hxxps://pixeldrain[.]com/u/6x1VBvx8

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pixeldrain.com/u/6x1VBvx8

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
720	spirt.exe
2532	spirt.exe
4156	spirt.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	mspaint.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 622283.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
688	vlc.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
4840	msedge.exe
4840	msedge.exe
4288	identity_helper.exe
4288	identity_helper.exe
2320	msedge.exe
2320	msedge.exe
4360	mspaint.exe
4360	mspaint.exe
2756	mspaint.exe
2756	mspaint.exe
4892	mspaint.exe
4892	mspaint.exe
856	mspaint.exe
856	mspaint.exe
4892	msedge.exe
4892	msedge.exe
1940	msedge.exe
1940	msedge.exe
2708	identity_helper.exe
2708	identity_helper.exe
3776	msedge.exe
3776	msedge.exe
1860	msedge.exe
1860	msedge.exe
980	identity_helper.exe
980	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4280	OpenWith.exe
688	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
1940	msedge.exe
1940	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTcbPrivilege	2380	svchost.exe
Token: SeRestorePrivilege	2380	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
688	vlc.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4360	mspaint.exe
2756	mspaint.exe
1712	OpenWith.exe
2152	OpenWith.exe
4892	mspaint.exe
4280	OpenWith.exe
856	mspaint.exe
4552	OpenWith.exe
688	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 2080	4840	msedge.exe	37
PID 4840 wrote to memory of 2080	4840	msedge.exe	37
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 4024	4840	msedge.exe	84
PID 4840 wrote to memory of 688	4840	msedge.exe	83
PID 4840 wrote to memory of 688	4840	msedge.exe	83
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85
PID 4840 wrote to memory of 4012	4840	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pixeldrain.com/u/6x1VBvx8
1⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa46a946f8,0x7ffa46a94708,0x7ffa46a94718
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,3601558575442869560,5683731826430818840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Users\Admin\Downloads\spirt.exe
  "C:\Users\Admin\Downloads\spirt.exe"
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Users\Admin\Downloads\spirt.exe
  "C:\Users\Admin\Downloads\spirt.exe"
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Users\Admin\Downloads\spirt.exe
  "C:\Users\Admin\Downloads\spirt.exe"
  2⤵
  - Executes dropped EXE
  PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\UpdateInvoke.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4360

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:1228

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\UpdateInvoke.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\UpdateInvoke.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2380
- C:\Windows\system32\dashost.exe
  dashost.exe {bb838e67-21fe-4af9-aec43719b139ce6e}
  2⤵
  PID:2628

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\UpdateInvoke.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:856

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4552

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompressTest.mp2v"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\vcredist2010_x64.log.html
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa46a946f8,0x7ffa46a94708,0x7ffa46a94718
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14770471461794608442,1896202097386182758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14770471461794608442,1896202097386182758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,14770471461794608442,1896202097386182758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,14770471461794608442,1896202097386182758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,14770471461794608442,1896202097386182758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,14770471461794608442,1896202097386182758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,14770471461794608442,1896202097386182758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa46a946f8,0x7ffa46a94708,0x7ffa46a94718
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13184425943395758822,17666749048467773751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bd92a14fac9c94237ff77bd84ee8b6ad

SHA1
162d6c7a1b3f0b7134019db28ec2fe80a34d605c

SHA256
4902f9999a6f313486139ae80cd1f63c94dd8842db9a587e31839e997c0c1edb

SHA512
e4193365c09413d41368e6f5651c8d3a99138513aebadf5bf64a6deb2f1f6659fc3532754a7aa26ece39b9a89fb3bb0e3d13902318f0b1225053c1249c90e56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
14f387b33f373f94367c85f1321a432f

SHA1
908b114774c12aeb275b3f2cce8d6bf52e3e6762

SHA256
9f0f7cf05c80c5339c6b46d4112c47aab4ee45e67d3e54fc95ae9793a15699ad

SHA512
83021e6d08f895848699051eb0671767e01ab34040a9e07af02a0cb43284d0fed69f0a8c2c0e1182984e87812277bc068e60dc57966c8ac7ce9cf3caa5d5bc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8415207aabb87ddb82cf2760d92f0b34

