hxxps://www[.]upload[.]ee/files/16285755/694_LOL_VALO_ACCOUNTS[.]txt[.]html hxxps://www[.]upload[.]ee/files/16281855/2K_LOL_VALO_ACCOUNTS[.]txt[.]html hxxps://www[.]upload[.]ee/files/16270660/1K_LOL_VALO_ACCOUNTS[.]txt[.]html hxxps://www[.]upload[.]ee/files/16205015/4K_LOL_VALO_ACCOUNTS[.]txt[.]html hxxps://www[.]upload[.]ee/files/16198035/1K_LOL_VALO_ACCOUNTS[.]txt[.]html hxxps://www[.]upload[.]ee/files/16193921/2K_LOL_VALO_ACCOUNTS[.]txt[.]html

Analysis

max time kernel
60s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.upload.ee/files/16285755/694_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16281855/2K_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16270660/1K_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16205015/4K_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16198035/1K_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16193921/2K_LOL_VALO_ACCOUNTS.txt.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
2548	msedge.exe
2548	msedge.exe
1948	identity_helper.exe
1948	identity_helper.exe
2716	msedge.exe
2716	msedge.exe
4256	msedge.exe
4256	msedge.exe
2816	identity_helper.exe
2816	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 3056	2548	msedge.exe	42
PID 2548 wrote to memory of 3056	2548	msedge.exe	42
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 1608	2548	msedge.exe	88
PID 2548 wrote to memory of 348	2548	msedge.exe	87
PID 2548 wrote to memory of 348	2548	msedge.exe	87
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89
PID 2548 wrote to memory of 1544	2548	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/files/16285755/694_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16281855/2K_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16270660/1K_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16205015/4K_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16198035/1K_LOL_VALO_ACCOUNTS.txt.html https://www.upload.ee/files/16193921/2K_LOL_VALO_ACCOUNTS.txt.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff25fb46f8,0x7fff25fb4708,0x7fff25fb4718
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14218474351947946003,11566320009511989663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14218474351947946003,11566320009511989663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14218474351947946003,11566320009511989663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14218474351947946003,11566320009511989663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14218474351947946003,11566320009511989663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14218474351947946003,11566320009511989663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14218474351947946003,11566320009511989663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25fb46f8,0x7fff25fb4708,0x7fff25fb4718
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11750511401096092035,18437985639149510783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d829a75e48d99afb0040a2391dfbf7eb

SHA1
6739a4bb4932b0c8f5302e9c9c6512e0d65f13bf

SHA256
0d03e8287092be3377d4135da02f84ab5016e7a4cbddc670f8e6ebc008b93712

SHA512
3bd66452adebea5c5c3441418ec0c9acbd58e9a13b2777c051f8c576df6adc7224ef85aaac93cccc86b473b9fa78e2010da88cdafa2c7e919a7ffbcf954ba021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3624cfcb355c6c7888cfb022b59a03b3

SHA1
8269bb7265487ced0f15c3705188714640d1df3f

SHA256
28abe3d6f18ebac6166dc8dc601f6672a609bbf3d857d4fb1d9e8f6564ae172d

SHA512
70b3510103bbd50779bb464806d7e15e5d3044269edaa863313fa5ea5cc9dd5fcc3d3e000a4b5f2c4b3fde604c84a89b85a1a12ae17797ce3ab80a23f61fe802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3bde7b7b0c0c9c66bdd8e3f712bd71eb

SHA1
266bd462e249f029df05311255a15c8f42719acc

SHA256
2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

SHA512
5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cafa4c8eee7ab605ab279aafd19cc14

SHA1
e362e5d37d1a79e7b4a8642b068934e4571a55f1

SHA256
d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

SHA512
eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
474ddf0f6763aadaaabde2daaad4dc14

SHA1
92a5fc07f99c95d0d0d02ec5ac5be0f71a2e4fdc

SHA256
4c7beabaa69ff97ffe7b82d7721027275f8b0cd1a1d992d94249e31a3cca7509

SHA512
21ad9ed244644a54253ae1652330a5aa2d539a0ed7c374057b1369970de67497f7400b6d0ba4fe161fa11f785707fdb40568091bd50f6c35f36586215c4e36f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
6badb8e960fcd1898433b0b9f9e71ec6

