745231b114be9c085ecbe47d390dcaf2d7756af6f73705e92bc79028dd1a6d63

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 16:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Detection (u4u).exe
Size

4.9MB
MD5

8e4a5b6ab6391d226e9114161b276f40
SHA1

1c70a1c8f796ca24c90e27c01cbf73e2bc1dc09d
SHA256

745231b114be9c085ecbe47d390dcaf2d7756af6f73705e92bc79028dd1a6d63
SHA512

8bdb8c572870abacf4f61bfc2bbb9d8e820387242d2b3ee07494072d14160cd501245af09f8618a790af991f3a3d03b172be68291fb7f86d3d31238a5733d2cf
SSDEEP

49152:Wm7UEpEucDlO5Z/e0k6KU+e69qSr9MlGwxFRnsB5XuAjJIoJgsbtEVjwEriD602N:HZi6DNkU5VnsB5XuhsMJOr2SRj4

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Detection (u4u).exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Detection (u4u).exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Detection (u4u).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform ID	Detection (u4u).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	Detection (u4u).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Detection (u4u).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Detection (u4u).exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2200714112-3788720386-2559682836-1000\{30549D81-2AC5-4DED-A6E4-B97B5FA23D2C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
3352	Detection (u4u).exe
3352	Detection (u4u).exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
4616	msedge.exe
4616	msedge.exe
656	identity_helper.exe
656	identity_helper.exe
1136	msedge.exe
1136	msedge.exe
4904	msedge.exe
4904	msedge.exe
4824	msedge.exe
4824	msedge.exe
5612	msedge.exe
5612	msedge.exe
5276	identity_helper.exe
5276	identity_helper.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
644	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3032	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3032	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3352	Detection (u4u).exe
3352	Detection (u4u).exe
3352	Detection (u4u).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 3184	4616	msedge.exe	94
PID 4616 wrote to memory of 3184	4616	msedge.exe	94
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 924	4616	msedge.exe	95
PID 4616 wrote to memory of 1456	4616	msedge.exe	96
PID 4616 wrote to memory of 1456	4616	msedge.exe	96
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97
PID 4616 wrote to memory of 3288	4616	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\Detection (u4u).exe
"C:\Users\Admin\AppData\Local\Temp\Detection (u4u).exe"
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe777346f8,0x7ffe77734708,0x7ffe77734718
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2037425110660011534,6713782747814910754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:5564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1694e1c8hbcefh4b70h884ah03ad635a2215
1⤵
PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffe777346f8,0x7ffe77734708,0x7ffe77734718
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,816456429421766755,2285532942242919426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,816456429421766755,2285532942242919426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,816456429421766755,2285532942242919426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe777346f8,0x7ffe77734708,0x7ffe77734718
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16984271629473697048,6152179951739332686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
17e38ef3ec09d0fed52203593574ec81

SHA1
38eee82b065344f8081052b0f41e93a82228dfda

SHA256
b26f836821bdd3162da6effc04dab2c00e35402fe0d47064296c31555214c1de

SHA512
b3d71d09dd2a5b8bf3198e3d23489ea82439b82360dbc308a27e8e7a89b47e1bbd3d897eb6b24323796ae52d61e26a44d81b416c25ca8454f484721b93fae665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
329413e2a5a67de0e5adb202e8652339

SHA1
58d0327a0bb2aff7c1f8cbfd244e5f5d50894206

SHA256
1804cb4421549d06a4a1087aff7f778065507dfe82fb3ca819bc33133353c8ae

SHA512
a02d9d7448dbb7c030819ac8965cac73098941e559a8c525567507cf4c77b6f83ea655483236483b269a187e07f472d9a3fa78364339367077b9781c8423aaf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de93bf026b129cbf30c381a85e7e49ba

SHA1
98acb38627480454718c33b0e23bc1b4e4140cfa

SHA256
898c64818b62c844d01336da25e0f807037de7ba82073e46837673cd920679ec

SHA512
154007ccea51cf37dc9fd53a23eae8329f8f1c8288d74d12f265f6d84a50b6299276234c908345f259a50cf69aef22d215a400cb520ca47138d71fc00b6a752b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a55a28c-3fa9-4447-a514-d7b0fef10233.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0871d66b4460af0c759f00e9687b0519

