333cf2e31017678a2c06831b7985a9e1c8ae57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
26KB

MD5
863cec41352f5f456c0d9d4bd4a30811

SHA1
390283d901eb491fca9682a2784ffaaa45710ddf

SHA256
be72b170939bca46ec49c0be7e5ad02ce7049db4ab3b62909882a104f1f676e9

SHA512
3f57ea7fe7c780199153c824a5b8459f6c10391988a2976394895a06f613fbd1892a2e32acb4774456eed9a8f8def29c26e795c82c626b67c1800cf2f9a51d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
39KB

MD5
8367ae57108c4340848eb1c39a56c030

SHA1
b388f29413e6f52da633e48be2fc168e05fbfa2b

SHA256
c5545b3f5a02193fc9859e1f61286a2f7c11f6dc31bc4fbba62eeba612be6a52

SHA512
dc9b121d21b61c5113f4d26dd70733f838afc5acc2c7879a2eeb0cd8950850ce534f29028f766caeaf1bf9ba34d5b12599c7bb2c65beae7a678a9c297dfd79c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
36KB

MD5
396b01ac85cbb981aff2a122a49d151a

SHA1
d85b6722649c41ed2ac40611f636b6820f3e6101

SHA256
3b49dc3579d8ace767893c0d697718bfdee790e0e7b72fb3b349276522c3d7a6

SHA512
9fecfea644381fdcba54f877df1e79ad8a02c1f721ed66fa55f886b7867ed6ae9b718c6774b78a0a2ad6fec573f5357270e7c8c001aa53fa58b2926f8df6204d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
59KB

MD5
4d9c5e8bfd271febb1c39c035195b918

SHA1
2311a50287d0610ce4521461a0900dc9670ab561

SHA256
747e9da9de1fe569e353d2b59781cf7b0f2f844775f2e5e93b52d48bfab6019a

SHA512
fd529afe8d760f497e8fb625bbd3fa9efab4ee6af1a803199484879b625b1bee9c346fabb6e151d74db3c2f15f47721a96dfa57bb94d6cbba6bcc117d578bfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
51KB

MD5
8f250a8a9272b16334ec75f930487a25

SHA1
700511b72466b885534d99f7615523ccf04ea0a1

SHA256
a4d67fc1333423b3d17b1b170117c5b4452dcd5553f7160013d2c27c793f8bdf

SHA512
78206fdcecd0b54cfa88b1da8df0dad6a6615a91dbaa38addbf15f5cfa55965f5b1c7424950378ff94ed8fcb39055c3d98f093103d3e2ce4e60e8c2595670dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
17KB

MD5
3b507205bf52b1e00226b2355c2ba5cf

SHA1
25fe73fb581fdd27efbe6fbfcc20c71cadc39b77

SHA256
e2b017a1e78d0845da69935655297169a39ce5d71e1df1fef3e85e15a80ed761

SHA512
0a67b9c0110396b5dcad93fd0de9ee8c46884e4c273c1dcfefa3042003af3b0a85455685542612e51c7bcebe8da821dc40c72c0325bb2960a40bda53ecb6b7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
49KB

MD5
89ab2e69c9d026dd9108852d7fc05fba

SHA1
d9523d094de80d36972631ead87635d3dcf96c2c

SHA256
4208a5faa0bc973cf0542e24d04543e6cece3d01a00d38033d3604778ec2309f

SHA512
2624671065cf523dd6a059583a190d38e31ea189c983dd927108a8f1468d4fdfa88ae29e7685d0ec05293fbbe8162275bd9119df9652033951d0529e18a3a1c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008a

Filesize
62KB

MD5
fedff39ab0f0612a0401eeaf6f2bfb96

SHA1
a65068602664f5db244cb3938b3c59793b403ac7

SHA256
17de6843d1a768c7caa30c7355a3defa2ab8aa4908de4ef2c748f4267b587ffc

SHA512
3f2e5fe8f5ee9f912d2f23d7da8fa16599688bc20139860c5d0c2a342239d684d04b5c1ca650463a9f687b661965c70d34cacc8d52c4314ca0f60a7f0df1671d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
51KB

MD5
14ed181df6e1da5e0043f0e74d56beac

SHA1
1cfce75631f695c68b996d90bab28b8896ac0a65

SHA256
f6872bfd7ee2a8655f1974851c05e0f87ff7dfa707e00a00f2744b3dc2468cdd

SHA512
837ee3b662c282169c2fd233ed8b67ba577d0ea9d65fee850d0d0d11fc37317a533eba02fd046f461b3052c96d3270dc86363360b45d2ef53d85fa7a5c1c5ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
21KB

MD5
772494012f54e51782d91af53e7b6c40

SHA1
a68ac589234e85ede7d23a5fca9c6ed60ea829d5

SHA256
5705ab28eb1acbbe916ec9f543a0e50cdd788bbeb1d552a4a183a32ae4999ed5

SHA512
6f5f85193f147e245f8c5f417d80bc4e6fb123fabdd569a9f500e2b7925b4063e51af5eda86c07ac9af33a98b02151e3d833ff45c62fb2bff209801c5824b582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
18KB