SHA1
3e27f813131ea219e74a43f0f95f9b9f2f4e32e8

SHA256
eb7a8048da044e669598754d587151c0a2064e6597f86f5988e22d46bf9dd90b

SHA512
45615eee3cf2b12f9501239cfc35390a82ce4b109f9c53d6b8d322bf2fb8f9f3cf0e433b2e6aeb497452ae240bc7f570b2e33bc0f14f5a09a1cf0fed62c3be27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0f7db735-36cb-4ee4-8340-63696f5041d9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
27300561e92a07895b59e1bd3ce33a13

SHA1
5aab60e22d25fde0e8a4e92c7d409213a2d0cdd6

SHA256
1c1a2d182a5c2434c2cf7993f5abb47a0123ff72a526459c31df597ac0c15449

SHA512
059bdb07a003adb6dc67206b9271060f7d3414e31ea6da0c312c3acab0247c8a7647c0f107e43e7204e8a65aaf1efb19d41161317ed935669b09deed0003f2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
267aa1b535cb5d8cdbbb64ff00148ad3

SHA1
879048880a54d6b46c17a7de37c4ab020ea55f22

SHA256
8b3b8805bd1f4f7fb4cce899e428aac44eb6de6b24afe02c50e21359f60f3942

SHA512
6a953ab07783827114845ebbe2743ee6ae7e2a8a37b4ae9f02fe9ce2aaa9c214f45ba9620ddce8b2098effe695722d1f023cae3663a0512992efaaeab3869e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
125a6bc65b8efaa6949360c64a3385f8

SHA1
edabba3b7e32f377b9c0ea44fef91a4082389033

SHA256
29a81f0cf8df8db904b11121497128d2c1f72f6abe4ef4705e37a7a6493853f5

SHA512
4187e26f74db3d53bd3bd05b9771edd55e3f4fac58d01822526de15612d98721ce77d9f9507a82bcf24c58413a5d132a97292383bc6945bb3401352c41bd8e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
125a6bc65b8efaa6949360c64a3385f8

SHA1
edabba3b7e32f377b9c0ea44fef91a4082389033

SHA256
29a81f0cf8df8db904b11121497128d2c1f72f6abe4ef4705e37a7a6493853f5

SHA512
4187e26f74db3d53bd3bd05b9771edd55e3f4fac58d01822526de15612d98721ce77d9f9507a82bcf24c58413a5d132a97292383bc6945bb3401352c41bd8e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
e3f6f62d7be54bb39ac590feb81090e5

SHA1
bddcfdf8df72cf2191c31d15329c5e334c0eaa5a

SHA256
7b520cb2f1a404504009d83527a37d424a7348b4aae1ad5b1668ad53e4fe20e7

SHA512
81f90db623528a549e02974ce8392a80b209f69da0c553f2d5942cbd70041f91baf546a9626bdb37197bb25bda1b7b411644940cc82700dfbb299edde06b6685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
3f2626c17ca9959257603986cd10addd

SHA1
8e83e4fc4976f897dc1c1468f3c4f3fc5835106d

SHA256
7bb7062acbd34697715173c9b76f200727f9b64a80c9e90319f62b9f224a0316

SHA512
3dafe8c43b7d8cb9907c8a45dc680548e8afab903684646170bd898aab911824104c834923a1be297ed8e5ee72fd11aaba29a86dd9ba4608751c9d60cfc546a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0262e497724f280a5fad5240763a8c80

SHA1
21755d3bed530cc15fb84a4e9dbdf5804dd34ddc

SHA256
f972f913931d9af48d8e2c2ae6b0554b9764c7fa30e79d632a3bbcfea73e9833

SHA512
7d53babc5f161993c1e25bcd6d6eb59610587c595eaea966ae6b151b068b239cddf290a11a248bd4394afc3a67a9829a31b72f223b13411095c1437cd8f2b87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0262e497724f280a5fad5240763a8c80

SHA1
21755d3bed530cc15fb84a4e9dbdf5804dd34ddc

SHA256
f972f913931d9af48d8e2c2ae6b0554b9764c7fa30e79d632a3bbcfea73e9833

SHA512
7d53babc5f161993c1e25bcd6d6eb59610587c595eaea966ae6b151b068b239cddf290a11a248bd4394afc3a67a9829a31b72f223b13411095c1437cd8f2b87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
cc6538e2be64dfb9126574a4c8d54006

