discordrat | 677e3f181c2103e53a9700fe162e9d39ab8a43001db4ae444ac45670bf3ac999

Analysis

max time kernel
1483s
max time network
1454s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
03-03-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qwd.exe
Size

78KB
MD5

33d24b41f83ca9261ca0b3ccf6958ac9
SHA1

7c5706704f6d25defcf21a73cfcf1dc0a4d3a77c
SHA256

677e3f181c2103e53a9700fe162e9d39ab8a43001db4ae444ac45670bf3ac999
SHA512

c68da7679537e8b38732c994a60391f95334ff0d1f09a90da5cc35acdd666b168e20203a2c2e5e635fa4a09cfb1744b99b5c6c561f8cac9adcb9366c9032f669
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+oPIC:5Zv5PDwbjNrmAE+sIC

Score

10^/10

discordrat evasion persistence ransomware rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMzg2MDU4OTk0MDY0MTgxMg.G9LWzO.om3J5EslAC-fvEPdEqmHkMqOfsLzKjbpsdQNG8
server_id
1213861042640388136

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Disables Task Manager via registry modification
evasion
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 18 IoCs

Web Service

T1102

flow	ioc
9	discord.com
10	discord.com
87	discord.com
100	discord.com
154	discord.com
5	discord.com
11	discord.com
1	raw.githubusercontent.com
3	discord.com
6	discord.com
8	raw.githubusercontent.com
70	discord.com
78	discord.com
81	discord.com
1	discord.com
69	raw.githubusercontent.com
71	discord.com
7	discord.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp9E69.tmp.png"	qwd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
4424	msedge.exe
4424	msedge.exe
2260	msedge.exe
2260	msedge.exe
2088	msedge.exe
2088	msedge.exe
792	msedge.exe
792	msedge.exe
3660	identity_helper.exe
3660	identity_helper.exe
1528	msedge.exe
1528	msedge.exe
4480	msedge.exe
4480	msedge.exe
2840	identity_helper.exe
2840	identity_helper.exe
2284	msedge.exe
2284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	764	qwd.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1356	764	qwd.exe	84
PID 764 wrote to memory of 1356	764	qwd.exe	84
PID 764 wrote to memory of 4424	764	qwd.exe	87
PID 764 wrote to memory of 4424	764	qwd.exe	87
PID 4424 wrote to memory of 744	4424	msedge.exe	88
PID 4424 wrote to memory of 744	4424	msedge.exe	88
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 1564	4424	msedge.exe	89
PID 4424 wrote to memory of 3024	4424	msedge.exe	90
PID 4424 wrote to memory of 3024	4424	msedge.exe	90
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91
PID 4424 wrote to memory of 1968	4424	msedge.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\qwd.exe
"C:\Users\Admin\AppData\Local\Temp\qwd.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\SYSTEM32\SCHTASKS.exe
  "SCHTASKS.exe" /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb311a3cb8,0x7ffb311a3cc8,0x7ffb311a3cd8
    3⤵
    PID:744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2684404990610644784,6114763104148811841,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2
    3⤵
    PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,2684404990610644784,6114763104148811841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,2684404990610644784,6114763104148811841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2684404990610644784,6114763104148811841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2684404990610644784,6114763104148811841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2684404990610644784,6114763104148811841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1996,2684404990610644784,6114763104148811841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb311a3cb8,0x7ffb311a3cc8,0x7ffb311a3cd8
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,4185249432853215469,9409873631039715864,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
    3⤵
    PID:3320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,4185249432853215469,9409873631039715864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,4185249432853215469,9409873631039715864,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 /prefetch:8
    3⤵
    PID:2220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4185249432853215469,9409873631039715864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:2548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4185249432853215469,9409873631039715864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:2440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4185249432853215469,9409873631039715864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4185249432853215469,9409873631039715864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
    3⤵
    PID:2864
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,4185249432853215469,9409873631039715864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.github.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb311a3cb8,0x7ffb311a3cc8,0x7ffb311a3cd8
    3⤵
    PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
    3⤵
    PID:1424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
    3⤵
    PID:3584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
    3⤵
    PID:4996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
    3⤵
    PID:868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4044 /prefetch:8
    3⤵
    PID:1980
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:3716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
    3⤵
    PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6906891196476695132,1337624744307444868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec6cd6f133cb75e90d231c9e5c450467