MD5
19d62f0eeec03411559e6befbe637c54

SHA1
c7ffb9c1fef4d15ab5a1f4ce49d15161999fada9

SHA256
a455387abbdbf5d77670daadb379913424d404dfe75f6c40d776d3d4ec4b7913

SHA512
eddfd270e3a73dd81dcb75ce3f2e7ecbae2522942f84027ae0d6bf9623da7d58b37188f34196f6b05c92659a7034f8cb45759c7521ffd5a9a437de6b77958647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008e

Filesize
33KB

MD5
33f80a9cf7ff070b98dd280f3b0f910d

SHA1
8b6ec48d11fe9a86272f46c2608ce352650b3f40

SHA256
429b492221499bbc9673a34a816d5c05f174cad2db71e0cd8d2bc725915ad25a

SHA512
afc5bb6902451707270889d388cf8580215854d632e48f19229d091ac1215541c575455f6d169f8079610805ce4d37bdae4cabbfa8b4cbaba803000d151f6983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
22KB

MD5
fcad37d77ac1ef3bbe97b5a7c9d34242

SHA1
0a128082ff3c18073747350e12e80d36cd277ffe

SHA256
c0d0ca1a07613d49a1b5a63e9b326012fdee2d514ab41c2278c8a4c22ed2543e

SHA512
d4992f48f979c6da4dc78f92bc71ac493db293f51a4160ca9545e31db74f9b4fac3cf6216bda3ebd0e5a55bfba76d83e74f6dc998822b5f9aa577bcccdacd61e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000090

Filesize
45KB

MD5
9cef299454c3c941f7e609b7340528d0

SHA1
738e727f84efff3a4e34a90db647359b34f20d5b

SHA256
3dd6f4be53d9e0e38798e25d4e426c9638cffe43905096487bd70a7c7eb2f3b4

SHA512
e58857774dd4fcfbdd11b4fcbfae5716572348cca19e1b2c1b073920b7004ff7b39399dc990c54073f73523bfc6f4b048accd3135ac9037b41d989d4c9f4a1b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
24KB

MD5
4fc7717d473d0016939162351609a196

SHA1
ed70443d31deaa577777ea870f6999d2b058b83e

SHA256
70f48a0530af0bbd2baac1e2a3e424af88e82ef43f55b3d88a319bf222b42750

SHA512
6fa2eb02ef70e00777fb17ed2f7441a3b8ce6e8e8347bf06a576d5cfedb01bd4aa0470a2fe0952c7ee944a42e5904f5aab4e26ef0329c4417f6c9ee158b72c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000092

Filesize
22KB

MD5
cd0fb21ce9cbbc7a9677a8216107299a

SHA1
7251181ba08132d988759158d9a9c89a8c1ba1e8

SHA256
2522c288458d9ab5ce4245324c7dcfd1daff12aeb24f2cb5fa8f8960616b1a39

SHA512
99b4608a203a119e4fa9761b571fa45055d7f53a5feecaa6139c52e977eaf24abe0e3061bbac4b99fb0f53c1748c8352a651c9cdd9fa163071e5ed9e04f7ef4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9b7d7eeaf51c89a7f3c776275aa2dc46

SHA1
bcfe72b671c7c34d07ac9dbed17040346fc45c82

SHA256
e51e2c5faae07a60ae01a6d7c7ae582a001615b129ba18569575c6092e0029c7

SHA512
c216ee515af4006599d1bc66bbc5b0bda139592aebf790f66fecab172e33e5b4b72100a03ba7ad078b6ef26a8368f7bab639bcffd2559fb311c88a4ee7d32546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4d629ef6f2993dbc1494fc3a5e7f4bde

SHA1
aba93eb185a3ba77887cfefd6e881ee87efd97d2

SHA256
96ad0bd52c283edf18e4f118eb7467ad1b977844c9977981c6897931c5f83ef1

SHA512
be8396db9e3d5f843a9cfcbac0ef3a4fb5bd1566f7feaf9aa61a7e5261e969f9b75ab64f33c6b2afd51d55adc464acb0614031d0d5b1c05ef985385dcaeb03b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c3db587d86fccfacec48a39dcc457e3a

SHA1
8c1f28097c6f77a8a6170e8c5309b92a03f6c550

SHA256
c944414207ddbb8caaa622229ebb99e0a623fa8a315ca493d2ea8c68f423852d

SHA512
7c9af834e0909f41f34b788064c355663bad84bc7170ae1861552b28c62641dfc1e6c96a3182be1d70a53440d19afcb3696c78e78e69bed5b5625126a775df77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c9e3a0e85699f4ada4e7918b17754435