SHA1
48749c5183dfd9ace3dd524c504fb535ad5d9e01

SHA256
666cf577477c8771c5a22c29c410c225f28fee2b932f789822144388e76d73e4

SHA512
87de54986b9c7f54fbc1d92e9fbeccbd4f6e42ca1a3467e6ca8760739e0cc22d229c4129bde37d9308659bf3403ff0513899e706ef6cb595946ab07512dd85b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
527B

MD5
1853f9147649be6ed745d18d18f71e10

SHA1
cd087fbb9422214b130cf7709492bad72e017f05

SHA256
4e3bfb533b60b941ef8603cf125364ca9937e318a0b6fcfaa0acad3749166ded

SHA512
dc2d5627b4f7c7d5f23a890942df6adf7a380a255ce1254dc031cd9057447ae81ed2274e9f059f1d2c35bf8b007b685e49d64c6c03c086e175ee3d3d9637a346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
dd6e52134e2cc48494b62298db42f068

SHA1
865a08a3a06cbd1fadebcc9768ff4300821613d2

SHA256
80ebadce2e0cd542b49fd183603d976b56cddca68d915e85a5aff0431cac3d30

SHA512
5617b03a9871da50f7d09174e6410b9b823bb187ac9467841474127fefe4a84d4c025300af3be1a3f52f24fe8974a37e5bd23f47dad6eb7f252f34b57df60a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
132B

MD5
66f54e1fe3a40dc456b3b5be69b17d8d

SHA1
69ad3ba5e2a076c1619989bb4dab892fe1675cdb

SHA256
07fec0f78e33385e4e97a51826ad95faeafdfbed726de3d42950eae04cc5b424

SHA512
17f8227c2372e9a5f5882351263a01e040d2a3181d459c1110f07c12c87c208ac59730dc40651aefe1e96fc5fac9cbafb4174ecf476e355f36848dd067865f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
bb43e1f59b1e089ae64a81744f68c67d

SHA1
d4fcd6b484b2cb6e1cb7da8bc2887d989adb214a

SHA256
d7f9a3c8c11a48f147167efaaacf3afad92eb24deacd5838f704593561f15dd4

SHA512
ea3f7ea0c2f5fe83211ca71d9c968a075cfc623dbec93a1cc001faa341a51657e8ab39e3ad28af5b6f8a3805c9fbc1bc3aa41e18093c4ca3069210228476d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5fa350917ee860656b07e14dc15586f

SHA1
6aef41e285e321a1acba21b3bc50f59e762acc2b

SHA256
c54c5c2d5716ee60ef3b45ec6b1098e18e5b190d4912e09ef8c1642a7f176a73

SHA512
eb4d42f9501f4e282989dbebc39ed38c91f19280692cebb820865398f6039f41df468252614dbd8cffbd9203ccfd975f7f5926d942676f98df28327424b7affc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18b00fe0e2ccc2e118abebca3991d1e1

SHA1
8a7823cdedda6a8e3cb9bca447a77afc6c4917d9

SHA256
02db99a2d1d6e58a30e1b5fde76ec930f64430727f8862701ea065caf2204b21

SHA512
1a079580a7579fc3be6c81e0906c964e7608b1f456a1374c26178395cd1a04bec6c90f2ef1477e36ace65882e5e9c0270e597e47879b3708222c0c7c6e0d7423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff6177ff7d8334fcc538efebf1d88069

SHA1
ad846796d006e2b4fe1efad2d4a77d99df92faf3

SHA256
53cc30f6e69248cd15e427d7ab6b109d6d4dfa99b1cac00e4bcc6e40ac136785

SHA512
b618b4796ab916b9c5eb405942178000f95e8921baeb3ea95427fd7738471e12792f59fd6750962c8fef8e4f8df9b0b96395341da8f0a8ef5f4ac968ba428190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b93dda261daed6416ecf9625269ef097

SHA1
9be37a3254c22bc8d1bcb15b77d2d6078898b580

SHA256
e92414696d6f25df0acd9787ad2d97235d7bf1fcfc28cf954139ffab62a27b0a

SHA512
f02beb1a36535bd076c5a3d958455ebdb0ef8760f65f8f56f4714391a4e2617432b625fb25aacad9d0143f6b0f953fedf3d48017f726a1dcd250804cd0bbc0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e52f736af2e140e380dbef54ef88bf2