SHA1
d33432a28fb0cb9ee7cf48d81835212d0d8e3145

SHA256
bf3409b24eaf6b2de04a3f49c52c3a3a3d939ebc9708ca95b0ba77d97539bd86

SHA512
dd77c8c50a5d1e74f2ffcd995c8fad6e0e1a1f47ffa5858419337f4979763c0d4a96499dc23f313d7902ee55c375ead25b54510caa081e073411cff60edf713e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8caa3c2a9bbc8974efc84ab3a8e0a715

SHA1
be23f3641c65ddc7aacdf2c4963b403fe6b6caf3

SHA256
7b38710768ff0af8216d1aee1108cc4d577b79c1f929c1d52b72b73a717b870e

SHA512
4ae4fdf1381f292488d4a135816a757fe15c4578efbe40d8476c93bffe7e26fe08eca549fc65ec02308f6c347902bd7a48ca2a7e9c2874e3fb35a9eb84d03781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
873bd375d38ed8d544483dab34c79801

SHA1
8aa935cd0f1643d59f8afef671499e7b14c27b63

SHA256
a6954539942d45a95cbfb10296bf54c1faa65daa0c0ba9bbcd8cdc20f63777c2

SHA512
c01be4a274ddef26243ed831e4ffd77866872a6dce1c547aaa6fb77ae5db29dc192dd6950af1756d4081c283c017927e330a859641e3c3a69134425d8323bdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\99d5f24b-7ca7-43c6-8df1-dd5cda0cdf7c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
567b64b60ef6b949b20d0e483d0830e9

SHA1
210096b18fadf5beef50f8cd0a6acc5990baf9ef

SHA256
c8c4568486e72b18e33719069d9cd313c7459c2986fe54ba2d2f0deb103145ae

SHA512
0f29f3c724bbcc35d8f2f52276d35fdad457732125888497d883012adb6a76b0a25605da63d4b91faba9b657e5d32f0f7d88e5f9ef15072b7f82590253bfbadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
78f8627695eea5e9b612642372541d00

SHA1
01291dbad3d333079fe1c43d1874c8b26573a96e

SHA256
6b8a69b0ebfa8dcec0c3fa22fe7e65180da3e253ebb93ae5409f545e16f4967e

SHA512
defb0b29d62dcb2f1a81d7f310c2f19cab76b5a0c636d3ca3038d15a44492c71c9562967982ebfe0dcba8ce8449a77d7d20ba99bcda24756e72046b4be818885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
4c113a8fcfa78e05ebb41d3d909e7f14

SHA1
59973b33d6803d2991f3f75fa0085d271a043de3

SHA256
35aab290d07ac034094e459de997bf8db923fe8183c6ed64c533973ea544f44c

SHA512
c31c538eeb1b03727f6a5cc78545a2e16fca348a232cbb5a8235ff14c796a228e0456b7305e7e07252a01a39ae0bca12b04910d8378d6d9da815084eb1a5442e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
8dbac987ec439a86cdde2866a0d2ad51

SHA1
b2f577d39bfa8f75be667715e1e1de63e3c0be1d

SHA256
763a76e513533c699089fe1617dfc375ff215eca4a1a82cad339bbe3f2f91935

SHA512
e7f44c671647d976fc546ceb88dddffc007a131aa20cbafce973a1480d644699859250d1f2c19c1d6aa6d65fd2b7c9fa36d27939b97b08973d41df56aff3bf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
b39cf17eacfb314abd7874fcf8a6cbd5

SHA1
2ec6c3eca94b716d0ac76d9c4f7e3824f0774252

SHA256
5268756ffd72bbcf64777f3465ecf5231cf85d44079315454edf07c8565412ac

SHA512
ec6ee692d0c9b64d678a3776e4536e15aed20619eab490a459da68454703328baa4a54fb4128f73e4bbe48638a841195501d5c1ae84a898eb4332923cd877bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e0928ee7777351c43de3d92e4c769d76

SHA1
f06fd8821b9027e7fe9f2c110209e312ac8b4f89

SHA256
c446b33ec3bf391d804132b42ae34fe58882529575b4744a2c4283f357589f96

SHA512
d5d354594d5d7c818b6f397d8c41a76e52635bc429ce6afe9717837fcc7c9349e8a4ea98fbdeb2824302e496ea63ba46843c117b28eeb6941272aa49f518df64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
18f50af8a4525460b1e0ccfe23114cc4