SHA1
7a721bf877212a39499ceb0f0bf3e171bf04f747

SHA256
3147ca8e5eaaf92f3f62358c0839387832950937c6dec534040ac5dfa7390fd4

SHA512
02783f09ba22bf747e61956c650528e5a1ab4ded119dc6ae0b3edd44c36332a1a9660110512c41b7afe30ea3709bf1a2ee267a6d964d87ea9f40bde494588ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
24a3175a87dcb12dcac06489a1c831c0

SHA1
93a50189c19c0e19176ac5e8e4945c6fecd0ff03

SHA256
e6cf756f41701183ce0a1bf027faefcb5c88a5061487432ef827825a0aa6e6b9

SHA512
e74266eed1eef53d6fd4b51e6a219d0c83a30ebbaa46470243bd8835337c8b63d7d72af191c9b48b957fd55b008301107703b9197758c71fe4e413836c1e07a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
ea6b835bfcf107f7a64a9faba2bd73b2

SHA1
543055caf3ce098d217431babdad9d7bb9666315

SHA256
6e1d5bb0c28e1248f56c226fe57b9221ac31319521586892b1d510e28a0f1419

SHA512
c0be6957ac21fbb04345d8a059c3ab1f84eb8c4b83b22d92e414fa884ddd990f86e5feae65302f23f76fd5df6891181352481e9f2eccd2791f8b82d8970c54e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
287aaee15ca5067586d60c8e00c309d1

SHA1
c8d26973fa1958456c88628d4c623b6e125ac334

SHA256
8a29385da5f1312535ca1e49df9e144bf84523772dc741b7504f1c0ed0ae3505

SHA512
f81f463ac9f2a4989c58c1c3a7b1623113fc5421bb74c180204419ef60818bd6fdd8a6c099aa8ffa0e24debe01b17888f8e7be4061f29163fa9a445f867ca5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
d1c7ffd3ebac896cffa621ae6834bbcf

SHA1
a1a0a718d9632188dc8360e88ddb5e17d3cb49ba

SHA256
f99ca4a13d776903ec13a49719afda4dcdf3cb0265713b2dc34ced9b2a85f2ba

SHA512
c6e2654a6f5a621beeafe1159751e3b7fc5abc5d8e650abd043cab64dba2c576e4fd07fdc55ea2ced8fea3394b011b8a794f8429992e0e53309f42a8aad2b3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
01537daad3e32ff2213402e85c3aef69

SHA1
2a3f658c9c669102ceba118f80e97f0f253cf6ad

SHA256
b7a26c5101fb6509d6a697cce4a7cbd4eaacc35f3d7263a1ff1a9d23a04e10b9

SHA512
295bd34755b6d75198a1e6f0341ad327b84522c34a0e6a61cfccf7e864b10812549dc64d107c1e0ab596e4dce5c02a4d744897a5e153c0c825a5cb8816777528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
1c94e65b909249e45dc9e91b71296443

SHA1
bf833b0223424f06e71f315eb90bb9997733f17b

SHA256
28766b7b9f68a3385c2d68424f45390a9167c2fa87c4aa857b3f9dc2be4eae31

SHA512
d6c7aaa46bcfb1c8fce861046d87f0c956c2075bfca8c392eb0ab94c7bf1da17f5a9969a87ec2f18c352a4ccb4346f66fa3ccb35be2117777b0f401cee94f592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
1a4df7f0d11b502e2ebeae6edadd614b

SHA1
6068a0c628638682d89942088ba94ce3118405a7

SHA256
e504f8306e2be6ab70b23abb927ac859c1d602260a500596b7e229e8f66ac534

SHA512
7817d050b4f41c54e450823d6e86eea9b439d62b16adc020e04ab9df2bf829dd4eb8a77656e48bc364757c74fe86426d4683a92a28c36150d8437757b5391bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98d0e6a33e1c2a99eab42f9cc04e7feb