SHA1
251a3c5f455aa2da87d9c3958496663032ae327e

SHA256
ed4e154c4d0b510e9e672c5d6119fc7fae99c7008ab21fadcf01a484923d8cd1

SHA512
e405cc1dce92e10a9037d876c7c8a695bc7fb43beea03a156a1ea98ebae6fa778432a765fa6b4dfd0ae14e778c008b56bafaae6f740fd44cb6be97139c79c173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82f24387507ac47cab2f26985c2011b5

SHA1
deab7c4204bc790be56c012adb9b0d13c560839e

SHA256
4bebb9cccefb952b632e0060e96ace2e22e87cfb2250dceeb9a53a6b74c17541

SHA512
88eec2cfe36c6c7b3217fb9e1361801ad6a39e0bc0725158b3c44c9a0aaec5a6f0feeeced683f0f26f1248840cbf8816cd085b832411b515ae901fd40f57b296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82f24387507ac47cab2f26985c2011b5

SHA1
deab7c4204bc790be56c012adb9b0d13c560839e

SHA256
4bebb9cccefb952b632e0060e96ace2e22e87cfb2250dceeb9a53a6b74c17541

SHA512
88eec2cfe36c6c7b3217fb9e1361801ad6a39e0bc0725158b3c44c9a0aaec5a6f0feeeced683f0f26f1248840cbf8816cd085b832411b515ae901fd40f57b296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1ad5cfb6b35b0d0f34493b545e8ba8c

SHA1
ceb7e3e2bcb85790312c41d68d61973ecc50932c

SHA256
d9212836fbfaf844bf1fd23a308e11d506bfb7c67ebb6ff41b7b5965877aa785

SHA512
46c1946626c5e33dbd3dfe9b3e3b18540fb5f00e560aa838f4443d723412f4e7108b7c5a67365ef7ad6a8c6c3b7d91cf0d00e503bcfae1eb5c1de71a401ff501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4b781306eef375e7a60cf1e186ae3d54

SHA1
e9d718868bb4f5bdeb1658da532477159c9e11d0

SHA256
2171b47efeb585994751e106a8014a21fe355109b7de1d032cd7190242e59a4c

SHA512
aa738ade4ba51982fec15d6da8368be77491c0d220b0b0340af52626f6b18478842705472d4fb18d61de9a39e21d5a7e70b53ccc63617ff3147ee9d5a05423dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
10accd43f0c69e19f3c6406befc39638

SHA1
331e59641b6c393ba9c023429c26ce89e642a4cb

SHA256
ed32f2ef0603ff6c53022d740709a3504ff713eed2c2d4bb73fc1e61e34d2a38

SHA512
bb4eba64e977f061c21486d285bd0accf19179909415ee2bb3b8250434c2b3c995893847ba60d38734a7371283221fd8b91891ec76a119f63acbd346fd78fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13337298024444338

Filesize
2KB

MD5
5a1354967bdb0b32b1d9c6dbf199383a

SHA1
a03dc82b1e10b0c87a4aa7a31ab29cfe381da4c3

SHA256
7e69f5cc4978e47436126de4ede08440e1fe5f476866186ddd3fd3e5df30496d

SHA512
19a2467d755145a1632cd103a560dda7ffe80b50210b10c4c5fe8303892bf6c7535f399f2b11be5fbd96c838bd9eca1fbe7e357dab17afea4c655668ab7ea486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13337298024678881

Filesize
1KB

MD5
b60af0cf1fba9605c5a2a059a7dbe7a1

SHA1
1932ae8b9c44d277fe74244c074509f400604c6d

SHA256
8da5bb0f5c3be7cb97995393a38c24791829b9f46d1e1a5db20eee2110c9ef6b

SHA512
b561ca66dab5d59220e7d1b21b0dd50d8164092a82ce5ba6aa03f73f1aa9c284731a4a8e4f3a7b4465b9316bead97279f81f2af61952189483188dfca0a6c7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d75642cf14f738f291aee16bd245fc06

SHA1
20b77c19bfe6689be9768d893457b56183af7b95

SHA256
91a31a59d6f06dd960a17203196f9dcb538dce7c69c3fd4a36ea0a89b3e58392

SHA512
112220c2c3f5019cfe9821d2691d3730c56ac6cdaca696663423babc89c6a4952f409f9abffec0f190133d7a6babdce1e0794eb4b5795d2438fc91a84181e94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2fae180f70b4df75e228855f0607d37c