SHA1
4c5649af045689152c11a940a1c2594d153d430d

SHA256
7b26c7dd96ea4e6c63841983c395488bf6b8a3e20b479e20c2fe6f0be973ed22

SHA512
44085c0962e6f5506e3795cd275683fa2bdc53ed118bcd943e24211889e079531c9923357fc6f7f53b0c2e22670fd7f772a8c11f178de65bac68aab50cfb5391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
11abc10ba2214d1bf5e6cc3b578e7546

SHA1
7740f4cdd75214a35814c29c21ca61bee24f975c

SHA256
bc8cbf2aaedab86ac80b3f286200719ec0f03d9e8a26c8b41591046ca337e6eb

SHA512
9cd518fa0b19870cc0c66f4103e81a635c92357483b7e660b4c0d2e5b22bf4ef9c4fb04bb787d43237329d75acef4314afd9533ce261961e14b06f6b788a6f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
2a86c89dd970f42856a0ea1da488bf98

SHA1
90c908922d6ae147aaaf829d5d53f4f919685dc9

SHA256
27e69e85c3dc04e8c73b20e6ddea7e7186691ee8a0cc6c0bdf35a5f62cd77ca9

SHA512
033474e99dc34c839b1d7a17e7d8a69a8bafbeebe3b8854a62de3bc4a68dbb56c6ce92d36dca53a553b536896804a7aa7a5e8c77372cb8a7c80ab856fac51a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
9fc13964ac7324692e336e82c925643c

SHA1
2f596ce647d6ee41028b3b9a697f8744a958128a

SHA256
efd5be471d502ffddf7a5556362ca8c004c20bef6077db7fed623c05467c7d3d

SHA512
7f881c2708c0aab545c2396675e82ac4988b5038d3d024e24bd215f2a25a1adff6e1ee97e0e2e1ab1a96e03e595b4f22fc27375a1d15a1e3ab06de17b11f17f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
0a1c0e4f9139b1173333fd50118621f0

SHA1
58df7605352d22bc33b693e6bfbc388e54db124d

SHA256
2165ca65483f7c15afff97da810fb6e8350b18fcc302059f81ef3fe78b50db76

SHA512
7cf8d91ae918c9a0b6feedc1859f183ed587766521f36aa2e94660808d800b975542acb2f27e3dc64456fcc0875b8d94aa031e3e1f2201158a4465026b44eccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
b57743ee1eb3cb28a3ceef853f38c784

SHA1
8a1d0d744294c71d63b8e976d04565ba4ddabfda

SHA256
630dfce6ddbd8ccef8286bac35cb5d88354aed8cb930200d2a91b4a4470acb8c

SHA512
295131d55da00e128d8b1b89013dea5ca225c8a100d29622322cda36719ce30c76509438999045801a6fb660c8e25ddc35991432c49c1ee2c245a00503906759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
9cdb1a988b2345b1dcc0bd43f7ddf167

SHA1
0c900c2048fe49bd5d888afd9e98153aec7bbb0f

SHA256
c22bb943e17140722e3cac53122d7c0e515de19589627af277369472141db356

SHA512
a1a002dc7fb03689d79e51c056d4f9d6baa3585d6a154d03cabd2fb7cc8a255d61c85a10b0227461b401b64e9d033e8e45039db8191d5045e717dd4ab202697e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
6bae42c88aad554589883015c983633a

SHA1
c3c7ceb1cd692e1d8319c695f2acf934d4d4e554

SHA256
de20c83b065b3619c42e2bea563dfabdffde021bc31ff9d11566abc73527f47d

SHA512
9c929fc871e6b97c63be861d9c7fd09f3f6d567c1984ea0fbd131d46eca8f9759c2e0b7b5066937fb3c7c2f41392467d07af65168664eed259419ec97d2d9c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
08e3f178948a48f5a77eecf3bd3c2b1a