SHA1
51d078ab10400a3ce045ae1823574eed429922b7

SHA256
e85e0a850641750e6634395b9a032e02164bdd7ff3bce0b356e7d88ff236d604

SHA512
ee93beb52abe4026aad84c4e3e0215791c116e2c6efe9cd623fe636dda45690bd2b61d95aef15fc150f265f93e68b3e6a95e38cffc3e959966ce00c0dbd40ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a55f1.TMP

Filesize
3KB

MD5
3724302bc8a274b7452bedcf125c5034

SHA1
db9266e348fe4f4fa2766a80f43eeed0099c47fa

SHA256
4f8a9adfed3988a00755d081f418dc6772d48edfd6d5f035d0bea2e5c017c7d7

SHA512
f5464784f703611557646ba4b8a437d20ce115abe5a37575dc3b85cee881d3f1c9ac427571f1a59070723b2bd1c121d9bbaa2abf6075245010c7db2b2c6ddf28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log

Filesize
32KB

MD5
beecccac1176c178113aac2cde586357

SHA1
db929a70dfc267bb735955adb14de4672b832cf8

SHA256
02aa1ff1146c574e02847a78de454d38f9e774d805a3163e04f4ffd2280dce3e

SHA512
d6900e92529d2c2dcdbe8388204953fc7f8aaa17995bcf5ed4ee23693a96a9ce648d2d2e3dd7ccbea3368f8e6e8dc26456c2fa3caf29fa46010015bf2263f229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
12829f1d096e579e6abd91fd61a15b94

SHA1
a146c4db8fa7963a4b38c57cb6d96ef1313caaf9

SHA256
afee328610455a718a822f8b940672b12934d1c2be1fd5d1d67796f2aaa9e947

SHA512
1ce9b11d20d08d4d7a907bb2d75b6ce426df33710b918f4750e8c0dd3840a77d25877125286fc1d640c87f883ad37e8878d934e5afd474a434e257a3d00e40bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d385060f2c6e5cd01fb061d653c88cc5

SHA1
4758220440f7be16ae0a0466071a6a84aa8f11af

SHA256
a48154d3ad4e02f9e77042cd34346ded0f78c862fa0021020e1af3e47293666b

SHA512
0f0409aa30d8db1e4ba4e96a3bf874901862f00651d41823396edb7639433d816de7ba6ff50587553d33807ecc50026ff763e0f280b2deec7c21f1a8c49b46a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
087c1e705d20dcedc309e8aa04402f1e

SHA1
cb8ec18543c840c2bc2e526fdcec9ef2c66e8258

SHA256
d5de19522acc8b6dcad337ea3fda89b8393f5a2c3d79af457a88300e7ee2f8ed

SHA512
3cdac306f29041a5e59843436806174148e942716e2ac6ece8d8f97e00eb1646510d5fff409c2bbe20f0dfdef9e9ab17cf160010e874c806de54c8c01d65534c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
f9b4b369c7071f5f99d86d1309b5e38a

SHA1
dc656e649d9c1846f4a4e2bd094d0aa0a9ffaa50

SHA256
384e688619a3722023a21c83f39bede1f03c064e106ad8bbb6f9d2b8a58addc1

SHA512
990a336e66c9f845ac597a50187597b5a3155132e8aaa1737f42f444aefeb08fd508481ea6c0c27e4dde1f3b5edeaf164ee6818977345e6cc96c230fbff18f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
264fe29bfc99b72076c4b1a83f1a27d3

SHA1
ff96bd5c2a1b424aa8aaea0dd5e179a76b076097

SHA256
29fe13467882a3cea3c82ae1b08fdc0577742efc217a05626de918151b10243d

SHA512
47d56411108a6494992f442f16c5daad252b83e32a994a201df2a122dc7d822eef4dd32a762a17f46bcbb9e1ec391cdc9c3168d853d3e002bdd1838fa3434080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
5dc80c4318c822253b2adaa075e3d567

SHA1
4b64d6f2b2d42efc6f3a6bb2b428680b2549e767

SHA256
6a2eb0f886fd0a1543d47541cb0c99b1dc6b19c21ffeb35aee06bda00dcd5ade

SHA512
9748226c9e9a57bee0f08e2479ea5edf0ac0e87279e7a42726755d389e5a58007b5703ed8f9b6623c3e032a1f1cedab1818fd6128bfc6bb9e92381b1df5df908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
263baaba2edddd00eb67b179ce2a9d15

SHA1
ea8b2ffa3cbe9339f6cda83e97f83e012412d0e5

SHA256
a59dae6ced31041d234f9b71d5e0d23cff797d739ef1a2b79462cecec2196884

SHA512
f841415c6fe5d5a107c5d8932135a471550a421dceb3d2fc116b642864eebdc0ee9dbcc09df5ea85fe4117a00ab8488cc367605f89a21987f7bf1d91044eaa98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
5abcd8027ddac5a50341f091c481e27e

