hxxp://google[.]com

Analysis

max time kernel
91s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2023 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\spool\PRINTERS\PPh49z_fh1llr_9yzlyoxls_rlc.TMP	printfilterpipelinesvc.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 33 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	notepad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	notepad.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
2400	msedge.exe
2400	msedge.exe
2208	msedge.exe
2208	msedge.exe
4848	msedge.exe
4848	msedge.exe
5996	msedge.exe
5996	msedge.exe
5740	msedge.exe
5740	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
764	notepad.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5160	OpenWith.exe
764	notepad.exe
764	notepad.exe
764	notepad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 4328	2400	msedge.exe	83
PID 2400 wrote to memory of 4328	2400	msedge.exe	83
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 5040	2400	msedge.exe	85
PID 2400 wrote to memory of 4728	2400	msedge.exe	84
PID 2400 wrote to memory of 4728	2400	msedge.exe	84
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86
PID 2400 wrote to memory of 1032	2400	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8249746f8,0x7ff824974708,0x7ff824974718
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,17356155517201900784,18307207910759403183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17356155517201900784,18307207910759403183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,17356155517201900784,18307207910759403183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17356155517201900784,18307207910759403183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17356155517201900784,18307207910759403183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17356155517201900784,18307207910759403183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/p/?linkid=838060
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8249746f8,0x7ff824974708,0x7ff824974718
    3⤵
    PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8001707873401488620,13365820588376373929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8001707873401488620,13365820588376373929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8001707873401488620,13365820588376373929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
    3⤵
    PID:2516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8001707873401488620,13365820588376373929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8001707873401488620,13365820588376373929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8001707873401488620,13365820588376373929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8001707873401488620,13365820588376373929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
    3⤵
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8001707873401488620,13365820588376373929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
    3⤵
    PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=834783
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8249746f8,0x7ff824974708,0x7ff824974718
    3⤵
    PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4127657188375263843,2397313206478099672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:5976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4127657188375263843,2397313206478099672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4127657188375263843,2397313206478099672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
    3⤵
    PID:6076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4127657188375263843,2397313206478099672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
    3⤵
    PID:3844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4127657188375263843,2397313206478099672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
    3⤵
    PID:2012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4127657188375263843,2397313206478099672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
    3⤵
    PID:5376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5160

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d3daff19d56a920ba14b66493b6fbeb

SHA1
046228fd14d2c556ff07d14bce0a84d53725354f

SHA256
27b77da9114b6179aba59f6f1f8a95778f74f8bf22b0315d791902e0845d9423

SHA512
4fda660e51c599eb0203b500a6c6ab0edb1ab7bcce8e811e9bf025a280f702885061fb60e7f0620bccc0399aaf8bae4e46287d1e36bb9f4602ba60b816affaf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d3daff19d56a920ba14b66493b6fbeb

SHA1
046228fd14d2c556ff07d14bce0a84d53725354f

SHA256
27b77da9114b6179aba59f6f1f8a95778f74f8bf22b0315d791902e0845d9423

SHA512
4fda660e51c599eb0203b500a6c6ab0edb1ab7bcce8e811e9bf025a280f702885061fb60e7f0620bccc0399aaf8bae4e46287d1e36bb9f4602ba60b816affaf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2bfb9d16cd0a3f5536409da5f99e3505

SHA1
4be58a893a43b3d7e3e19a913511cb7f4fae79b7

SHA256
570f5965717a9e80e74495fcd28e9b285fd77a17895ba7f8529d20d4e6771b73

SHA512
305198cecb29d53bbeeed34ca8f18b72134973426b9a3e907afd7f1c7d08131f74dcfb89fb8d8594affec779f6b328c336fb956c466c8124d68e4e1c2b76710a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
43b2910ffd95e25bf7bfc2e28bdfe58f

SHA1
7b4fd0148b4ceb1057a98e48f7c3b44a305df7e0

SHA256
95813e99b6b5cafd14bf69d319c76ff1b970ca8df1d17792c7eb5a2537e64363

SHA512
856e1c898f950b48e954d544a6a2855a535ece90fb404ae8250a366ffc3402af51630112a3dc314f71aa5b38bd34ee154f0c8e63c9eaa1dbe39f9022f4b89207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
68038275ef7e9044ed497e13590769c7