SHA1
9a83b60f38f187d3d1920c6277fa073c91070883

SHA256
8885f3263224df430861ea034a21e0c8c0c96bb677e75b4c5e2cb6b69718feff

SHA512
cf4c67aad70c0dcb9f5839be11d05e9f712efa6ae602bc4e2d4b4e6898f0b2840cb0e9bbeb50d3081db96d05f3ce393f855db83d269ca28aada1c0d10bb0e116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
23a241c66de7d3d07a192069504e12f9

SHA1
7ceda2e3ccfcd24060e4dcf5921377b39a3568cb

SHA256
e5e673e7ea819c6b827bea1c15517effbdf68a04e0415839ce4bc2229c3bff36

SHA512
5a46e0c73cb52efb10ea59e376850caa8f37bab5c53c4afcd5802114a49b7c17f09d85b7628676af5861886fd06e6ff50d5f8825fbe5b452bd9212df022984a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
2564cea0a48c5faddf4df1ce4bcb9def

SHA1
2ad55b6bc698125084b77274a5cd8160d40dab36

SHA256
09d4ff856d0d7dc31204d2d4948ffa08eed81220283909dd3bbdd1854cba7731

SHA512
7562c9dcd16109ecafc0b36a1e56f68e27db893eca41de184a1049c7d7c9725c5b4fb6445b40e5d19841875b62ecc8e7f3a6cf4e380e08937c1c553a176b2c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f6e93a853f79331156191d26f693bc8f

SHA1
fa36afb186d29dfb8c7fd379f71f171127cde94a

SHA256
131b4bcf493bc834cfb1d23cf6478dd6bd1592cad419218161763aba10491cb7

SHA512
9b05d355dedc6450034f053d592e1319108d227ddf5eef240a2196fcecb9cb9d795b7b2705ae7d029305e8466aac0a071dd2cb5d0a99eda1d8d435c2141c7a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
560398cb56f00f2da7d9a8b6fc8815b2

SHA1
bd11cc138cb59ee0679cb42708ce5ad0e038e27c

SHA256
b6a623f72f7ef5dbcad612e76e0c0dda76f9b11ef280e215bc5f354821fc7593

SHA512
6616eb5aa189a9714a6b1e6337210b63a797b588cb1bbe2dc8c173d31ca77e5358b7384667e508b24f7db74d0ab682f8d60e3faaec59572f771a0429e5d92d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81778aad2f281cc4bc65d42dfde98f97

SHA1
554519dd19587e1fabe8e373a22f5fe4381b8d70

SHA256
8cafd7d8954d02218d5904210141011cdf1da56bed8caa5285b8b16642d4bc7c

SHA512
427a20f7115debb9d165d1ba597c34c1cdd424d8fd7159190275e7c7570367e00dff0abbe4f61839646140f1531cc81dc582f60862808beab1565ca16fa611e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
00996fdf1849cce6208c29ee1d3ed041

SHA1
9c0353993de74af293bdf537fd0fcdb9f4c2c18f

SHA256
eee5284f701a8d607d264247be11dc078e4b67eb562156a329fc1f4c2e04363d

SHA512
b821c8038aab5c6e371df9f9e5e922d69f169088dc9b769050e9812e2a6d543bbbf0e038d6a9aa74603b2b0b61dac6c0002761ed32700c1d1bd0ce8e823754ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5fbbf7300bea790d9059dc6ecf3ec531

SHA1
83d28ef4bc52446685d37c5d81bb3472d39092ed

SHA256
62ddb2f33fa87e9bb5e06e46dcf0c541ee627495b29a85ba6342f805b6b23152

SHA512
b14e5b13dddc81097539bd097ed902e675421d8babd6212e61d22809ac74c1646e6ba0e165a851c0790622d02437e0cf0396d7073f3cf1099da438bfc6d06b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f690b6872de8ada54e2da08ec814d87

SHA1
cda29ec91cd0cf3bb96273441f40a4bbbf93ec53

SHA256
9293b79f0e4af0795d7e0cbfdde56cad8373fbbc525b6bc3aba0f5d28458a107

SHA512
4f26e8a539692bdbbf6e5144b09509373661e9f570050f9f739e552c8e9200d7cbca7e321565b10a1d84638988beeae8e28993e1ccd2a6f8ec21b1345a9e2cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37c269075683ccbf1a9f68ac9fd4f436