SHA1
b0c1bcba79f1276b211ab9b6baafeb36048e93b2

SHA256
5d1597110c9b288714a213aa6931d04bbce8ac91260f9c5b7d928388f947830e

SHA512
d9c34cae8fec89f9068a074748d8b9bd8340317cf4f181b55a0ceca8817d335f639be50b4419011607794c24716fae48ac70642866a90afdb6c05829647d584d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
0e7f3bc0a242004002d43eb0f50494dd

SHA1
efa3d317a02fc5c03159ac41dcfc72d6a34c5e6e

SHA256
8cbdf265677a37bf1cb1f85ebff0e28829397bbf8754fc0e8aa26ea4b9f53d7a

SHA512
3042fba9abefb0bd18d251639cc7fc561aef1e705a4074b9628d238bc99aced67bce4e540826bb5b1f049534d0a58fb944c63738a93d301584b1abc969b6fbb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
3e0dac0485e829f48f90231e416943b6

SHA1
07b05bd28a1ef8df521760350fc0e34d504577ea

SHA256
df70702fbe1b3fe109a22968eab8fe77b4dc1f1258d8fb929a694d9ab0a7f2ab

SHA512
65176d0c4ec17c00745fa318b076cd75af2fca9b926ac6bd70baf4b7681b890d3d16f0a5e07334f73f41393d8a327765e6bb1aa3b0524905b3346854ee7f11ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
6320ea8931c695ad8529e595bcc85377

SHA1
ba3e2a4d4efe9b66c0588565a97488e5475ac56c

SHA256
df175948ad34263510b85bcdb7cbdc9cae794214c56024732d697cc4b5a26540

SHA512
f7c5ebc34061004284a67030a38759a471958f06cfae374981992caffaa3728202ffcd993072eb06e1d9364db934f33736a63a7c9788e19ca5f9258073d33c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
9627dcb499fb314eeb940874d8b46800

SHA1
c907ac7ee5cbf44416d17742f69e90ff5e485203

SHA256
193b03ceec2c0d8a8f37310efa70fa0d8197f547249baa5902de96470587505c

SHA512
571f79214f4ecbc81499a2c772538e71b4c405511eb29c0e269e8a91b188300f997dbcd4bfe8ec744de6af1b1ec86834cc47578c7b0d54b6c81aa8007db7ab10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
6e0848f3ae32ac57d825af190c5346ce

SHA1
76813f0e4d4140bf6d3824e1a9d1cffdf86e6f75

SHA256
0000793f4e4af6cb43ebcef23a9f38cdc19844da555c02b05da316ce8fbb8a00

SHA512
74ab122570e3e90f2086084f8bc93ba01499f41caa9bbed7bd341a748a3af10c36943af9366aa15ee5c2d996cb60864cfc3275d882c7ca36177ae4e9665cdc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
afd0547c0b74b5fe24b20241f43e64ee

SHA1
c83d551fb1effccbe2cee637e0ef758e91ef9259

SHA256
97936e5141f31b6c03540290ced326eb66a8496d6453fb9125bebf7667d96413

SHA512
e7dcfb2ca50a51e75437490b43c3c7482da7508fa3bb362bdc7e1585683af463d1c1094a98ed4b5988c62d25fd7f238ca09d67106bb14a9da49debb2b69654a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\13bf7cd5-3f0a-4967-869d-004c84656018\index-dir\the-real-index

Filesize
72B

MD5
d22ceaac761238c119f39081ad45c94d

SHA1
c8421ead2706019a3780b93813785adda7297780

SHA256
8f677e71070b454dc8857f4f7f9a646d75f8a22494e83562d2c808a4776031c6

SHA512
22ce9f9135fa8eb08ab8a65fe4486e8f0ab9db4f83dd379923668ad89e3900702602fb90702d8bd2f0dc0b9c74f27ac650cc2b18480ec959d4cd09374695bccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\13bf7cd5-3f0a-4967-869d-004c84656018\index-dir\the-real-index

Filesize
72B

MD5
031028ff85df96c61a4e1cf4c2ca18a5

SHA1
0e6a240fad532a59787b6e3c192ad06b11cecd2f

SHA256
48edb805bed79e87f3aa11a9127064d6f452ffaca7514e83b5e988e0b5416114

SHA512
ab0757711a6514b2c037f8e7d3427d790067e230fe2e4b072625ecbe85bdd7adbf23cbf3b116db9a1e24da0c8fee63b0df256c2c0c7718e9806754ac47057f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\13bf7cd5-3f0a-4967-869d-004c84656018\index-dir\the-real-index