SHA1
3a3facc57b6285b936670109e44984be67114974

SHA256
f937ba2a22978ef17c34f568a0d08905d1fe07eddd772367a65b67e8f1e619c5

SHA512
0b2b5730e5535474b97a7b6a3e76cc7e02de2aebd4e382e9caf9f145f267f01036e286a05ee6ca9986140242069d949755ba81a28d2c606d198ec4ea3c27975c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
b999a58cfe095dbf2e9b05c029ecfa12

SHA1
909c7894e2ac2a44ee68983f46b938470e3a55f9

SHA256
e0db3f8adba5ca896d696fd8dcc832953ea970ef60f77d3f3a0d61d53ed49073

SHA512
66c70108edbce1789f01c3e0d1f08d6f43fb61f3e3f901bf56c2e99687b28f95c690823ecedc7e6372e91e3aec20a603598a634964d156b3e6ae6678f41cbaf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
f54b405d743e3480d2eb47b004472419

SHA1
ad3e2f4792623198e0035bc11a6c14dd0b97b5f4

SHA256
cce9aba1719a4d7584717ead48c79734211f4ca4baaeabbee440a7258773a187

SHA512
2398fa075851a001ad645d281f67e4dcfff8f11674c2765b7f510d453d5f2dba696509244dbb26f34e478eeb7b8845c5edac64ff571aa34ac1676991dc4bd556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8526d45fff938355703fba1f44c80b5d

SHA1
7c6f8b43260120ad71fc399e30c35e171be56352

SHA256
4577aebb835c63180744d6caaf030728d2ca9bcdd4254e23e2f1fecc7ddbaeb4

SHA512
dc6a8d89b9ea7f795ef97d467804efa51c99e6d7fdbed8745e9990d3a99b540dc30499021281c5d1b322646867f9b92ebfafaa787081e1867301e91bd3771157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8526d45fff938355703fba1f44c80b5d

SHA1
7c6f8b43260120ad71fc399e30c35e171be56352

SHA256
4577aebb835c63180744d6caaf030728d2ca9bcdd4254e23e2f1fecc7ddbaeb4

SHA512
dc6a8d89b9ea7f795ef97d467804efa51c99e6d7fdbed8745e9990d3a99b540dc30499021281c5d1b322646867f9b92ebfafaa787081e1867301e91bd3771157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
af5a9ab2d53f6852c67a86f25ff58c07

SHA1
54b9931216f368f854651829fa2b44ffaeb750c8

SHA256
b511de924f9707bc83d24477c4c9894261cc286eea66d586077f78bbd0c4664a

SHA512
22a20e97a2404b0a23cf05c2184351bf14adc86ef2f7fec21b180eaca929f89aceaa70ebac3dadff5c1adad28e785b1d465665c36f719545e58c011866844d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
db5e86f8bee0193211d3c93fdd6ef2cd

SHA1
a18ee6b28e4b1ca09b2c9055f99c46a5bcd820f3

SHA256
45e73dce34e99e4abffd9527fee5102bd87dd05cc5d8e58ebff4ebbf3cf0eb55

SHA512
11b6106638b7ced6c6946030c3337dc261367a13665d56459bd23f6499b5d16540cddf58ae3d20dccc84671b9e788f84a2b592612a45f705d159513744309d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
4214bfeb02d66783c2216a9d0addc862

SHA1
80c349b6d69f03b135ab12bb1a69d707327f2c00

SHA256
d23c70c941a367e06247e3be3c4e89a69bff05c9922c33b153b442f38676bd27

SHA512
44abc51974654cc68fa9a8c99dba388e0e6614b88d16d633d24438c6e5eb28f7c7feb03a6b89085aa32d15c72f442febe6c4653d770550676009001f8eb9c4f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
ef8fe3ccff7f431b0f7940eb9ab05303