SHA1
27d78412ff445f97066a6595cf7e09cf76284ea5

SHA256
c86bc477ba779b801a8e2205f0671e1292fe10e029d5994a18a77086a88b17d2

SHA512
8db2769c568430376ec1f3f5da11f92fc39b2a36059a6943ed2492bd3b9dc85ba8cbab6cc7f7fd0a7c1646ed03673b2d500088ff93e211ed86732c4e11106dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
310693e235d4eca791d493a7e11def31

SHA1
9708e41868d0689a7862b7c32506abfa5f442362

SHA256
8c2f728e13104a7abf1055bf5e817c2ffd6cc130d38573a05c10c2aa83fad6b8

SHA512
e35f8328144ea5feca6763c0e6d2f51d79c71b5bd10d1b0d56424184b3faa27fd260c0574390a04ea0e01bc6140a8f5cafa2847819861055c3311d55e740bd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
afe4700186be758e6b88d17a9ef8107f

SHA1
a5c18b56e05e4dba8125892fa6ea9eeb478ab48f

SHA256
3ab6fccdea633fdce22710938817e87649662de5d036ec4518f9276b6fe83077

SHA512
db6f7cd5a3cdce84605ca7265340e467384737af2a2e67c354299e2e03fe1cfcbc31c62ff1856aefcc700b22777b57eea2ea56e1232d0f0e9c012f0fcfc71a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
378068e7b17c6ba469a285fce2921bc7

SHA1
5130995742d9a68838554dc0a8e3877def470f6e

SHA256
457d06503953ef97a3f68674d7ad7eeaf30526751a1b4a7a9e9b9e064d410c3f

SHA512
b330c732391df75af1472f398103b4cc51eebe0a3b1b8a5764a69bc1ab0c78422da4fa24979649c642b0bcc1b5a03933ad8a17c4855342e2d6fab5cf2b684526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
7f4103f462edd3d3e0aea01a5d324ae7

SHA1
5bd2958324260919d688aa9e7d9cd189066a4bf3

SHA256
e16f0efeed53d2233b6cf3abb5e8685475f2e02df28a1c80992f5b87dece6bd4

SHA512
c61426551f4c416442c08c42968404aca7f3712d898de7ea9bfe81676c5227eacf2115306d9a4cf2bc578a511e40e9e8dda688f87753d9f8fa5cb9643acd986e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\000003.log

Filesize
226KB

MD5
e1db2eb21b62bd6c0782e026666a60d1

SHA1
e93e3ec5cf9168d0571957e51bedc652fc077c9a

SHA256
7356425eb7a4eacb0aebbe132b1e926946ce7ad083cbf887991cc9edd0e52537

SHA512
4285eead8014d1f4dee110ab53e79b5f32f68031433698ca475194c2f254655b9a0c4a3afa0d80e29ad16be3c9ccdad6c96c79318192d520595e5acd72d44804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\LOG.old

Filesize
399B

MD5
6acbcc3ad31fc2557cd1dac346fb568f

SHA1
4bef803e60c0c52f395c8a10915fd5b5a872216f

SHA256
021cdbea9832955d6223efefc89a0d36c1c3938887bacff5b733c5855676403b

SHA512
03cf6d8243c096ef412bb3348177a7fa9d65066245ad072f965c377a1a3ca86fdec6ec2686e76618a19969de44a27f660547162b4d731419d4af1aa9377aff68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\LOG.old~RFe58914e.TMP

Filesize
359B

MD5
20905d069f0b59c10a928a979d2e4b86

SHA1
d2ec40e1658c8486c02b916efd1f8cdb5fef2b3e

SHA256
5be56072448204e0b825106ba41f7c20d5c98087a7b61a94b78941fa4d2fa4ff

SHA512
1b6a3e28283781bb162766cfbe6d1121f70ed905b8dd66c02eeb4862d42b0b6d4f8740681154c5e5bab237e635c4c7c11f4f1641121df9bc50607d15d88cd395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_play.geforcenow.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
f9e7d6322013e2982fc67b89d2fcf364