Filesize
72B

MD5
7d58d8baa7721682ef852fc3f071c2e8

SHA1
fc7b31e3c3bd58bda1b28150861f7538bbf3f41b

SHA256
a6baafad1a39fd533e36bac34433c177cae1f255166b22fd91c90df94a47ab62

SHA512
33511a364bd2d0cf35189373478a2020c369edbb3bc214b04f9569dcef7805ad8195ad323679fe344115ed31140c33c1d2f14e7d646de8e877317e9ce2eeed9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6de81848-5b24-4103-b044-7a04b1ce3981\index-dir\the-real-index

Filesize
2KB

MD5
8f4500fecb361d116ac0506a92750539

SHA1
67df334c703d66b059dd00dfe95338240e97057f

SHA256
d0e704a8f4eff44389d40d948d83228ccfceb354b51915a820d3b84efab4eda6

SHA512
26b3b33d89ede9c29aa16d6d6459e98e8151ce6613a991ddf872024356a196f641339e3a6b964d5c73d7f8ea993f6d3d51040e4b8d465dbc4f4f23fe101c4eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6de81848-5b24-4103-b044-7a04b1ce3981\index-dir\the-real-index

Filesize
2KB

MD5
5654615016f8093b988f0401d8707d51

SHA1
081bd3d79f91bbead5caf5be9545c249879e19e7

SHA256
7618f791096bad15588586ec5097daeaf713cf9f3d4a6cabb103ad42b79e8899

SHA512
819aba0e6fb5f26175d30e9ff0fbf0e4ac3bc56fdf16c02cf802cbc33737d307d405ea90510d5f382cf378d716f3621389cbab97b2a791013e89ddc3f550a471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6de81848-5b24-4103-b044-7a04b1ce3981\index-dir\the-real-index~RFe5a55f1.TMP

Filesize
2KB

MD5
e10ca9a5c4bd1943fbc584e60a78c657

SHA1
59a77d68a816ff18393588e0a3054d63ff917b48

SHA256
8e1e51e42813b8aa51f704ae603c361c9d10b09a854e61463d5488b04f61fb1c

SHA512
1fca680d4f05ea7d853fa320dc6da2793d2aa57771828492a8bbc31ad3714a80c61cab26ebab8986b1bf278811f885a500eb70b329928379884fe5555baa6e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc7ad1e6-2a51-4dc0-9579-f8bf6674ff51\index-dir\the-real-index

Filesize
72B

MD5
9d6721d5d8966262347fa4198e6fb0ef

SHA1
6b7a3647e4f9179b88601158b69f368e6435527a

SHA256
c351af021569b75c0c782a1b2bfa7c4ae77c844cd44269e709b73ac1afd1ee66

SHA512
88e81eabd596db65c1717d86b625fad5636e0d38f827ce10bb5bccfa659e23c2f4032cece80032304d5a81a080740b6858193abde545ca4e4019ac6a8046df3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cc7ad1e6-2a51-4dc0-9579-f8bf6674ff51\index-dir\the-real-index~RFe5a5601.TMP

Filesize
72B

MD5
c82b3bc9b477f1e891ec6e37bb74ca94

SHA1
98a21b033602ab1b7663862836025c435f01cc6a

SHA256
a77881f1287477a06338e3ce7c8d759faf59c4895a13eec37e417ad642f798dd

SHA512
ae6da710b0bf2985a57d8f99047de1d370a4685bcd9c1b7ec91459543d7d844dc8f7a4350653a88d052ee071e22a6f9f48840d4677f9876733c54c51b94bb994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e9483864-bf36-43f2-86b2-4d6babcc3016\index-dir\the-real-index

Filesize
96B

MD5
b827fe9827a14fe79297dde6b8508967

SHA1
e550c87b37553b502db774ddff3d7f9887dae27b

SHA256
684b5e249e00c2434ac9fde2ba69fe1ffa3b4480df2abb36cfaa097cdc3a2681

SHA512
2aa2793b16d99d98490dbd0775a32c18d703d82250cef896361d59a19fcc8d0b15891a2d0400b42a464f202aba1e462babc3d7dd8bf0530ca957f25767cc37d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e9483864-bf36-43f2-86b2-4d6babcc3016\index-dir\the-real-index

Filesize
96B

MD5
9eecac6ff99ccb40e3420d01b03e5ef2

SHA1
24d5fefb0be737525dd295d749dc6f0d6e981c2b

SHA256
ad76e6a8e53175b8c77b849a3ff5e7975999b8aee8e6a101e31c891d6610e534

SHA512
1851a9805a63f23b146de176f6d671dcfa8420c784a267f01564bd9bfa8fb3b007519a3b6287e7bb8d6f7cdfe5524e2f5945cd143a82829527685830cc277aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e9483864-bf36-43f2-86b2-4d6babcc3016\index-dir\the-real-index