SHA1
3f5b86a44c13b171e5e93ccd0aaff26ea525c95a

SHA256
7667b24f1a638e802faab0a5d6370e0d6babbba83f2d0db8e09e427be2ac39af

SHA512
3b244894d59507296f3e52ecaee1cae2713564fabd772196f8e1b33a7ef709bea6cb7708eecd93f2c659195d6cb35a88bcb01f3c22ff2b96426fd214abcd7c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
7a47b9e91e71a77f7b5ec8c2a6f0f5e8

SHA1
055fe1b92f5a400d39f5e898dc198d4ce2648e8d

SHA256
70eb9ab06a7699023d7ded70628903eab42e31bec61d67e2fb3e0377a8ffa7f7

SHA512
9df4380d4fb4bc0b161808881d6b0711c9e59c668a513705906ef49fc4201585a3ca19f99b192b6a75483f2019caeafa214a66ebb093b611d9427476e69d0812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
5347943dd3fd14e39a3ed8db440490bc

SHA1
e31b5bd6995b2a8dd86d3c4a0e6a4597c20c6204

SHA256
dbde5bb1ef216ed0441523081f4bb88867d43e95c989bcd561a5fe1659a9ec63

SHA512
4ce8064ef5ec5de3ead9786763812b26dd3b61eb4bf8404e5e9f6a94680c44c39f4810335ff179d332071eb7cf1e8164f5ddf234c8792269aef0e18d7fc0e1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
289e49c5561442765895e15579a04b3d

SHA1
cc6991fdecde4412f5fbd942761b7c63932ccde6

SHA256
c48a915ad100ddffae7c0879f429faaf501e471e2c525c3972388a0c86a8f267

SHA512
3db1a96b95b511c849043ee17559b2066eb52c05aca27295ca3b7f44bce193217860ce1987ab9e5bc70ae42b7e5e38133382a0684a30de25ab09c8901a94c9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
9ffdf81e3e9a56304f6c09f043cebb33

SHA1
62bc1c5366fd42d9c0cd8fb1985df477e27c7213

SHA256
243e201b6a12dc5d5c6d65085419301df850bacacb1908ece4734e0152f0089c

SHA512
a0ff3a89b7d711cdb606720ecd2d85fa0f1f61dd849089592870c6752e4a9683adc494a8fe834c772472793d64160c5a73617edb9365c8a02e14c0085ee22308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
632B

MD5
8ef7e9ddb71a64c89f70f99d436cf5eb

SHA1
43243f3dce14ec74dd453d6a836f2eae70caf747

SHA256
40d832fc39d108417aa592141c987e0dad50a487cc2afec71640f7089fc52225

SHA512
cff7298035e21c6b5199550e1e53b757f6a924dcda27eea67749ffc073937429df3d3e4446e515e0fdc176148c6af37df7f40fa4dcb1f47124e02c61657d2754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
b4c9def4797967bf89095b90d2dd72cf

SHA1
3f2df1338311ca537f3fd0f63773ed146b1e52e4

SHA256
8ec6cdd1562d739b98093c97720d7f00c2bdbb8dc25e94a1b73d3f94eddc4f36

SHA512
2f8d34905321cce74814ca99f40713f7359a2ebf0c5951a4d713ed655569129672540df67751f5b7a2981141eb0f2cd935394a57017ec4bd5a5485a442777020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
17KB

MD5
1483840c9821ff69704eda74756f0cc0

SHA1
78a0cd99b0cd9f0851fca3d81b7bd357cf1cdece

SHA256
b689041caf271b24c96bc5ea6bad3411aaf277270928ec89220b806127f165f9

SHA512
e4cefc0212bde9b0b297dbae9bb9c53d00bda7d20d4ba715c3f2676edde7d84396313d767698abff8c31d752acdd5d2b97127158297702fe43f83a5600d9d617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
a8263848bb8f5fbcd38d5e87303ad9d8

SHA1
12c573f5a562e268a2c178a7825477c0b5cf9677

SHA256
b5c81422be96dccab7f9ae4c3211df1b3bc410c2fbe6a29a181f55fc1e7c1e5d

SHA512
fc6a908e6cbb8bef79fd072f63d32d0dddeebb1f40110b48bce4c0ca930cafe1b215d6c75bd68dcc35a0e734c8361840efc07213b7283125a2494e1686f2d279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
797B