SHA1
e7f128a69d9722ca9521c29628ed52a9ed1419a7

SHA256
e6cb775d67e0a23065606003b739a37547befb65b259d66849ccc8f6407cb593

SHA512
1bdf008c211faf837f3e670eeaed33295a2e46ea4e2f70f046b225250063f14c0cd112c39663b141acd8f21a395826f590a54a7dc5abc1a25400a633dcc1874b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6f1118c863c220f238bd1366a7336621

SHA1
92bbac5bd60bcaae6a02301f8b151693e05dcefe

SHA256
f52db6e25ad32d6b21bca299d88078764a2ee73a6bf014c1cf07a5929111c92d

SHA512
1fcce70f4c14a7cc7dac2e7fb961f46b2187993ce981d6d29fcab71fb03776b5c5f7d3cf9838e6f7422d32e2370e9ce8fbfb6e7b8a0d18cef15040863b0a3afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
3742934f2e5f7316b865150e8f0e63f0

SHA1
88833c1c2ad4ba5625b8f8fb569c467dd2e84e16

SHA256
544bcc664dc16070436eaf5708a98ccd90a528e3ea41323dd0930ddbd6dec62c

SHA512
cdeb3f5fa4648f94b6297698d9baf61ab5b53e88b3fd97fcf599c969e96846a6bde05c1a82d3d7b8335ee432929f18dd78809d602ce1d02d70a80359345eae53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
3742934f2e5f7316b865150e8f0e63f0

SHA1
88833c1c2ad4ba5625b8f8fb569c467dd2e84e16

SHA256
544bcc664dc16070436eaf5708a98ccd90a528e3ea41323dd0930ddbd6dec62c

SHA512
cdeb3f5fa4648f94b6297698d9baf61ab5b53e88b3fd97fcf599c969e96846a6bde05c1a82d3d7b8335ee432929f18dd78809d602ce1d02d70a80359345eae53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
2143e0d60d4c5df4e72d85974cdca14a

SHA1
a435ab40d55e5c52e5ac0299b1b0ad1462566fae

SHA256
6223036692ce12f3e6226e71a9eb2cf264077f22a5734c938af0c8bd35293d3a

SHA512
8b60a4822d2f4c713a45ae4a21845080af958cab58d12d15501c7801577cc0f59bea59602f40603ff799883261279619f4f1b148e9a89d32435d697b62cfa087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ed7d.TMP

Filesize
204B

MD5
0cbe944c0144ebf99aff504134d8d9c1

SHA1
0e76be0eb460dcd09a68a951c75cb5488d5cc4fe

SHA256
837aa616b3131ba57cf87d3091279c90c299209e03edfa41b15cbfb92c28ffad

SHA512
b6d3df0edbd7dead52e9454baa53d7c325a6e2edd9a28a722a586047b86c43d9c4011ec66e1b897a1ca9b269cd1cc755cb4d61a207c8d51d3026a9fddb013d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
903fb2234ec68fae95f9e2797e277943

SHA1
c657f17e7720668b54a7e16eb6d94911415cedfc

SHA256
fa44a43a964720959d298060ceb8c8d8ec3d0ed7f4e7b0ecbe5503bba565e3c3

SHA512
71a3df20618f62973dc2b98b06f5ea5d3d11d20238a5a3f800c3e395d863e9912f91e901a3867130782ca726346fd7ca69ef77f8ceded23a06cc0ff3760f5cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
0e4bc87f5e30be77d956a8ce99f9eba3

SHA1
a2c44d097ba89c2bc6637953e66d1deae48d58ed

SHA256
215e3ef27e0ea17f30cb77ce633e5bc7a3e96d1d944e1c6fb22bb9c749051d05

SHA512
33185b359e1680c0bdc54d3f31345d5a2431a0df1600d52b1bf8e7b3896d0e87a0fdfa466009c9edc4cb4f58352f29ec7d0d987943609a0febc1b82085660e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
8KB

MD5
472a8cf3588a4691d33e5cbaff820165

SHA1
48aa8a829d828323ccaa4a2c759fe697fe5ffa07

SHA256
ed72007e716d0ed99b42d697b30361c2ef68111c4d07b1c1fc010b2fa8c0a595

SHA512
939d1d1a95c61bf213c71661a3ddd52346e5110bb0390c041fcd9fb834ae354dadf8a6ff34c7132ef6331b1cf8ccef034fe063c1809d6db70ea1e974f938db93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
4601703930e820cb1a46727a80a89366