SHA1
16744c062321d233be577458f58e1bca16c8bee3

SHA256
799cfe2bbfffe0e3127712576cda6fb7be958a4b22103e0a7951eec2d0216aa4

SHA512
14581b6c2d2b07e1d40d716615ba94a6d748a91c89fcb0208734caf673e26c7619b96f28a2d84af67bd5ec1373863938bc9770c04a23e911fd4c89a2f8c21376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73e2c7988654fbd487618202476c8deb

SHA1
af45d6bf7c6a7d8063d1b300c504d7abaf013c99

SHA256
518bf0b666406b544729e52cc18817e3157c53915c6c11f1c48a0bb685926dad

SHA512
8433219c729cbf868a8d2fbb293973f60f22423d0ac681a8ece2fa0d4e64ad57ff16bd7d12cadbd2268425a01e73d55f92f05a72edf80fcf047247059f6fdf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1f4491b7bede2a3ca426aca3c2151170

SHA1
d9f5a7e2abe864bf1fa43f9ed99b19a6e5570292

SHA256
023dd01436251e43df47a9e3edbc137989a269bbe0f7b556cf8c453565b811b4

SHA512
8c6eea9f1947514a5c6c0f5239f0bdd6497a7eca18659ca9ad377ff6d6a8aeb687a385077fceddcefbec473409851a0fe6d98ddc7eda3c1e7161b31157866d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5612c658ccaf2e8f123696c707f35746

SHA1
8d28ede2e79d1a351ece9ad904bc316dc0c04a8d

SHA256
29c17a4e4ff3104291447c814bb8fadcef1540d34af610c6bc723883c8f1df89

SHA512
a097abff0269094c5f227e5a088b5a16ec47fd19703a7137a5a336cadb6e62ed99335878dcd5bf07bd4acd7a9dace31fce3767f31f54251843602e0144fabf98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
ff7973c180c9702acdda55b3c5ef26a1

SHA1
541d87fdfb699e356c7464cb16df8055d8f65df9

SHA256
6467dd946ce18bace0e2334636122bbefc931dff60a1e594538a005c9194afa2

SHA512
a1397a0bf72f4eee9cb64ab1794bf2edfbb32edd99cf3eae997a5d91bca2edd8c7a5d034ddd3cb2ce21d453e7094063d68d496482f14f94d1c171609696c2022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3134875740a01d0f4ae6357c683fcaa1

SHA1
66044b04eefdb0de2dca8b57fe7c26be976acd06

SHA256
108beca5e6a0b49f6c8b062be5883f612ad1c6dde0af631e5f93de76a8fc1677

SHA512
084fba54aef993141e4dfc438c26c57e2bf661f5a478f1dce2700cb4702fbb51ba310fae71d49b5865a0fffe87db9c78533f443947768297f05b743419e087e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c1c88.TMP

Filesize
48B

MD5
c2643866d70d6b2ff4509de3dab2f1e7

SHA1
9f9632430eb1b5502a89e619861cf14d66de6731

SHA256
3b23f7aed53878cd965a1ec3fecd2f2321c055182d3681cebdd03510592f0fa7

SHA512
7a5d608bd7ce88b1afd2d1a5b92deee424fcf5685652c653c8dc5d8a9de9062d61185b9dac39835c320ceff5216b1fb15cb78d642c7fcb5fed459bfe87e3d6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
716B

MD5
1c50dce1e3367f8793d8d1349cf6e175

SHA1
702aa924e46d8ef821d78d8aeac7e9cce2644086

SHA256
209a56c3b17d7329980465d31eef2da33b34c42713ddab83742bf96d91c2516b

SHA512
41ab61ef0799b38890564145a050c8f71ef55100465774b1bda3de48d64f178ce26a4b7bfb76e2811a1fe1688b3f428e366fa206dc331bc43479584705f7c1c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
361b61ac4149a6c3c3802471f3210570

SHA1
3b8a9e455330fa95d36524fdeb13a6d239a1e1ee

SHA256
18875ec0e8cac592a067bcaaeb6aded8d9a8841c0c5b1772c8ae592f1c0b816b

SHA512
3ec6e93505bcaa8053ce56b617c0602ea81ff7c1f7d3a1ae90853895a444445e5b4e382ddc2ff6587361562061248a2d07b4439e418e28f169a51b28d91f74da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353952082676103