MD5
8e7f9e831662eb29b33b1ebe55a810de

SHA1
cdb460467a6ed2a2531bfabae1b0559ceefb8f3f

SHA256
2fd08a33a1a1f889ba9e62cf159fa9d124fb35f70c38c4fcc3b8e727029bdc9a

SHA512
6d60398adddc8b1013f07c60f032a4f0a726520893418fa70bb41f27271d31dbd7d3a549ccf2918f07082203fe612fb612392a56f0dbb94d6c0244e6a2363c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
797B

MD5
8e7f9e831662eb29b33b1ebe55a810de

SHA1
cdb460467a6ed2a2531bfabae1b0559ceefb8f3f

SHA256
2fd08a33a1a1f889ba9e62cf159fa9d124fb35f70c38c4fcc3b8e727029bdc9a

SHA512
6d60398adddc8b1013f07c60f032a4f0a726520893418fa70bb41f27271d31dbd7d3a549ccf2918f07082203fe612fb612392a56f0dbb94d6c0244e6a2363c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b731cbb3b74748ce630aed99bef779f6

SHA1
a3eb0a8c4b3c3d7145c533ac9829e7d642c988f7

SHA256
b4a07e68bda3cbdd27edc90c54c096f77d635ba9848eaf44b08e19bc11d75102

SHA512
1ee4de8140498b49c6c87fa413b05eac3b42f71b51d1fb72543db942c74e23da62d05ea2be642a32c9684db7aed2862a08d859fe4cdddd045f2dbd08fa8c6f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5287da66f3e8bcd6b8523874786d6cd3

SHA1
c5d3e483f7f279acccc616953543d94e842d5164

SHA256
43940749487e0ada4fc1e3c12f8972c947af883474d2a2c4fdae6b71f535b42d

SHA512
99176d35f025e517996ab530252513eb7b724f341ba576234e676ee7c3a06ddad0649cad5eabc46aa357d71103d51b844064e6bc5038e96cf9cd92d307662375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d73448ab199212cf1dd9885a9d55ce7

SHA1
500a961ae5abfee85a4ad83e559569c980ab4d55

SHA256
158478e5105126d2cb43c19a4a145abf66a798beb661d1475a8b746df1e7b1cb

SHA512
8d1e48540f2c0f5fa1f58d3e90bcecff70cd69dea04b3fd202740bd03ff6a9bd1acfaf2e03667014a6a1c774b6ea87b202aeb34d67e14c5ae2b3ecd97478577c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d73448ab199212cf1dd9885a9d55ce7

SHA1
500a961ae5abfee85a4ad83e559569c980ab4d55

SHA256
158478e5105126d2cb43c19a4a145abf66a798beb661d1475a8b746df1e7b1cb

SHA512
8d1e48540f2c0f5fa1f58d3e90bcecff70cd69dea04b3fd202740bd03ff6a9bd1acfaf2e03667014a6a1c774b6ea87b202aeb34d67e14c5ae2b3ecd97478577c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9673422e3925a16b6216429dbdd69c5f

SHA1
6510e698756d029d4e7eb8807fbf0d4ca5eef729

SHA256
2f245e040c8783b51b5c0c7f07207c6465eb8876b4806dcebc0c13e3af4dd254

SHA512
14be311712934436ed63e53fac52d045fb3ec7d7165bfb8c64d09fbb14fc2b1888c42bb0a0f887c1a3728a756bbdd032349da0e5021a69d81f2e16e123177a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1fff3e94c73115687ee70b419330a659

SHA1
43b52266509080e32d5a0ee8b4be161ce2644746

SHA256
a2ac87dd7c9d99b482959bea606687491b2a3875349ba019a1c6bbbabe503226

SHA512
e475ce934e32ceee91aee898d6815466265a2a875cb295c6d6ef91adf419ed90940679eca2e722c083958bf4de1e062c7641c02108322197fd80c108dd4718a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c28ac818f7baed5cee79add6179d5b94