SHA1
46955d430047080a440047446179cf0f290596d0

SHA256
29f8a3f6ba80a8fd16fa2cac8db2d32449131453cf0126bff5e278c290623ee9

SHA512
85db11fb96c65adbb120fd568284010eacb6ed3f3a61c9c9641aae9270ef3d93d2fdea325745710293e36217b7fe1b9952ed837c93ae438dc8bdd969424140a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f24d837190982daaaf9d158c6fb184ae

SHA1
d4edf4a328ed1868c7908cd89cb9b82434e9ba97

SHA256
d65d66fc8e45377a686837243bc8eed433f05d883b750ed73a085c006450d344

SHA512
6d26568506c70633f78c5ca12399a0ec6e396413a29fb03add2d1f59c49572cfded445f64d1914133fbc1717e1782d6add7708c75ddb12cc7882cd4b5fd2d14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
da95545a142a154c611a07dc2c088163

SHA1
7b537962156d03e52e9b3c208f3b5ec5498a20c0

SHA256
ae2d9cfcb95c440e64625e39a88e878088a28b84b1c91b05f3f32683555e33e2

SHA512
392cbd9b84e49f4ff40cb6d3bac5b79d60f43de1472cc6ab085b399ec2bddc714af169c4c4e86a9f6463dbd8f4e2f70eeb3f1e51f2ecf1338b5689739c77bb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6536f9735ff51f7b1f25dcabc0758074

SHA1
1dffd40adf86aff1bb930368ef6cb97da402af95

SHA256
53b041c18edb82fb9f590124843f1e5753462dd5443740708641411833c558bf

SHA512
75419b12954bfc498323553b443d6ca8f7307807bf7c6aac5deebf276207cb39c622a109427d5f85f3e8da8f8083c92024ae6e8cd3274c922ea4757a19212388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4581e2352bc3b286ebb9ec2ae94440ce

SHA1
96c6f70cd63b5b58b774c1cc8a2ba71e81cb9ab7

SHA256
e6e2450a20296307ef71fe6fa2d991641084dc1cc42615c0e64564325fc97e03

SHA512
f71a24271dd61a6b50c4e3abd82ec7ae780132e9c1d23606d91def61090e2f0db97e9c219d3d9a84bc655c22b10145c54aea5b7f152d4f63875a30064f03c20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f026ddfdcbea162cabc1a8b6adc2181

SHA1
848d9509ea2d9886573334395756f66c5c4340a2

SHA256
30906434c768e33a294d8a0f2063653047b631a5473c9f90021ed9d1a866e390

SHA512
f81ca166b5b6e80485fa35a8a6902705597db3c167abb55c68e279c43000bc2918d50c500b5576f5f08299ce6c6965efc1b22f363d68019e8f7e1b86d71596ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64a5ffc33effc32c0935eb668a6dfad2

SHA1
fecc811851e0d382dc2500e99d5f6fb72a7ce735

SHA256
a47c5500e11aae7933ac030f9933876b32fa4cfd837bd86803511cff4332a718

SHA512
89378ba371c19da4d019c28839aabc17f0cbe9d73e05416e98bf2793a57c7b91f2897e7eb5ee3f604f3851808bcfa23a430802b29f3944601fbf9f6adc473be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
450dbca11cea4c480740c704df4b3163

SHA1
e57577d51428cd033e1a4a0d2a07eaa7273ccd47

SHA256
df8fc518a1d7671a1bbae3c539e6c1b15fdce2bcc322ee1d5c161483af68fabf

SHA512
949c7322a5cd16829448138c51caec99213a0d1e9a2332d097afd5ee9064350310b175afbc50ee5081c79743a7165e3bc27bf690030c7608631f00a0eb1318eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
823e5cbb95028596aef2aa6aa4bc54cc

SHA1
9504c25e1bd1310b632b15ea82e8d18ae4aa03df

SHA256
4dfe596d9a42ef6c5e438dac2c0c21abcf3005aedcafcc0403bce62d635b9634

SHA512
40492cac9895e80faf4176435b0696cc3f4a031433b9149eb8fd49fc6066a66e7548cf2c147110bdbc6e8baa11050d7e4978d4fbdf12c66094091b6053009d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db6b11cf5bc82a6443e899b553c8c024