Filesize
4KB

MD5
05299e4935fad03800b597060f0ed936

SHA1
d9473cf9718d6727864ea55bd7cf6820416f420b

SHA256
9af07e71ef8220e0bc256fe085185142b1a8827ffd9e98f1f61be0c25326864c

SHA512
c360091b447a20571cbea7eeb2667413ec992ce340bf255ca67abd1986e8ab1c2136df6db2284a25f7c7744ec74ba9d2d4ee578c438ab4ee02f72eed06d680f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353952082847103

Filesize
1KB

MD5
4c7e17e914e9927aaa3f041d7f3ae0a5

SHA1
8726109e5a21afa55a368324ccc3aa4355bc29e0

SHA256
10d84a1b7a9e85c7c6f1cca24aa1b89ac45e35d4f6ff07390d2b0666316b6f37

SHA512
58968ecf2fa30eb4c2d5dee4ed09270fef0769e912fd974fea56ba90838a287d600445df7216558a2e993d4845f12d38a132f6cbdcca092c677dd47e4445b95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
76a8cb3fd4ac26788f1397513526d21e

SHA1
f039b10615d2a130e8965b8d8a886a6cd90a9774

SHA256
9df91d61e8daa1872e9cdeba48a2f67bb24a94453c8689093b2b5093a6cf7632

SHA512
868b24144639a439a6a0b9fa698a5edd61c3ba80ad70ff6e05c34377d115b86eca7acc1acbe4fa3e0a42426bbabee46207ae01d76ee09007c006ed7380949a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
9579dc949b1ffb1f0b5a423205f88640

SHA1
359ae2cadaf289611fbef6b7f4b1ab514098070c

SHA256
f4e3d8fa77ea84b7d3c9e53dde80b55114d6510db203d5f1243ae6d422930e1c

SHA512
eb357cf817a0cd1f056d9d4e9c018f46016ad8d78cff158cdc785002a69f090340805f30bfa681d378b292bd2b0917e006800b9bf723841cf7980f6911dcaa3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8c7af679ad04c599c5c7e080b3a8175e

SHA1
7559381215d45384d1e4bf108be2121a032a95f4

SHA256
714a6dbc00fc995a014fe33a0c7afe728dabc983a10b1b5f818479a02afc4626

SHA512
03c807a3b7a520e8c6020c5933b5ffb63f79855c143b2fc66735a7b3582d06900574d6b8e8dfbe3e784777e6dd095279eed9557c4197e76e228e59f0b1a30027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8eede8b9d0b363fff9ec6067c4b858e7

SHA1
2c8a4fcfc6ed6f8705c01435ec2fe2d4965a440a

SHA256
8f8e2989c239c03801ca8790f5fc8c84e1be499074e32e6c8939349a2728baee

SHA512
8d3a9339a36de302f668d72a323dda6ce9676599f444a25fce524a4ce4a3e8117f000ae850928b374100fa6e31e8d08b58362dae311df641efaaaa34a506929b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e7866b58c487ec9f5726279a56f9914f

SHA1
075d0b2e0f6387b3a0e5cc929c98d8eaa74469a8

SHA256
2fae371e54846ac50a771495cd71f50c6adddc492316ff9b8a9a6400331b5548

SHA512
ee80b6e72c3484cc3e46caecb1175fb59eacf7e621115642db68844a3bce73f05c89725bd9108f655821d37be486e8283d1e65693fee20e618eebb2f748779f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c21eff599ddd2bfa30dd42a58826b9c4

SHA1
38cf73b3366479460bf14f60352ae9e6f81b2916

SHA256
8f8993ceb0fcf24dba4d8ff5968f5b8bbeaac682e5e80422da2e616f179e9da4

SHA512
cd757fe75aa4be1b0041da661437e45e802e9809169373b53d18df877b4da9351c2018eec175c413ca1e6fd92e5db11f1468ae851156bef573589d818a2fcfa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7cdfe29a96e90a2b990aecb45e329309

SHA1
283c9d9efc87c308ead3f9b692ca6ee9829045f8

SHA256
1749f454457f70723d048070ad53b53e8a4597a96b7b2c2688bddf7c505192c9

SHA512
2a4f5b01acff11630bb91351c5c397473ac033ad28b09bd41b7b5ff37ad257f220e8483cde058f6ae9e904fe706fd7d4eda93ff01ed5731aaef26fa41af94ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50cfa07e323f7bbab4ffca68c0be4b08