SHA1
dbd567f238074dd08f421d8efa4b3d26dd89285d

SHA256
b6bc26275f8472d9e5fc717acfcc056f263d6d83295e3eb8a49bb48ee117f354

SHA512
30559337c92256d520a105f81799d1016faa9600914c1019e14d15d7ab762efdd306d3bc62a68568cd04afd586c3a3470723adf8f55b75d6050950651a80498f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ecb63ff75d531891ca4a519fb399cfbb

SHA1
21fa0083c25a010739c2a44fb8bd27db8cee27e9

SHA256
1de2e6816f1fcdfbfab4b8eb4bb801daa303bc450b1c8b8badc47c2c6b6a3d6b

SHA512
2ae05b893b2a71b5c83613b5145dc4e0425083582bba50cb49408fd2ab587bd56bd3863eca05f4d8a90375ddd0bf3ca0d2d11c3adae825fdaeef9f5474dbf61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ecb63ff75d531891ca4a519fb399cfbb

SHA1
21fa0083c25a010739c2a44fb8bd27db8cee27e9

SHA256
1de2e6816f1fcdfbfab4b8eb4bb801daa303bc450b1c8b8badc47c2c6b6a3d6b

SHA512
2ae05b893b2a71b5c83613b5145dc4e0425083582bba50cb49408fd2ab587bd56bd3863eca05f4d8a90375ddd0bf3ca0d2d11c3adae825fdaeef9f5474dbf61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98f5a5f1474935b5b5cfc48912e3ceca

SHA1
a5939b0b1cfb908d3f61708fe3b9644b6d6f4836

SHA256
de73382f1e3d998fc60882ba2d89a430b8e5c8d9856887ed026e6243a36c3294

SHA512
6842e8b7d47e00540ad64c38280e725f92de3e61243dfcf35c25c9eae29ce0e8501c43340f47db015d46c920e36ca865f58d1d2e701ac35402548993bb14624a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
750612d6de9cf707d7c9f96650a556f0

SHA1
84da558a06f8c833aa37cd0a176455d18737ece2

SHA256
1cc68e2b8cdb7cff450a45507a233cd4cd85ef12bf6c231d92760703b2fef0f3

SHA512
9e5dc239080227418dcec10ed4735424a5ecdaf5afb3d71509a64db151b1d6b7eed99724b7c2e694061bd3dec58f79c43d186c367faa44bd88ae49df2703953e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
02271be2db2e4343158fb43c6830e522

SHA1
68645e6fc9d183576f3492cfb001d78b5ba4046a

SHA256
e8df78c2e542965ea7f83ed82dbfd21f1149d9df7446cc244605c0fea2281689

SHA512
83ae9ba7b39d7cf25159d63f13c8beed1006beb7acebd9a3586f8921b979fdda573853d6e2aa9ee88a3d77af5fe01639ac374c3db2754c25eff7f81ae7fa7887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d7fc3bba51e07f5e716ba479c11a7a64

SHA1
d64093e3a541ea92382f968d532958436cfab1a5

SHA256
7281a477fe2ded08adc3f997c1763199dc6e40d3b2d665e95e42edec9b46cb0f

SHA512
00eb7511c75c091036bba900d8bbee150e782f9d3b2e23cc4b0f581ef1ae431a81718f7a1cca1fbb808137cde2d19521cdfe3c493c4a4a3a8065bd646ff096e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d7fc3bba51e07f5e716ba479c11a7a64

SHA1
d64093e3a541ea92382f968d532958436cfab1a5

SHA256
7281a477fe2ded08adc3f997c1763199dc6e40d3b2d665e95e42edec9b46cb0f

SHA512
00eb7511c75c091036bba900d8bbee150e782f9d3b2e23cc4b0f581ef1ae431a81718f7a1cca1fbb808137cde2d19521cdfe3c493c4a4a3a8065bd646ff096e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
823B

MD5
a8a83101333564361c30e6098b3b65c7

SHA1
6d61aabe6263da90814228df429a08b9769f9a40

SHA256
8167b197668591b06c4f6ce4fe2d82ac4b2bcc340ec1ac2206af3371475b332a

SHA512
90d06d83677ed172d0c6c1d5d79bbfbbb1ab138ce3b6a087cb53e0e0535a2bcfc8422ab18e53d1bd051de7024f37bf14eed8b9ffc5170bc8f2ed3b918bb1f0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
84fd65e5e7be1fcdd844b4bd2bd9f138