SHA1
94fff08a7a60645890cbc8f342e378d2c11c56f8

SHA256
89391c29f997339b3d09614175a45d113043474f3fb99b477e1890e42f04233d

SHA512
e2844c66583a57b0609fb3f1b732d37f91141fccbab7068f69585ce0ecf76f9bfc013d68efff415abcf1511e21ffd640623a95e5031ba30a3b9fd3e766ad43cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d55405f265abe917d7a0a81f04ee09d

SHA1
f2010f79968222a01691cfcc6325c71743e56d5f

SHA256
3d22a60a66b854b41e3ee7f2c75b18a07c5aeec746b4c3fc79626f0a28fe05e5

SHA512
c390bd1e79726e81fb7f1c4502b9ca162f8aeae3385eca2cf806d3eed2b734b6db7da56885f1e0a0d3b06b793a28545a321dbe15ae0a3d49b3a515cb6df3b20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
638a12a4f50f1de7480c287955442e47

SHA1
5b045952b9743a7b3480a06595de2a0ae5758b51

SHA256
25ed6c363d959a26d0d4a320301bc2a744f9298b3dbb722fffd43644913c470b

SHA512
e11e732d848a55e2b647cf5ad78ac03797164f2cb46fe91da8e54dbcd6d035f966455b24cc7c7f90f4e2da2ab2fc660b59bce06d6de30cb596c909fe7b9d9fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90d711575f8afc32c648bf17b6192349

SHA1
5f8902df60ef427153d6ea73032e9439dd593d69

SHA256
f1e58ea239bbb3a108955dec6ee4116ed5b03d40685bb0841a210635155a9336

SHA512
30057f1f0ecf88ea161b807af8d049d341f0c2ff29dd1c0f81b820f3759897757abf37dca57f064c45f68e024cc77fa58d8ec7273874360690939df3b73690c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
82fcdb95d58df484baa59248e3443046

SHA1
090aef130adf1f3ad131a0b7b9d0c9c8c831bf80

SHA256
f981ceb6cd7fc99b1106aa45f24b2f6aa8c90d14a7e15c6f1a46f6faa9729c0d

SHA512
86d38eb1a0496f204ae9254bcefc947ed8c047bc6c8b8ca03cd0cf2db0ae06dfa580904038cbea17b9a567207834622b203f02ef09d424c896866b4c57906189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353218912232184

Filesize
5KB

MD5
6c045891ba388d6d1a7a8d6fe7209225

SHA1
ca0b268a8a122b5e445fe0308a15951ecdb68e6e

SHA256
f4da1e5003d3548f7f81b8e124f65f7f02f1c3e96af327bcbf015967271678b2

SHA512
22d664260ea7e4c9c830f2399bc8596df3f9e8566509d5d48e52144de7f09464484ced1812ff94aa8ddbd6b39e25a5a7389142d2dcf64dd2c5a9b67f85a6ac01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353218912607184

Filesize
3KB

MD5
692fd393f77b47f7833ade0e5da01c12

SHA1
417177d55a4328c4ccebcabcca244d13bf1011d0

SHA256
135da451d4f5f44ac1ce1d878c8d4746dd72fa7aa2dd12cdaa546110e0d3df80

SHA512
c2cfe88c6311d31a6505e36fe30e2d820a16d3a714a4ae237a4892d45e4acf3070fbd6fb5860ca2c34cf7436fed6d1305415e6425b064f9d758ffbe1c143e672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
21c89263920e9f0d240ad7e75099cb21

SHA1
92199f6b03677e4fd97a382bb475a75d414a8290

SHA256
5d774f995de3f8ad2075e2a835370da2c8d8c4c7cd3876a881aeee3afb570186

SHA512
4d57c85056d09e8a9b0cd960ce8c55c2f890809ad156ef264d11ecf7bc7e638e4b62416dcfd4a9818f958c5468494f3d520ff92fcffdcb74fdf6cd954aebd851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
e1e50d9050d26d033ae14486b2a7df55