Filesize
72B

MD5
3630745c748a78e1f67d388d1df50a97

SHA1
d45a23d77f2397103f5e9abf530847bdb6d82f17

SHA256
d79612cb4e308dff0153ff7586c622bf73d6d5d4565ae20ddb8acb2e3f5904b5

SHA512
099ccc1385b6180da3de3e9ae56d7901126a6e61ab7fb89b6c06f6bd48b3cb804ee7e15ae91d73220c8467a0def763b7ff72ca1e8f2d216f96dd5fbe07b2f292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e9483864-bf36-43f2-86b2-4d6babcc3016\index-dir\the-real-index~RFe5a5601.TMP

Filesize
48B

MD5
8774254b1bf2487bbc5e00873fcd4b97

SHA1
7715fc3e97eb619cea959b29c0d63036089fa7a0

SHA256
4ff24d89915ad61a70f7c5cb37ea6ad5690219506c4670d65fc769aac2bb5f11

SHA512
ba70dd1cbd52f52ff5bb3d9a42b76463067f089be18ba29b4045836441db7bc964df15b9e2069ade95faa527d7823ab2ee8b845e05317c635606fbb8766a4772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
9222eda07fe4713f556f79580934d90d

SHA1
193ce02aa60baa046fda9d0996c8bdc995ef0ba0

SHA256
3e63290f23c79741e4de26e50c13a9b366582252b26452355f0fa04e4644934f

SHA512
0f18f42d5ae752ea1fe40eb3caf2f2f3fcf21c56ba875fdd7394f67584c795c27f49c7e0c448e4020c51afdc762a9b7a437b94a4c7f95fdf5bce11da9d2ac86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
c910bbda6fcb12f3dac35a6d79f506ce

SHA1
753e4a769042c5f6a596dec18d93f523293e2e0f

SHA256
91e37dc2c898b1cf16636d46d566b3bb04bcd86d39cde31e5607250c22302a5f

SHA512
111bafc5c88064a6db4dc1659e55419fab7d57a5a8be44b0f8e4886c602a21c834735cfd92178235986c0bddb09c7f0b2628061b7939c695df23bc41539e4b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
c5d09f571ef69f7804368a1879bfa9cc

SHA1
1400f6a4987f95aa66054cb34ebce9a5bf652a0c

SHA256
c5c32aa4cc8e6b0161546d9e87f3b336f2b08ce9f6b26c5814ebc9bfe1deaec3

SHA512
afeaf2ec7c646180d32e77c80fd1d29dce93571d0936e11361df539f4517f5a5bdac1720f421d97c2ea12047bf6071d2fc12b670ad48b56b9b27275ebb6a3605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
46169b08165d8ff927fdd03a91ac4b52

SHA1
e45b8a6d19ca51e63bdb264593d07f363b08238d

SHA256
463a3b3fec578570435f5f862cc5b97f85f915f6d88add12ff03205d596d394d

SHA512
f6fdd0886f355d26adfdbb941edfcaf6d55e5d94785519fe4061364e847205cc695d5ce17a89d023214e96e477dc2d7d818116b84346d127eff58f0367824323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
01cea1750045613c174557bf05f36a77

SHA1
f2b689d9c4ac40a3d4f5ae8e5c43a3ffb910293e

SHA256
c1d61a0c4153252d4bc2b35a1b5554047f110cb2fe9878db83c6d5504518a92e

SHA512
697b8a4b764277ce265a5b64591b3e9035949d5940fba3195bc93911bf595b23738e24e6a24d5e563dea010ec178977f2a9eb6e54c0eac4a8c9c7fdb04d0fd0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
64a39738eaed853e7c6db17bcae35d62

SHA1
8c05bdb785cfd168436a2975d78d4e0d7431da2c

SHA256
09df865b016edd3fa5da4d9026f0fa326de395ea09179ee0f8714ea28edc619e

SHA512
b953d37dea660350b12b429fadf22e9376500aa3e877957860271dc6b4ca47582c94e74cebc266ae0f19d3b471abbe599b662d4433f41e71d19f84690b8d40cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a55e2.TMP

Filesize
72B

MD5
58c0bf63c1f9459b9eb9790293c04350

SHA1
38220f849880b9be9ae1357a6a4fad0b8ac59539

SHA256
d9df8ec1082cd7ed1ca8f55950cef39d1d296c3fee59e37e4b6401e289dafc5a

SHA512
4930e7afe4b00de5e2f199118b4e0390848ad37d53ea75bc9c5337ae0dec30d735c7dff9d7e9c52e630edd584176345147d1a62a81c16ebe652bea9be615d56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
b92eec100876885ec2b64d946abde531

SHA1
bdd49ca8a0e68819dc210eb70f655f194dc3bcba

SHA256
eff03273896fe50a05ecdd24f0052021a36ef36425fcbb11d4e9549d778b489c

SHA512
dd29c55319f25f020719f3866c6ea9e5688114d423f49beb7d239e4944f62d3cebf624005b3cf94b40f28ba133a2023829882f757f8cb0bb687c4e7a3902b49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
fa82bcb7b94334442ea1511172fdb899