SHA1
74125bb570423098431ad3fefea6199b817b069d

SHA256
c98915b7ace5b7a9509d94f9858b5e0347cdf722402a892db8e337f7511706eb

SHA512
b233ac44876b6995184bc86b069521154aa33f8cf196b7503cb4afff9efe2ae34820fece64ad47122a16f99a0b4f73b0662db962d47f00df5743af97d3f1e13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13340767794471953

Filesize
1KB

MD5
58b73fc6f6b7eaf24ae7ad615eb01793

SHA1
d856aa38fa2db40021f802323b37470ef6b94871

SHA256
91645be48c601ffc7435dd377882cf276a9b322b972b21732197082dd8cded6d

SHA512
ac29034b5663322d26cce93dc117b052d6ce080033eba031f6f4470d71d2dc1833255aa6d1ce1ec3e79fe9e3eea0c3f71cc6ba10628d55477dd4d74fa0194e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13340767795136953

Filesize
2KB

MD5
41e966044a1943ce9f2f4d439bc339de

SHA1
d624bd011759d8eb0d1f018ba61db227439a3ffc

SHA256
9ea8ed6eef1f7323bfd0b30e4805cad402ae47dbb67d50216998e25c1aee65be

SHA512
6f43af69275b729f54e378068d328162f07091226fa6a79efc32283aad83501ade702cf5bbbcbd2a6106de3a10ca3b979b106aaa94060ab766a2ad9c2bbeb9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
784cba890f0d838dd0bcbf09e507a3b0

SHA1
d610274da10a04016fd00ba2c12c28b02c35367b

SHA256
522c1a151f1ca0728d5766ebf61ab2516f9978d213ed70b677681a5b92c6fbe1

SHA512
bdc6430161899cd9f199f9492aa3e9a91e4a3d19bff129b13200ca763f66f74086c2c2268265cb5a1ba2d7790e4a3b981732e2c6744cb6027e4f507d54994857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
44dd3cae1c3c399aafca95cada8f37be

SHA1
6b9624cadc3b86dfc43359b28d5ab5c78cba4e43

SHA256
3443a45d5019ba42c43a8fddb7db1846d5d5767602dd27ed506c0256a2550f1f

SHA512
0d7767ba85fb544d9e7bbf659a6500d52919b0a40f62361922cf08b65bb2ee1282b7ce14fb8504eaedd09b01f205363d5dcf396d442f72c3439317f057eb9411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
9cb35ec18a6d409175a3c1deeb64356e

SHA1
fbc0fb89c4c2990da11696bd18b1354c56dab357

SHA256
aefeef9046e702c908a6ac1afda6f7f419cf36bb807f0183d4fd7d031fa83383

SHA512
fce11dfab55bd0d2ffee593dd0f081e29336c07610317600a77f825d142eaad4b09e70041ebc46e22a18e5744493a43024d74cf712de49fa3ef211c28e53b79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
75c5896f30b52e50027bee5df9560945

SHA1
7852fd1a86b16ea40b2b59775fd100644518eadf

SHA256
5aef3feef5e571474ad218c4ad9ca725886f38a461b9ca1c3adf914417c81a8c

SHA512
6b93f7ac1e99020b71ac862d28fb27d5ae02441cd9cd1d1c72180d40c81aa8cddea4af21da4f9750f189647b595ea2111ce2498f1088274f4f07b18ab8da92a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
10ee5535995c68fbc0fcc9ee5c5c4188

SHA1
5b90624e7e619dc8a39f8275f8d89942cddb7b4b

SHA256
d6ac330934567bca52c16f1dde285693d7a70f181246432578594d1c302849f5

SHA512
adf719f677730b9b6db6dc08822505cdc45c6ed2eb4569621af13a04c323067ca13ad181e997e910a6bc164adefaecfac4f00951702e4635c54938573fe62cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
9c9d3a64e02c67c6dbc24b35cc26bc7b