SHA1
767986d80779ebef3093948747086b279422bf5f

SHA256
db192ba6a4d34503af29a2d7e132d3607e6248c55807b970420749ab7c8608d3

SHA512
be4fb7d0c010c050856ab61c20b9668aa88dc3f918eebd6ddd03059d771eb2914bc5558972639efed5cf5172817a0e57231849a27046d9912af42ace5ddba488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc71e2f371f5f23276dabc4004491333

SHA1
6cbde45292a3fcb5defb00fe3cebaa230107b8c5

SHA256
ea4a2b53e9558547f87844ad2c48a490f6af8504a51b77863bb6a901d77ab03b

SHA512
133d7015652df240ec5492ab15da9f044e5896fcbcb93d6054f058d89c05580b53debef658999d88445e331c5a1aa77c6b68ce6fe10185e0182bc6a6e52aa018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
37e828029c65772eca8452524520f45f

SHA1
76f7ccc4efd6b7e978cb3830a0f5c87f6959ee82

SHA256
07f28cdfec1c2a113d3cb879bca66b053985d9b454db7306a2527f0553fbc50f

SHA512
efb6c67a4c4b30cd5483438ed63a42cc5883642122b57a6ed5f5257153f482b66fe934afd9819da71e3cadd2d713c2aa169facb82d53aaa591073d395b7921f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
41755461f91cd10150b8a5e544966e1c

SHA1
fc78985f9ab3bcfe21ecf5505b30a0e18ec13c1d

SHA256
1aa62ff27b28e6cf1dc09551d6a592d76809dde45673b79edf13fcda8de9e2eb

SHA512
f6eeccdd17edba69ad00cf76345aa2aaa623db0e3ec884e673d48005669614b21f1c659ed57fb5ac59c8c58413d4d731e28f49c591e3da9177eff05e408db88a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
77d7ae15ad28ff5b76306890b469bff2

SHA1
2b44cdbd0b1c73f56ac9f6fb56469720463a5522

SHA256
b3dfb29b5e5b5ddb5c75a94ff6f93a0552f465b703d5ddbe4745d5bd725127fa

SHA512
271a7aef261b59b7b65e9c27a3ef192974f498052b1e98e257b6ca01d15e03438fb547c943668f59eccfe25b63438de3b79f0b8f3ccd23624970aa874a167bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
a7aba0925efe2914a36db698178987ea

SHA1
906dd6d80f9fec69c0cee58aee3baf4cea151070

SHA256
34a2fc3a3de0a451f74d44e80919d54c5e373fd150111f32216973955f047595

SHA512
7da0feb329be298dbe4e12c7c8e53cf5ed5a957b13439df847f926b3d868abff5408d408e685c3474eb49fba53febd1285da2e67de7478268d09d7d93f52dba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
365f6d85380747164e53bb15b459df50

SHA1
1cd79e1ab7ec55d3e8043c12de29b9329b592626

SHA256
9dfd9100ca81f1820ebe727a24076145e6e15f3cf497e7c3cd40650fcb3d1ef4

SHA512
e36f61549723b85cc45e12b15092f35a72d116e1f9486366f766e47ac1855e6ddf8d5c977a053a9e1f3f66dd23bcbdd8f3e7b4f3e66470b4ffefe20fb9f4ba5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
f77ee963b301ed33f76481497a9e3d4c

SHA1
55a221a1b5fc571a03a5809d473713cf4cb6a93f

SHA256
04110a6ee080480e4da7eab910649ce486899c9161828c00e43ad2639bf6591a

SHA512
fc3b4c6e9353c4ba4599d01cc20aa400f2ead9febd4c9da0a9d090bb4b1385688b55f8ea1ef3caa20e2f15c2b67831e68c912924ae5b83bef11fa99b900bad8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5d70de72c4ffb647d421cc52a527308f

SHA1
3effaa9f22708e96c188ab522e0384cb68a22185

SHA256
d3ec3b1116dff7fef3948a0485a2bd9fcd6f75c2608831d2783df060a32b527d

SHA512
f169d796d0a35e7d94d610805e1b955e1e9b4deaadf5fab7ed8f8bfca1b37542a7164f5e53c250a5213062fde91299ce305f912887783cc7f54dd350d9122182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
9d0f4770345d0494584154e15a2d3bad