SHA1
5b869f76567aaed253c728e963ab031b5ebc4c72

SHA256
a8302b9395dbbcd141f4e98c31b16efd64d088c5ceeddbf0feedf00cbf2fefa6

SHA512
b1b930aac0c6854a2cfb006d0e80dca62ca0863f61e748f4e279f9920f6fbf845870e8b529aec81e1740408a2edd7637568188f4b29d16d709fbd72caa70db7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
6689793d4f5bcd82b56c6b998cb5e671

SHA1
8af6e88a5e47e9533c2624f071ec1f3f4224c03a

SHA256
f26918bd8511efb610a88ff7ce3da07ea3a31cef902d374c8de4ad3e2b478ecb

SHA512
27e7caf6937d5c87d6ccf39c4633c17d08978385f62dd8b56c9ecb7d4f38203f4d35998b38dde1887471503bc09d395a1b08209bf555830757b035560086f3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
a00608c880c56c7eb31519dfacba7666

SHA1
f09f66beb0dec7fb890246b1577a53fb51f904ed

SHA256
d415c1a7ccc2420969abf8d2611be31bbcbb723ed27000392a8a11bb3d138efc

SHA512
1addfa64c6db9aa7a1cf0b2612a4254ad3697996939a36cff48c3fe69eb31af5bb2d6773142323794d743f8b453c4638970af08fd8bf0a7cc435e53b5e97f65b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
2f313fec57960329d5d4edb8fe2e82f5

SHA1
102f25dbf134713b7451ee39d473f5364aa91bed

SHA256
ab130df105bf55dad121eaacef72cd172903605e03b07914d579d452017bb0b7

SHA512
bf5cfa5dc0de1f2baccb12d6d9165d2af5b4b0f858e0d42efd138d7e81181b7a94a5ad921ed5408a2aa65d4e614e25c00f74bd3f99f4017e86bb7b15d7e32403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
f5c1a7aeb5d663daf5fefe6ce0ec8ebf

SHA1
c6d22b74497e47de7722127b787e8d5620594a24

SHA256
e1464ebe710bbdb3c9261b9b9fcc061eecee502fa7827721b3a94adca122f8c4

SHA512
0f4fd5b87781e9f668e1df29afb39d2cb6ee286eab9688152e3905f16d4c6b754ead56297ecb9068198f69c4816efe6b5019edb3e6668bdeedd3508d775eb14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
1ff4b8b987703c4d931075cb5f35ac73

SHA1
05082d2d7ad4899f1ce25ef3fe2a47170c9c0e0b

SHA256
dd431da39a2d465043a28008c0f49a3b80e664d6167cca20994eeb69ba83427d

SHA512
1d09eff26e14cc348b886cb2706a19f5922369af8e77601d70d64e60e45cf436a75e3ca9b6f1ebe6ac596fd119a3a73444b9ea8ab10c0daa8694233268cdd2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
51KB

MD5
235e8320c023e741da186ab6959c6965

SHA1
5031dae55243f6867d9ae6c75007f40445d09dd4

SHA256
2066ca0a447c37798c9ad7725190a960b432bc4c569c8370d849eb525271a5c4

SHA512
bbebf4feb6405c389ff92295efaefddb50a48d69f4ecc3e15b1e7534eaf8ede5e7bcdd3817e1247c70b29430becdacf964750b40854df754803c3d3934329688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
5faac3e850f996695d6995f56730dd1c

SHA1
73f393f294e491d1fbbea392f9e03e9d474d9bc3

SHA256
f324fe5b292d9c85d5f3e004a413e14935ff8a8701fc5d12603ec718bca606fa

SHA512
74561ea458644121f86e423951e78216c04bcc394c3a0e49d22f588e3784a7a787aae74274c4a6f847203efd35dd7f29a2f56d46f58379351bc9b123667148c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
33d021c0fd145837db8de71d1ec9e5cb

SHA1
811b234eae1936722902fd76144316fc8d254fc4

SHA256
cfc07a05856e4cbd7221b1f9019e1ac52dfe2b1a7d0ec56031e59e1385655888

SHA512
920bf9cff6a0b55b3c5e038cedf39faccf0af44b6b95690cfbbdb044644b3e8490376b6b9cd2b80cbad94096efd70e50717b7e882ecc1a45a56e60a416526a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
90a1cb0748a2873d33133b9e37f5d68f

SHA1
beb48c7475587acff591659cfdd1733f6ad89b64

SHA256
e90539d7acc403d0ce3c6adde5bf645d94017651d7971971463aadef6a7f5813

SHA512
9edd6e071c3c5bc18f4b14394d43eb5b705738d5becaf0ebf3f5e1867dff65b47d0040b189f1f11ff11295d861445bc4c6ce7fded7bc227d0346eb3fa5b131f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
df6701eb35475aa356b377eda58357f1