SHA1
c5724973177553caf9464e7ec3dbf9033f6740c9

SHA256
c860cc5d0847cb3c4c73b369b9bf82c0bf6c3155991c5a3b80252acc13b9100e

SHA512
0dbfd1b6e9d98ae2595b60aadc11666cecb032e04f538239473827502cba88a8fef81874f5b9d1c9f333b12a5480492f35b2c946153773c8fa0a26fcdfc66f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
48a588ec75174a9215f542c2f666d23a

SHA1
9eed8d3cee51bf17cc715753de4c70a0a4a62e4c

SHA256
e737e4b92d4ea0356d2c666bc4c56709d36c68f28f22ed1154d50f78b4612037

SHA512
98766b8f78759d7f9dac03be290ce14b095ea6b146d65460b99e3fe96d9c01e4c8d41f603c0a169183f5d84986a06acd61f3460df51116df1a2ee839a5bbe435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ede194727e736848df26fac1f7b317e3

SHA1
042c2873c60c956322af8c34cf5a9e0d9e652e9d

SHA256
8e312f2a09cc21d6ab7770f0456e042366b9e1f6ce344e590497882e53b864b7

SHA512
0c0b6155036be34f007bde67c67a92151a7c3c1e0290885883938142f7712e8c8113ed72bda7c56a4157555af43b4f5a8464cd51dee356ec9ee9d9e95916e721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
d9db4cd18a2055b02495f38f40cc3d61

SHA1
1353d3ddd770c721c3b23602caef2fd65863fdef

SHA256
39e69b230170bbc7e1f3a347498737e12de606b5b938cf27f1412e29f78faaa4

SHA512
c083413bbee730ea3637108eb3512d6c95bc73c8163fb925706de14afe25f36d7f29cbea9e38bfd4ef8f01fd299eb4ef991eb3780ac3dba390e4b33d2a82cd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f94c7738-3e8b-4417-a58c-6bd67c7d8b8f.tmp

Filesize
7KB

MD5
a975e366a788516429a2f0826f2765ab

SHA1
49fe68449830d407ccf1559d44e96f7d84753d1e

SHA256
d337d31187f6e002e5cbda9df4b75135656d189351b98a7cc331ff76332d2f3a

SHA512
20e45fc7ed35f8e056317b80767864942ad3d69f0b4b8bd6ece943743a6ff5e5aa5e716795041b4769b695e507831b8514b9a72aa2c857c393724b5553f865f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
a940544b184e23452df18e79e933d74e

SHA1
1e83b480b25ff139a3e7551737defd49fb0ca995

SHA256
f28873b7011d03cd59badec64a8e05e3c8dac4a113758312b26a3c1efc6d60c6

SHA512
91a95a241278f233f4a342747932752564707c92aaf1ef3cbd20d06d11d378b4bb25dd4f6bc65247d10d5ae0d00d0081aeb837725f9d8ccbe46293f058aed2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
0cfe3c540b3ff2af21148e7fb1847004

SHA1
410f72b7f7a014a2d961c38fe62a96ccd2643edd

SHA256
5c7eea083dbff6321abbc28c746a4f6038122318530923ad84443dce8a417f4c

SHA512
28297ee87a7aab1a63bd8dfbcd0f3b16c4ff01c7a24433a4d605c98b28ce66320c1c7d551a14dbef9136a726b4ad7ff33679b0e87ecf24f14007f9f8c3ea1cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
2703326cf56723e17d00e81d58653153

SHA1
912fd14ac9471d28dd33e323dc24d29bb99d676b

SHA256
0a2ee09ab3c7b3a0aec766d4169a248bc183fbb72f88be5276d863130ddc442c

SHA512
e3cdf69f2d698d0baaae2b11780dcbb7e3a2f62376b6b8f9784f31461932b854225e8e9f0403cafbc6524b1b6d212a4996bdb5f01abb87a40c0d5538ddf8c755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
633d9018565db2778ea0ccd5b1a986d6

SHA1
4b6685e2e654b26e038d1f96db79dfbce6cdb752

SHA256
853da833ce2fc864c319b409d3229dba4e564a2ee2494f29a25f33e03542c6f1

SHA512
f672a7b133ecfd7756373a46cbfe37f6b297c3f20fbca8d0abca9bcf2de4bcf44fcc3d110789d66d3d60aa7d283ce17c570945f4a5966cb71521f3e0b8283931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
eadbfd6f0771c8a940f162d10fc4e11d