SHA1
50dde727417f636635e37519046b0456d32c9f27

SHA256
2c8b03eae5742e359a2954ffca0c9e3b518a9c53b70bd3e7e021ff07cacc51d2

SHA512
d364c310b2cbe9d61a8b543cffeb29c88ee8d47ae0867756de32a242db7e38c9cc5e8c246960acc3d1f31f283d9941c55a31f07bb41f5457c3402133d01792ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
ee1303a440224a71ee87a0346884d019

SHA1
3fb40cc8faf167f0d467465e701b6c26d3d1b8ed

SHA256
606aaf1877f950f374d482fdd3e7eb15bd562a581778da75da920c0bae49fa91

SHA512
8e424574622e68ec4654b0f175da01526d53c35f8403ff2695428b8f71156ddec6eb0339c6955140d986a464519edd84f7998a657b453c1970ff78eda3b26913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
1dd1ac13326ce9c829194baa7961cda7

SHA1
818ae0fa3443b9bf7dee4870ce861b2f9ceb23f7

SHA256
a2df0bafa3d710d06201251263515b84d77ee283a92899120d41cb358649790f

SHA512
a65531b91dd42c9b613c3635e8a163bc517724e95705570b92677e0bcf7e5b6ee8e66e2547b56f7acc00dd018c3226f2a01b2b5104cc4c6d29e242527840b44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
909db390370f3f94a4c9d68f9818be1a

SHA1
252b874386cd91fcb433e079889a6e91731bf777

SHA256
648f532179e35b95e177e30f243307043593884cd92eba7935bebde1ca3c98f8

SHA512
c7f9cbc7436e2a5a576a518d752f8c2f2415f71f47f21681063632361db4328e495d4a510eed8e215b178ccf11283b00086426423ce725cc65aa628e3d1f6246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fbd71ab7c1e69df72df40692974b9a58

SHA1
5f236c65fd293a1bdfc52a0caf4e459bd3be0694

SHA256
8a3905428c0d4fb039016b9ea920ff4cef53336f48ee76d2fe83d2e2d459ab45

SHA512
672421e50a51cf715916edaa65605a7945f180f50f91a0c0b355d88cce1ab222a1bea7811a27011d5d0aeda2ac2bab1125d7c2a23e7c5a895aaab816473e5d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
c196a328c48220e3be4158bd9f3749c4

SHA1
0732022029c199426b0f1045f1e612d86795f7bf

SHA256
2a1ed753b5561ff08eb76b6091f6b3b42991bf2da1c7cca175f76857b2382a01

SHA512
85879cf42339ebe14aecf9b0d0feee988346bc85c533bd5684f547855752e21cbd8ab93322ae022d06f9342f8414eb865e23111a7917ce6d34b02bab88b34150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
679aaa8538faa9fc0e7c0d68bbaa9761

SHA1
3fd37866e821e2884ead9efe6ccecb2731a897e8

SHA256
bccc81aa046d717f47c1d1be2e85044d3b98e44bed01d66b17affb8b88595a89

SHA512
5af1d57c49b912430a74f5bb6d5e050e97f1cc11d18525d659faac3f806fa9a4861477c3c322824431d1b65f038df346f6a3fc7a26b92407d927907b86ced30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
a1915da4a339aabc49f7f52ad9250e23

SHA1
4167efd629e7c4afc98807091859344a2e004b19

SHA256
3a3313e4266585271635d66c19fe0400433a5844ce30fefa00a59da9070d7244

SHA512
9853006133be34733e23c7f7dfe1ca5df5ce02f9eee3d709b97aafee2e0c9293d9107519a1dd9f9337b2b228d5fbf504ad6865b3cc2710b6db9d24990e164533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
16KB

MD5
4f266f64fc9e994218c691330c110324

SHA1
090e289f1a3116c5b910096b6a3c547b17ec379a

SHA256
e364e0070932b804a071aafde0420dd191d2ae98934e594c3c0cc6bd701c6bb7

SHA512
b754247795429911e995852562c3071db8443b2bba80d1bbf0581a59ba74506d2dd986f63dc5274ccf47a542cbd4433a182882bd1b3a28ce7c8cfaaacc4f5e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
25KB