SHA1
83e38b002e3ec28db7f359bba90cf3a826d75cff

SHA256
658b2fffada0a28bce20ec5c434b4d6ba1a6644bce1465b8bfd6b5a50be0c92b

SHA512
519b87f078230a53a55c8bf7c884643372531fd8892926f126f6d40e358c3983db9a2b3dd47f519eb6cfa2c32b62ce0fa9a5951c7ba4b6ff89eb07c625182bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1263b610d77d84722ade99db4b8c5355

SHA1
f292d1e2f267a3b4787eb51d70ba2577e2c2d844

SHA256
e14b6b29bd3f21a7c30cdb5fad857cc307e1b359de5df206210ef8e9352b5099

SHA512
8e1d8619afb675099f23b186b28985579dcd2be760b4dbf362a7e249b0e18dd90edc39a74cef34547133cdd9221af4577002818c0cb9f3603aaa3cb422735825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.1.1\typosquatting_list.pb

Filesize
629KB

MD5
55a53c39b452bb89a1f29665f03b078b

SHA1
3b7a93287d2fe88c6c06789a53773f2746f93b8d

SHA256
9097eadbd582b3067e59103b8792144f08c4cc016d07f5952423f35659ce3577

SHA512
2719f9f9ea0a064599c2ac99df9667cea431acfea04f77b9a1229d9b262ef3bfdfd9158a5f3407a2edae96e26f36ad9546b986eff0eed2b58e78cb0d901caddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\bb464670-49d9-4fa3-a587-2fae6b37a754.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dvxs5pwj.bd5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\b237a3f0-1cf2-432f-9770-bd91af2e5d01.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\WinStart.exe

Filesize
3.2MB

MD5
f312e5b89c544d808859a09fbf8e6e9a

SHA1
917b95dc9c0f5ca7f089ad645c99395419914f37

SHA256
7b718d668fa3aed991ee8b9fc8f76fed543e5045f411369df659ee4cf09a0413

SHA512
2f894bb5f89e403fd22c2b2437043b8e79092f4d019a10fe13db3b89689374c6379af7372723bd343095b1b036b773d8ee3e1b95b955a452c46e0dac74c51b5b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1217726372\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1427555480\manifest.json

Filesize
117B

MD5
e31c8b67612fbaf01c993b51e826da4e

SHA1
65309f2bd6f45fabe9e75b842356853e2e6aea1d

SHA256
3c443e01a86ae358f8dc0533383061fb1319d754f8b7085271430adc0ff262e2

SHA512
de109a3df5856dfc35e3c79eba355d24fc7f459e7dd58aca0f7b65188f5e52eb9b056c64007c7788befdc7045a9e5f4f70665bf55701f52a263d0fc95bb8c2d6

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1831291003\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1928432115\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_1978939049\manifest.json

Filesize
119B

MD5
cb10c4ca2266e0cce5fefdcb2f0c1998

SHA1
8f5528079c05f4173978db7b596cc16f6b7592af

SHA256
82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713

SHA512
7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_2055638857\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_2055638857\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_210946619\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_509068432\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_509068432\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_826921408\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3580_96747135\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
memory/672-1250-0x00000233B7540000-0x00000233B7562000-memory.dmp

Filesize
136KB

Download
memory/672-1259-0x00000233B7620000-0x00000233B7666000-memory.dmp

Filesize
280KB

Download
memory/2740-13-0x000000001C220000-0x000000001C2D2000-memory.dmp

Filesize
712KB

Download
memory/2740-11-0x00007FFAD25B0000-0x00007FFAD3072000-memory.dmp

Filesize
10.8MB

Download
memory/2740-12-0x000000001B6F0000-0x000000001B740000-memory.dmp

Filesize
320KB

Download
memory/2740-2078-0x00007FFAD25B0000-0x00007FFAD3072000-memory.dmp

Filesize
10.8MB

Download
memory/2740-19-0x000000001CF60000-0x000000001D488000-memory.dmp

Filesize
5.2MB

Download
memory/2740-16-0x000000001C180000-0x000000001C192000-memory.dmp

Filesize
72KB

Download
memory/2740-17-0x000000001C1E0000-0x000000001C21C000-memory.dmp

Filesize
240KB

Download
memory/2740-9-0x00007FFAD25B0000-0x00007FFAD3072000-memory.dmp

Filesize
10.8MB

Download
memory/2740-18-0x00007FFAD25B0000-0x00007FFAD3072000-memory.dmp

Filesize
10.8MB

Download
memory/6088-10-0x00007FFAD25B0000-0x00007FFAD3072000-memory.dmp

Filesize
10.8MB

Download
memory/6088-0-0x00007FFAD25B3000-0x00007FFAD25B5000-memory.dmp

Filesize
8KB

Download
memory/6088-2-0x00007FFAD25B0000-0x00007FFAD3072000-memory.dmp

Filesize
10.8MB

Download
memory/6088-1-0x00000000003B0000-0x00000000006E4000-memory.dmp

Filesize
3.2MB

Download