SHA1
0d1af0e68b7b55038b0253a5f7f86f7456c52b23

SHA256
3d3e70d551da0b94f7fb92eff5b2870d75f1ac5f810d51f449bc707b3e923267

SHA512
29157e3f8a269382c20da91559f24522e4daf547895f7bfa85702d26601c0cbecbce9cedb1ceace84ddb58fb8f40faa752e93e8014cc376caa6dfd882482a855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
815e5a954c3abcdb86095b026e5d41ee

SHA1
acae9440c86af15d0d283e7e6b7c2f5b85fcf5f8

SHA256
501e5c67b53799c018a046d03ddebb35e66fc3e27d6625c069c6953ca380a1a2

SHA512
e4945cf7b1c3d996190def60b2539b0950ebae6736bfd693cf8e0e690705b95f6cc53ea5a113afca68edcbff6a4c4c434d5f2c935b788fe95a6aaf7ff299dd28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af9cc36366e16e368652bf9bbcb274f9

SHA1
3f2ec7e2d6a320deec28e61666d4cabe9c7ba95d

SHA256
5899951bfa8f4997c83287a025d6b6f77158c008fdff583a4cc41deadccf458a

SHA512
3b72f0e0898ac572d321568442e0980878fc9fd893581c71dfdba8972c8dbcd1a4a1533b81da0c716ea6035b0de832b7e1b8fbe219a84f4d6777561e24231e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89ec5aba46e84b7cdd63ea24fa92117a

SHA1
280309a208b4e442c1972015ead009903bde12be

SHA256
8d5b34ff50a0daed108c0ac1d6dbb6ca2b97a9a0fe53e86fc3ec65eb780cde04

SHA512
74470671c5daa59d1892485f671ec17759574f27825b19072aff4ca47a350bd6b3e81ec3ddd2f3339b3abf150a6bbbb905b38761fb1b3442f890c1a77bcc186c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3d6e4733c5fdf1cf82722d6a6334fe21

SHA1
5631a85b3f6c831cc5890aa913b2e3f7255ceedd

SHA256
8eee7bbb553f3a443dcafad8b028a6192c2aa71a16d7d78a9958b842ec19ccba

SHA512
bcfd1446082b1a7fee7b988abff0bb7622bbbb96ff4ebd807cffe448f97e44133cb64be271a612e1798adcc32a5ac8cf7f6b14831ae4ee1eec538e07f285edbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
6bd4a3fc6090b5dabf1f198036aa7d3f

SHA1
cb4c2db14a9d1376e9c2042d0632a2b552d42528

SHA256
0260b8e994da89e4870c00b3abf552aff36d1fc3d32ff2d8c676667927890db2

SHA512
c7b632d715a6c3d735d4b9547af97eb9bf456417f9e2957caddc2c6f1cdabbfac040da8f28faeb1feb43f883d89986d7638598776ae97344e799ed169eb5bddc

Download Submit
memory/764-0-0x0000023E7CBA0000-0x0000023E7CBB8000-memory.dmp

Filesize
96KB

Download
memory/764-2-0x00007FFB36400000-0x00007FFB36EC2000-memory.dmp

Filesize
10.8MB

Download
memory/764-6-0x0000023E181A0000-0x0000023E181AE000-memory.dmp

Filesize
56KB

Download
memory/764-5-0x00007FFB36400000-0x00007FFB36EC2000-memory.dmp

Filesize
10.8MB

Download
memory/764-1-0x0000023E7F250000-0x0000023E7F412000-memory.dmp

Filesize
1.8MB

Download
memory/764-7-0x0000023E7F140000-0x0000023E7F150000-memory.dmp

Filesize
64KB

Download
memory/764-3-0x0000023E7F140000-0x0000023E7F150000-memory.dmp

Filesize
64KB

Download
memory/764-4-0x0000023E186A0000-0x0000023E18BC8000-memory.dmp

Filesize
5.2MB

Download
memory/764-8-0x0000023E181C0000-0x0000023E1848A000-memory.dmp

Filesize
2.8MB

Download
memory/764-882-0x00007FFB36400000-0x00007FFB36EC2000-memory.dmp

Filesize
10.8MB

Download