MD5
596c754665dc3ef9437ef542eb4b130a

SHA1
2fd7ba914e8df3314850a0f0085d5388e7d45811

SHA256
bc79b14f5edf047445a5ead84ac1c46d8bb2e8015fe8465f1ba90a8286375500

SHA512
d224eca48a06915370fd20858d6250df1f19a8990ec3bf2230fc5d72f1b5f356f609a4098fc5c22fcad8137734d4adfe9d69f0e91836fcfd6c1c4464559168eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dd99e12169b0b93265e0ac6f33a0727b

SHA1
2f8be386ba1278d408bc405654deae80132ba7ab

SHA256
1a691790674895cb529f9b2f7a2e7b689e5544fa1290ab9637f0304e107bbbfb

SHA512
1920df0de562b0b55a1444b3c437dcec0ac49c6c868deec3f274365989e8cc02d1c0092e83fe9a3af001191034f0028bb231fa573eea45c6af1af982288851b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
ce5cfbb049aa3cd643ca510f5a92964c

SHA1
220d6c62fb8ee4e58f5aae425596feedc2f8af11

SHA256
c77445ccd5948f1734390f62b4dde09f8c631ed1bd060ed6044180f3a6a798ee

SHA512
0610689285206b470de08b7de117bd38a68ada598bd0f6cb1bd8858ea1c4f2f2c65f4bac402df2d7cbfc46392d26e47b620738cbba9a71b473bfebe1a4a98bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
64b881461b643746b7e347beef92bcb3

SHA1
88e413cdd81fc2675892795710694a0f6b5a6c8e

SHA256
0b5293fd3c7f7b90eca7150e365099f52807a40f66d7822128e68294e172ab74

SHA512
795f0b446c9386be6c849a1e338abd3c800deee33b1254e435e5c99e75f9fe51d38269ee38a7073f8dc69ac0cbcfd862fd40da8c92df750c1c9f39f871ef74e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1689ccf4d316dcb07fbd3270c5c95854

SHA1
5f69a87fa2e07658310bdecd274ab892694866ae

SHA256
31a8bb5388d7b2edb603463c2ff592ae7c7f4038f21f0467215931beabd7f76b

SHA512
9da79999e931bac4f10373a35530a25428b0df09d0dcb89ddc4a7a85bde47e7f1973d9cf1de9ed04a539e2de2eedc28b39644ada9490fc383fe15489ceed2da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dd99e12169b0b93265e0ac6f33a0727b

SHA1
2f8be386ba1278d408bc405654deae80132ba7ab

SHA256
1a691790674895cb529f9b2f7a2e7b689e5544fa1290ab9637f0304e107bbbfb

SHA512
1920df0de562b0b55a1444b3c437dcec0ac49c6c868deec3f274365989e8cc02d1c0092e83fe9a3af001191034f0028bb231fa573eea45c6af1af982288851b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
2a4532ac35dcebf68a3ddb9492ccc750

SHA1
c7e51c471989a77958f334c8e282fa0b8103192c

SHA256
00cd1f0094c2c4746680ac0d0f5b7edd8212a0876142de6f41afc92b1183018e

SHA512
be6d59ad549728d4fe8e7a2404c9b40ce3d473098a36c33e587e5be7bfc4b7782e739be39eb0d0d7122c8d1c12610e2a30a6c70c10cb2066683f14df2623c863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c9c484b8f1bcda49d05a682d19aa64b7

SHA1
8fa8cc1446222129e1d6a77b5f93cd29f64f6a23

SHA256
7b5ac475284091f3579676953e383a9ac3d1954b1ee47fc2eed055bd2dad3b87

SHA512
d353e84566ae960fb50640c0a99780f1e415ee7fef847a878d7fe68d59f7eedda0df1f64dcb132b9559cad273efdd4a7548deeade5a035529b094da51e802641

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
78B

MD5
5baada3bfec106453b27a3a5243c5980

SHA1
d0c7c6b35264f5f545a594bc21b9c7f416ba34bf

SHA256
84015511d4fb7435d03e034d17b62541b29fbfc5c86f09992a33e64071c71f23

SHA512
8e8bfcdc785185a899c20504ee6fadb3ef3eb79eca44d936c9dbe0593bc661c95f75635654a7a7a4343ee41af4557b5d3828d5ea255e3e325a8fe0c0992ca55e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 622283.crdownload