SHA1
aa7b6edf73e3ce00954466a87a5731a668399612

SHA256
a5f3ced581e0ea286568d528e731d72486702f475501b0c01e98f912818a0991

SHA512
4b88cd3faf98b90f9b6fec45074a5f741d685a204cf583cad2b4d48d7772b42bf2a583a1a31645eebdee7e37a59ef843634ef943e8701a2b17cdfac4409dec67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
fa624cb792bd659e787176a4426e182d

SHA1
ddd225a801b55f3b130fdda559b6537cd0fe7983

SHA256
a78f1e4fbbe9dede7ab91e26b9f307f84b7d6d5e19e004fcfee2039382dff1ba

SHA512
0850c545b66f1ff340c02a80bf74645802ee857a37837c1be41bbd9d84627d1e4f4f4deb93f45637851dde1c4456a5efb9a69a01394760181cf28f5ef75c21a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7e63e0f65ec24394d4b7069b1d11bb88

SHA1
ccac0824ca167f3fdccd1b2ff2818ec7b9dcb20b

SHA256
0f83be33a936112077f27bb1c16a5991e508ab096a0392b5bd7be0581e807bea

SHA512
666193f034605726d270729cc12397f4a7f1c8d26b254c87ecbfa08bf90f8b677cd6a9ff8cb8a3ccc72731fe6a1c35377af6a095bb59af3a4a128b300067b857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
bd9cf3e47d9a54a6912cce3fe03c5dfa

SHA1
857fed134e307faade3b4b3d9bc77a2c55de4637

SHA256
4da0e989f73c988b305ac7a80bb925fc6d519091b393f94c761bd11e0c34a1c2

SHA512
eefc24c3458997b2a1fb39957705908912da3e32275e77f40673414fe844c2d5b9fcb60e743dc16be968a8b5e3fc500bb69b7747049908f3a6191a81e18e96af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ddc8ec56c389c4bb19ac2f90a298dfa

SHA1
74c45d64c256342b20974af3e9b24b58bf8a1eb1

SHA256
fa1cc056369a8f60887f8a1b1efe6bd49ef8bfdb13043afc7b832c56ab2b604d

SHA512
ffd5c1ca46656d5affa2374e2d802cc162197431119fcc2beb4c3eefe887b1bb185f74cb664667cca573bc0f0c5d241c1a90eba35b2a68ab72a6991442331cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
daf27891837c2732ecc80bcf9b98acc1

SHA1
2709e8497ee60ccb0c3a5a7b29ac8c90324be72b

SHA256
e8aec2f7f76507e6be406d6f2d911097cae1acb336ecfbd101fe4916efb6a632

SHA512
64efd8f34619e2148516a3066f1bdacd18c00ee04ab8d383d4b8dce46f6aaa376bfc3879f374ccdc16a95c1c2f7f9b362a5f44040c029a026de0c8ac75cc42ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
9e5f230cfaac39c5d9019442d8b77129

SHA1
dcb24709e63e98f70d8e3b4bf3473d3a43b7d489

SHA256
ab6e6c624877077c44a10412edc6f6133164c659dcd71f01d5110418ec86e769

SHA512
b906584f0b9d6758200d46d2b1decaf4ee23a77299bc1686095333c2bdd846544d3d738d14299c6f4cfcd924469b01f3269c73751c42d5d6f7adbcd8b9149ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
6c5aa198f9422137b9c0f1902a6e8aa5

SHA1
1f43212816c5239561f2b37e6c4ee082877a6474

SHA256
c2e4a64a5cb2da59de3da45641a130690dbbd782a1c6a3838de1acb28f1c52be

SHA512
8571cba163f998aa149f29dbb6d6130a8c74646372dd97394a4a8d22ec1483351c560a0e11cb63a0a2e8319d0f0f2b0b4468b53b423769ba078f35cd7815456e

Download Submit