SHA1
11e920982dc64bb21b18059bb34cb4a92f7bde2c

SHA256
a2ac202a9719e89a9337006b6fd51440d890ebb9db9202d449dcf7da1642f2ed

SHA512
6d16b45c72f138583aad590fec7811b2fec0a75a745ccaaab58d1f0a4860d55fb6cbdb69ea1dd41791ec0ac703e28a6d45a2b994b8102dfd4f0eda5f31d7f771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b0cbd7606545d1a8fae794f25a187d3

SHA1
6237dfc650bcf35f148a05ab4a1f9ddfa3000106

SHA256
21d5f89a54513a0b6d1a9a5c652e49633ae98a460fced53787491e8e9cda4389

SHA512
4205c8ea1801ecb13966a38d5282d20f0ffc07a9418d3bdc6f3a00c8a2fc55020c7785fcb1ea49d36edcd36dc5129930b29ba763509a5eeba6b5f37af5d08a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6110a6528bf669562e594de85234dad1

SHA1
086862bf087ade35889310d5b6b7da893d49362e

SHA256
dfde0932707587fc9711983696f7980758b33f1bc1011fd81a44bd83ea1c5d79

SHA512
f71a8d3d67e7c3233d7b701fa323a1ba42774e174d45878e7c7724bd2716ab3a7d0e1aee1312cf219c03b07026858e0ca8180ba96256e17382aca3587f614458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b4e0f572de0ef085c0b5c5c47b448c99

SHA1
3f0b47be19d898503383934c08a98f28e33df144

SHA256
bb8f8abef7c794760beb5f670dd47efa475e8c60a7f9ffdf39c29418246af0aa

SHA512
ff119c8951f7e86145b344dca4b0dad5e54a3aabaf82b564fc45183570a85d43cd7cf3d8a3554716d25de4a88049ac9e061e701b9f8e6e553ecca16adb338af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d0b5b9a5-bbc6-487d-b43e-968b8f700e42.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f1f5c2c3ab83954e460d83d06a730037

SHA1
4cd18fb2b94d036f16a67a1c6d32345ad2f659a8

SHA256
33f8cef563cb318fd509dab2b8e2196cad97d39774d6b84b1fa5abf88701e7ab

SHA512
939660429094162ed326d9e8ca943205eeaefe99ddb65f79004d118700da1f578f5d3b45c94134d1115436e7e57bf8fb5f369b64fb6ed06e0f21df59c747b003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
8f27c8ac9bdb15241d91750e146859d8

SHA1
938d95b5dcd2285870e5d08ad9c66c8406b45b62

SHA256
6f3f1fe3fc23070df6b44a7db1ed808bd839e47a7a21f81ed6e99aef4c014baa

SHA512
d28549456c49ff235b34af776e52db3ed07afe2c3df784cc9a43483d9799a0824e43e76b84c8ae17f2672aab9fa8158eaf737c764f2a08dd078280e698dd520b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
4a18aeff243eaf2ee741ff55fa01e768

SHA1
c1689576caa4922366fea9f8bcb7149de4fcdc2d

SHA256
b249802a8069c4e197b605dd5c339c0cc94b4cccc2c88462200d872454345277

SHA512
9c3c8b916fb80022196f858ebb705cf34da2d7add2a0e93fdbb70402e391f0acf8638fb24058e46f4da11dbef046abbff4dbdf16bee56cf4e2c86c71fb9c5ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
7d9abc481b11ba29b3b50cec0169f40b

SHA1
a169e4808332373e84d0976fd403a4626b93f9cb

SHA256
3121e4230ca4677a7d6f4ece4521de82629d685d0a1eba0a010589f3f1c9f3ee

SHA512
c1232c965663152e0f56461734392c5dc7d62985944e8126891f06fdc0eddad3e3979bf69c5368d107e76e63ce22d67498abf50e0476e7f703a7af8a7f8d21fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5d3c4161a77c28c6771779d66b1feaa1