SHA1
487eabf4ebcd2d762ba856e13cff09db5d29e63c

SHA256
caca36d00e4b03fc664ad86f811152c1fe7d439af4216bdacb7a04307b049297

SHA512
176aacf6f3f36dd94faa7bc7850b8ab80cbec3cc061dc69e66b291de30c58ae7650921a3a17d2321d35377a23faa2ea102fc584d40053107cb0425e92d78174c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\2cbb5a1f-7086-48a9-9509-9da0d690c10f\index-dir\the-real-index

Filesize
72B

MD5
601358561a0d542d2ec8b7033c6a4b5b

SHA1
c438a331d9dd4e0c1c6af8747ed8d2c4e4e9ca01

SHA256
26e0f9f5502bdff19a94e2bf73e34f7ac40dd6197631d687e407916a09099d4c

SHA512
5f5f438d7169d0e5b70c501290d056f10779d3f3bd34b66461fa89ee0c3b44287cdea9917a293886a4442aa0daa7083faa1822193d4521bba78cd70b26c3e77c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\2cbb5a1f-7086-48a9-9509-9da0d690c10f\index-dir\the-real-index~RFe58877b.TMP

Filesize
48B

MD5
91f677e5fc09980c8a1e78014efa81ae

SHA1
b6340ae35aaa516abcd8417b3ecc3a177d90a041

SHA256
242c40d52c3f13e8d5f5c37383e37fd879542d7435a02a551a8af7973f3e0764

SHA512
314397281dc858904721a8b5d89e631a8e92ae79b14e3945267d50fd2ed02b2e0b240b3c48dc16c7d4444558fceadfb46a90b92caf51be62e1ef0bcdcd31d107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\69f758ba-4e65-473b-8764-837803653839\index-dir\the-real-index

Filesize
1KB

MD5
8bf4993e00e4bff1f4c3f00c32a19406

SHA1
95dbc1d7ed7cc2232159423ab92448b535b7c841

SHA256
7c5dfc5d788054dc7afcf9ecf79b0df33007b806af636b1d229f5d5644fb36cc

SHA512
51ec1e3704dedf5f038cebdc96b500d456b72403c0ad6c9cb59201452e7c659d9898be86ba9b2a594c761f5c190da5661054fec0005672bfb239022f9b448861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\69f758ba-4e65-473b-8764-837803653839\index-dir\the-real-index~RFe58a592.TMP

Filesize
48B

MD5
0b927801ca8a7985cb20c773e36758e5

SHA1
2343c9d8b30306931daf346814b8ef7bcbd53490

SHA256
a873ef64098267f83a31d19b19bf033d53af8ae0811bcd1b7c3ac3106fc2b05c

SHA512
2116bea8239be45cea8b801509ad379d772b6a7f2b4365154482b47bb18c8839363ab6d434194fd4c9559e5d545ad22e3e3983bf33293dc0fb93f0800c79a535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

Filesize
106B

MD5
adf6a57a70177296369960ba01f70fa3

SHA1
eb3e7b1fe9bf4e94de27bac014ed69171ce0a897

SHA256
f43ffd7a93019cfe0811a2af175a9c57d3863008cca7f370fbb7723c6be1dffd

SHA512
e56e5121e83edf807c6badbd72757d47c6ce5f91ab8139aab3b4d0a7d6145b62c845f83430b438c1ac69363f1f6329bdee5797ef356cadebd6eaa1472eb69b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

Filesize
176B

MD5
dab00c9d9991dc02e5b1338131f8ca34

SHA1
f6ab43ceb68669a05d8d7219ef798e3cd6ae89d1

SHA256
cc89cf1cd65c3bedb5d3b331af6c639ba5df81fd12da1431f2d543e30ae09d1f

SHA512
e840d8d25f268ee036bc409a5cb9e99d8ea7b7fa342fde5f66446616724bc63534e04510f24c4b0388475bc362e0ae7bc1e3b5d736387a7ca9a5a73efe3888d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9d8ba3a6ff55dfe37b12bcde30c23590247915a9\index.txt