Filesize
26.4MB

MD5
ab3e6df1885b10f17cf8d7fcc8f33199

SHA1
ccdc954bf889db8b48ae5fa15aa91da34b74df45

SHA256
576e00e54d397ae317691b0d217c10edd1e431644f46a912c4fea696a93a2532

SHA512
73eb8055ef35b891366fcf30259a15bcc3f09013cb132f6a1c0bdabfe2a50b689a64d831143d84ce3f0398fbe92262dab4a832424096d6edcd6bfe5894148b50

Download Submit
C:\Users\Admin\Downloads\spirt.exe

Filesize
26.4MB

MD5
ab3e6df1885b10f17cf8d7fcc8f33199

SHA1
ccdc954bf889db8b48ae5fa15aa91da34b74df45

SHA256
576e00e54d397ae317691b0d217c10edd1e431644f46a912c4fea696a93a2532

SHA512
73eb8055ef35b891366fcf30259a15bcc3f09013cb132f6a1c0bdabfe2a50b689a64d831143d84ce3f0398fbe92262dab4a832424096d6edcd6bfe5894148b50

Download Submit
C:\Users\Admin\Downloads\spirt.exe

Filesize
26.4MB

MD5
ab3e6df1885b10f17cf8d7fcc8f33199

SHA1
ccdc954bf889db8b48ae5fa15aa91da34b74df45

SHA256
576e00e54d397ae317691b0d217c10edd1e431644f46a912c4fea696a93a2532

SHA512
73eb8055ef35b891366fcf30259a15bcc3f09013cb132f6a1c0bdabfe2a50b689a64d831143d84ce3f0398fbe92262dab4a832424096d6edcd6bfe5894148b50

Download Submit
C:\Users\Admin\Downloads\spirt.exe

Filesize
26.4MB

MD5
ab3e6df1885b10f17cf8d7fcc8f33199

SHA1
ccdc954bf889db8b48ae5fa15aa91da34b74df45

SHA256
576e00e54d397ae317691b0d217c10edd1e431644f46a912c4fea696a93a2532

SHA512
73eb8055ef35b891366fcf30259a15bcc3f09013cb132f6a1c0bdabfe2a50b689a64d831143d84ce3f0398fbe92262dab4a832424096d6edcd6bfe5894148b50

Download Submit
C:\Users\Admin\Downloads\spirt.exe

Filesize
26.4MB

MD5
ab3e6df1885b10f17cf8d7fcc8f33199

SHA1
ccdc954bf889db8b48ae5fa15aa91da34b74df45

SHA256
576e00e54d397ae317691b0d217c10edd1e431644f46a912c4fea696a93a2532

SHA512
73eb8055ef35b891366fcf30259a15bcc3f09013cb132f6a1c0bdabfe2a50b689a64d831143d84ce3f0398fbe92262dab4a832424096d6edcd6bfe5894148b50

Download Submit
memory/688-321-0x00007FFA32CD0000-0x00007FFA32DE2000-memory.dmp

Filesize
1.1MB

Download
memory/688-320-0x00007FFA33770000-0x00007FFA3481B000-memory.dmp

Filesize
16.7MB

Download
memory/688-319-0x00007FFA34820000-0x00007FFA34AD4000-memory.dmp

Filesize
2.7MB

Download
memory/688-318-0x00007FFA37450000-0x00007FFA37484000-memory.dmp

Filesize
208KB

Download
memory/688-317-0x00007FF620B90000-0x00007FF620C88000-memory.dmp

Filesize
992KB

Download
memory/1228-274-0x00000222DAE60000-0x00000222DAE70000-memory.dmp

Filesize
64KB

Download
memory/1228-293-0x00000222E32B0000-0x00000222E32B1000-memory.dmp

Filesize
4KB

Download
memory/1228-292-0x00000222E32B0000-0x00000222E32B1000-memory.dmp

Filesize
4KB

Download
memory/1228-291-0x00000222E32A0000-0x00000222E32A1000-memory.dmp

Filesize
4KB

Download
memory/1228-290-0x00000222E32A0000-0x00000222E32A1000-memory.dmp

Filesize
4KB

Download
memory/1228-289-0x00000222E3210000-0x00000222E3211000-memory.dmp

Filesize
4KB

Download
memory/1228-278-0x00000222DAEA0000-0x00000222DAEB0000-memory.dmp

Filesize
64KB

Download
memory/1228-285-0x00000222E3190000-0x00000222E3191000-memory.dmp

Filesize
4KB

Download
memory/1228-287-0x00000222E3210000-0x00000222E3211000-memory.dmp

Filesize
4KB

Download