SHA1
f0f6e7d8440c3a35613a47c5d91896a9ccd51194

SHA256
48cda2312c9fc0a9085d84215c7b990fee37354440bf3491ef285a318f818147

SHA512
0a74eb7b45a7749c3758bc4e8c6ed6a539951d6677a0e1fd569a4a982515109b17a6064198117e8a7c855d33200289b81b2c6e7137e6c9ae6ce094675ad032bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2a10813ccebc912ad46abf0ac8cc3fc2

SHA1
d16746ac7ddc38cdced4cdfada87442c0beebb5b

SHA256
81c1e9bc1295ad59a486c415a5f9a0777fed42f5182685106390d9efc96591c9

SHA512
796764b98413d378203cf0f654c725cf55f6a0f93d810476faff7f464b27ecfac60800917f1e0103d40768f2181a31dcd4362f3f836239a053480d801f51f22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
d1dc8b1c9f0bad02de9091aec2e2ec78

SHA1
87c1f6325dbb25ec24027c8c3a2670502632d0dd

SHA256
2ed1004b0cb02cfc5f50eb369b59bf525dd7cb9158106419b8daa4886c509d25

SHA512
ea299680aea16d0bfac0b81a7a7a436bd951487a21356189bb1769f923238aa1a34048302f2aeea2ea03ee6b66c5d827595f6be6baaa23effa6df08d09facece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e2dbfcc9ac9f6ebc6fc872929fcc138

SHA1
8f06995f09164c38c4ea555d36dae79ddd0ba898

SHA256
67ade786e5d2f3849603f7f0033691440598c238c1d532acdf961d850e08d1cc

SHA512
dfbc5e48cd0303c1a748a5214a63ec19db826cf6f1493380d2bb442d277e08be7ea27221e08af83305d77d185e9b10602eb41d587e9637b5066b2ab279b3a24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0953c7f06813b9ca528f70e76d76bbce

SHA1
aec2c0b7990c41231f91644d3606ac56a2681e2e

SHA256
cf4b6d5ca9ff59a1889e24523c9bb5d42214a6b07a3ef2e4b205617c12f4cd2c

SHA512
cf61c44493c9c6569dad85f865ddd52e74c67c57a8a93ade633d083e89ad28feef6201c19487a8a5169782de22f6a1971264d5ed211944ebe4178074681f7410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0953c7f06813b9ca528f70e76d76bbce

SHA1
aec2c0b7990c41231f91644d3606ac56a2681e2e

SHA256
cf4b6d5ca9ff59a1889e24523c9bb5d42214a6b07a3ef2e4b205617c12f4cd2c

SHA512
cf61c44493c9c6569dad85f865ddd52e74c67c57a8a93ade633d083e89ad28feef6201c19487a8a5169782de22f6a1971264d5ed211944ebe4178074681f7410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e2dbfcc9ac9f6ebc6fc872929fcc138

SHA1
8f06995f09164c38c4ea555d36dae79ddd0ba898

SHA256
67ade786e5d2f3849603f7f0033691440598c238c1d532acdf961d850e08d1cc

SHA512
dfbc5e48cd0303c1a748a5214a63ec19db826cf6f1493380d2bb442d277e08be7ea27221e08af83305d77d185e9b10602eb41d587e9637b5066b2ab279b3a24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
767c06c1433fa721bc00a5562beb121a

SHA1
2cec529e938deeccb1fda2c95e60633ff454beb1

SHA256
14915d802e3111fb5dd56948d0175ef77045e4d4f99167c69c1d16bc6240a03a

SHA512
ec7da2b8299f122b4efc118a7d0702480f8a30112411fed0191f352ce4f100aeef7ecfb3ca8415e8078dccb379a4e56fda25b640fcb42e043ae44bb1ac873864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
8487a9c67ee1d336b38eb2470cd0f13b

SHA1
72b03d54e4be1b5c0a806c99e6887fe0be043cdb

SHA256
66d4e72f15690a72a2e311a4ea0e2eed57dc9cf8b686237af9c67575be68bf40

SHA512
f830a9cd38633ccf089127869f56bd39befcff93bd0b4c5a88276b8cf077edd8067021cd17c275cbeb90d4cb435fedb0ab46557b90f93019ff3ccb46c7c35836

Download Submit