Filesize
173B

MD5
19ed9dcd137898263072f4ff63195c7d

SHA1
375fef1b67837eae9f5fb7209a73bd5bbfd0cf98

SHA256
e460380acf5955d4fd0cc9b53beb573964000dea3a9782353905c33b7becf046

SHA512
598528100bc1336eb62f034ecf879c39c177767a0d887fb537931136ecbf148343b11b52cbc513c8faa424911f625c1cc3f7f537172455b4d88ed0e5e2b7577a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
1KB

MD5
74c09495de5bf7653640a3af228ce30d

SHA1
cda9e6a116640c7d12fddc884ee0d3470ed4d0ee

SHA256
00cc2f4cb6b6c0ac2b84b1779fc49afec571a00e3974c4259b8916650bfa091c

SHA512
a4797cdb9230715343d7bbf1ca38f549540a8b6b9b06ea1fc88604d8ccec7b4aafb80e006f9f545902fcd6caaec7a9c3cbbb241febc8120942c10153567d87e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
75deb2ae8d09f88169528f17b3b0c6ec

SHA1
ea6328791002634620a5eb2716fe4c102a0ee37c

SHA256
8d90408bc2796fa50026ffdbbb1478f312feb073ae0f606dc0df053db96d04ec

SHA512
d25f5d6018db1e1211960d960fa2153fe547d2bd860882b6f4f06ccbc21468b052a84de3676ca2d0267ab13a99ae6bf0c16dd6366d5ef6693858006cbfa048a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bdb8bd9fa6d6afaf83e14c10f2b2018e

SHA1
f56a5eb29b12da45121dbbef7221e94005216417

SHA256
d33c7f6004830444900194735e77a03f8ee1c02546201b96585cb9adca9c96ac

SHA512
04aa9e8e5b6610f3d57c9eb2e5896d967bdb83f0a71aab854d67fefc3f4bad1d8a7508e520d827ff19ded1195e09d273b80d6bcc660c6b459f056057d4f03e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5886fe.TMP

Filesize
48B

MD5
ad9e39e8a7ac7cfb708f182c4829ed92

SHA1
1c09bb6a07186855bfb743cf02650a1dd843a42c

SHA256
68da64f8b127634afe2d0cd9151ba69a477941452476874afcaf70a9dec20a17

SHA512
4e81db861735866a4372cf22f78de6207c425fb7c514ee03b640eb18acc825d7f766ed36dd39819e18378e838ce9970f5bd1dd627c0053565348edcf545c6595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353266418393952

Filesize
13KB

MD5
6b0b9623accb822639e9790ef7b08e61

SHA1
e3d38f74bad10cb5b69b199b4f25304fcfaa479d

SHA256
1e85fdddf31b8e41344d19e206b068b0dafe071f3737a47c39fda2c6c0f037a3

SHA512
e7f4baa32d3b495cdda264e7781206ff3dd7dcd4f99eb1580038142fb96a12bc184b85b8170e354ef2d55847ea3d3b9157b756b2cc742159f24af11ffa7bdbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
e7c6d85a06351d7306d68905e9b5723b

SHA1
6c66fd0ed616b159ea4ff416c59560c2c947a28d

SHA256
6e8b9f810b190bbaee09f4ac2710208db1b720d26d8d98fa88cd21cb2c8537ec

SHA512
840d61168b6a46262887771b268bcd26afa7010002dcbc9d10cda9841d2ab589dc570ee7f9a8e187e3cdcacaa57b2bffd66456d2cffa21308f6b6f30eb55438e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
2897b5ce15364fe616e347b17d991c86

SHA1
20254a5f2b6a5ab91fae4048c221585f8e01b250

SHA256
e061cf99fcdd9466a2346496dc8bf890d3eaaf8e5d7c2e2287f00e13ad70b41c

SHA512
f56fba73fe183c2d653195e110024c24eac6e3e8d1788b3d6f755ee9aff7118007ea42fc149cda1455f99a12b2d674c0f97a0fc5280d32f3c8a8b3ec648af5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
344B

MD5
5fbf1141439512d5976cf6e5f7fea2ae

SHA1
9c6654dee4fbc806f897fd79ccb8416f566c8354

SHA256
470a90d2fb531c8057cc5f3de07cea21fff1fccff9625e6f019340a5202ae385

SHA512
2ee757713a7672b0ef5f8b35d502c15a66336a2297c8dde656a368b281f4c93939630535a20e7bdc022f7bd50a4b9c5d6f7d71c6202ce2a22be0c24089604bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
56e420eea5ceca9cf392a0d545e7eb15

SHA1
ce359e224c8f05ae82b39d58da41668aaae55c6a

SHA256
0d77a25d25e8bd59a4db6c02c334eb2b1aa9bd4bc2c5eb0295a2d39cba2154d4

SHA512
425cc2b4660e6e210783ca4a70916a5dc6503df22d0cfbca9eb72c7c781c5ffc5f7a9a27fe957e259db2cd64a598f34f87e5b3ea7bdfa94c2127bb3fae62ba3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
6a77355e1edcc995f70c85e845048848

SHA1
6c0eae3d944672f82ac626b251380cf9c4f6fc63

SHA256
dff54f5d40d501fe3ac4e5030b5b769a6bbb20957510b6313dc3f4feb9eb30b2

SHA512
abf492d7ae78ddd2ef3dc083453cdaa8a619b2e44a8bc81ea46f309776319bd388ca344dff8f21adcc5053b2eb9db2242ecdf93e0feffbbbc353e71e2c233601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b79ee4bc41292bd5ea99c669343d3705

SHA1
ce6bf915316e9e471f062c99df3259ce01038b9b

SHA256
a694d3f8de5175cd9863452641e5dd73bd824a31a52b650966e88a02ad7de8f8

SHA512
01298aab83c89b25fd05799c74614284a3fb93ee2d6f7e2ae42437faf3f2e80d3e69bacf0984079a086a437994ef24177c54b9480b3a1edfea7ddda1972d6bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7483c907df63282562c1537ab84e8c1d

SHA1
8f7acafcf7fb7d08783cb3a12198c1e7e0b238a5

SHA256
cdd6192cacfd4523c3d71e5812b65aa4a6577a05fc7fd8d9ef4173f2a0f8a6c4

SHA512
851c9d8029f6e32be88a08add0b419ce6694c1b69312be5dfb36a4adc15fa318249baf19690090493d5262882233fe11f9dab617a8776fad1817348a4017af17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5859b4.TMP

Filesize
538B

MD5
eaf67c2524a6d5969827c654876338d1

SHA1
b93a3d6a3905de5be30b6b15302ecffc88ee27d3

SHA256
ed5c431b1f22c27cd45410446c750e8de0a0d9a7f835f4eda3a7d7b1f049ba23

SHA512
2c7b8409fb72439ae213a645f7fa01cbfa0c4fea8c7022b7081a224f92b630b6cee1298575e83ed63a12d9b4ce94e5609e0ebcea62d821e2f29c6ef6afbc84ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
11c292aab82b4479feefe6532d7d78cf

SHA1
49042e9d4fc61c9375d627c0e29ccd4187d8ae6c

SHA256
4dfa91fd2154106c518f01367b624177242ffe2fa207106b2fcf0c4e5dbb9241

SHA512
4283d671d31e5c6d20510956833a10ba41daa0ea06d48b9157793368942d950854dc3c4f7a19b6c67ff83f11a4b0e604d7c5aad2280dccbdd94e8976c3799740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
462ea08c6b42302ea446845bcb4119d0

SHA1
d53e3fa78ed17087beb4a6904d489a3834ca96bc

SHA256
16323f26b2375bccf3cc12d5dfa73a68990228fbb0800097bdef076a0c2d3877

SHA512
648440ef2945c285203199eaa2f7d87825be1a49b5fb03fae3e0040377ca5d4e635c513d83877989e790f3bfb5af85024d56898737c42c7ebc283d139aac5c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
be4554203d19e43b992d69ab0ccbb6c3

SHA1
939e627efb5aa878b06a8629eb4139c75cd81a79

SHA256
8c0fca4e3679422e0b10dcc55c5b69400a788c9448f07fd211451b068a34cf8a

SHA512
3f9a54f991eda68ec8e29a40a7fc6cae2689b8271a3b29dbe4c6e2e6a8b1784a149b1bd7eb3e6c65b10425570403925ac7be62a616d2cf2a03eec8a1b5701952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
e475dc48b12f54021133d7de177b4fb6

SHA1
0fb64871d77901c6b733c404190d5888f45ab2e4

SHA256
33477cebaf4699bd8aa80de97bf9acc02a9127db0390f2431a801a1aa3df6ff6

SHA512
c21aa8762c61df064a854d3f0e51c354663e8d71373e6e04f614739657e4d804f81fa37c031a9f2a22e80b5d2e5002d75a77e1376517d631fe9346e5800cb64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
256KB

MD5
fdc905f501ee54e3dff48326f53d292a

SHA1
c8c4146e3ebbb97625e4b4c53307f6aaa7c10598

SHA256
8cd13359e7d39ee38a9a20ca0e919eb36b0d5c3cdb5904eb1122a691cc4f3bb2

SHA512
fbda593dd04c6c04bdb12a298c96e9f0c888d1a82bbe028d793759acfb41f632e758624fa0dfda3463b98451db5e3eec802095870122481075456952aece0e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
132KB

MD5
575af2bd7a964adca0decb7feb4df195

SHA1
94fb70918b3a8d7a5ff3c2b44491f3b40e475201

SHA256
44763e7a9d7bd50e872d2caaf5d3cd97fcc3ce18268fbb5806928f61386e6ae2

SHA512
bda20e04f8bdcfc032aa4fd2a8b549b6220b4bd7900ea4b22396730fdfa73008c41b4440a167e8195a19c9b1e47b51375470c520c58047c4088efb7a7d6a1682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4058d3a1f507eb5955b9852afd818976

SHA1
3c18cde4421146de08dc51dc05681da31bb1ca81

SHA256
e4d1387dfe33bffdb24beebe4394c1c4bf71886f533057066cfe63c990c27c81

SHA512
d1aa588c0ab018cc0840b9e17d6e62d2695ae5618210eea8cf6810f94444cbd72c910e1f67f499a86c28d07813abc862a8aa0d58f44935a530eedf8c5ab3524d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4783b991bcbb4bf209ecef70338e057

SHA1
2f700e85baaf52821cbb0f50b7f90063c6c4d315

SHA256
542141d670a8616958cb4cf14b92baa56a71ccdf1166f0420cf4bd03634c0f71

SHA512
919511b5f5bb950c69659a9a60f88c553613957e0cd64c256d7b7b0f5cd5791e2a940d443e01b8a0cd40f374caa11faf09d8d71596e5d064e485c0dc87fecdb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0914591f9aa84fb0ca42571403766751

SHA1
842ed2777fa2e13c53b9d7edb746e03fb4b75b22

SHA256
cfd33c257dc8ecfcaea25d17cf2307ea6d30470b43e50bb504b4582a2b3a7865

SHA512
7b3a6d210d4eec7e0eaae629638c5d14bd7e85722e3b4413c9c4308422e3d46c9fd05693ed63088b9d2a5d6ad5c49198714ebe9de9003ba8f4cd43dd8f218aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ff68c365a6d93a006fdec060397c9a9a

SHA1
97b2083b4fdd021102e0f226a0f1736517f4e72c

SHA256
7d9674258fdba5c0e300f9b00ff0d1658ba0caa1fb4e16c8aaed5d28046205f9

SHA512
838016f593969baccfbb68a9e5d13ed3d1130ffd9f375f28f4c8cbc61c0e7dd5902c36a4cced5a4fd62ee92b3a03756e113f9ed981f20c4888933b5cd61d3b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
b970161be9160ea15d682b0734f912cc

SHA1
aeb05e02ee8dd5093fb539998a3e129643692c68

SHA256
aa9fcc3d6b2a074dc22f49284b961a7269438d2d63b1e47370e682ddf0acd55a

SHA512
5d8729cca3f5c97971b615bf5bfc8e7810e7a5a6aaa427299a1b305a1cdd818a589645e64adb65e2347724b7a46b9b156a23ab8a63f83a6b45a171cb3f465c2c

Download Submit
memory/3352-0-0x000001C88A030000-0x000001C88A031000-memory.dmp

Filesize
4KB

Download