71a938a3dc4b963d4d29c966f1e00b832c7738e4750c5a8d89b685f2e4416aaa

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TGMacro.exe
Size

1.1MB
MD5

fd6ce55d0fc4454a0a0912997cb104c2
SHA1

703e2f81a950acf7e635ca4d008c1941cea33afd
SHA256

1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d
SHA512

b975ed80de6eccd069b49f09a6691115bdfb599432c79a0439d1c714595be556cd0e27b8e69fe6846e54eb079bea3c2cbd80d6b306c8b5cd9a20a1dd593cc6fb
SSDEEP

6144:7tXr3Ifz4PrJvnNVq5CCDymFEymFEymFEymFEymFTymF8ymFYRM3GWOTymqNi:75r3Kz4NvneOssssjajRM3BOmo

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541708716366075"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{B3C29018-AA30-4DFE-8322-32825109551C}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6C5DD149-BFE7-4372-A661-EADA18151718}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{ADB75EF9-681A-487E-8D5A-DC8F2ACE19F5}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
5192	msedge.exe
5192	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4440	TGMacro.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

description	pid	Process
Token: SeDebugPrivilege	4440	TGMacro.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4440	TGMacro.exe
4440	TGMacro.exe
4440	TGMacro.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4440	TGMacro.exe
4440	TGMacro.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4440	TGMacro.exe
4440	TGMacro.exe
4440	TGMacro.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4440	TGMacro.exe
4440	TGMacro.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5192	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe
5828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 3656	4440	TGMacro.exe	94
PID 4440 wrote to memory of 3656	4440	TGMacro.exe	94
PID 5192 wrote to memory of 5236	5192	msedge.exe	117
PID 5192 wrote to memory of 5236	5192	msedge.exe	117
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5516	5192	msedge.exe	118
PID 5192 wrote to memory of 5524	5192	msedge.exe	119
PID 5192 wrote to memory of 5524	5192	msedge.exe	119
PID 5192 wrote to memory of 5532	5192	msedge.exe	120
PID 5192 wrote to memory of 5532	5192	msedge.exe	120
PID 5192 wrote to memory of 5532	5192	msedge.exe	120
PID 5192 wrote to memory of 5532	5192	msedge.exe	120
PID 5192 wrote to memory of 5532	5192	msedge.exe	120
PID 5192 wrote to memory of 5532	5192	msedge.exe	120
PID 5192 wrote to memory of 5532	5192	msedge.exe	120

C:\Users\Admin\AppData\Local\Temp\TGMacro.exe
"C:\Users\Admin\AppData\Local\Temp\TGMacro.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://trksyln.net/Download/thankyou
  2⤵
  PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2760 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2100 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5368 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5380 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4928 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5644 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2a0,0x7ffc479f2e98,0x7ffc479f2ea4,0x7ffc479f2eb0
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2804 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2904 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3008 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4328 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4328 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4524 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4532 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4596 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3592 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4768 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4844 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5192 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5228 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5400 --field-trial-handle=2816,i,17030514127646401762,10134577355853902119,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x23c,0x240,0x244,0x238,0x25c,0x7ffc479f2e98,0x7ffc479f2ea4,0x7ffc479f2eb0
    3⤵
    PID:5836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3000 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:2
    3⤵
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3200 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:3
    3⤵
    PID:2036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3308 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:744
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4320 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2604
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4320 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4736 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:5664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4760 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:5656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5272 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5348 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5560 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5548 --field-trial-handle=3040,i,3292865157775242966,15288830742198704515,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffc479f2e98,0x7ffc479f2ea4,0x7ffc479f2eb0
      4⤵
      PID:64
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2256 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:2
      4⤵
      PID:5720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2984 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:3
      4⤵
      PID:5408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3092 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:1384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:5508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:1212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4888 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:2900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4928 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:5268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5228 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:2332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5280 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:2344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5528 --field-trial-handle=2260,i,3696656008217993529,8206996962035682673,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc4f639758,0x7ffc4f639768,0x7ffc4f639778
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1840,i,14324996123811792061,9105734876788180130,131072 /prefetch:2
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1840,i,14324996123811792061,9105734876788180130,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1840,i,14324996123811792061,9105734876788180130,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1840,i,14324996123811792061,9105734876788180130,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3360 --field-trial-handle=1840,i,14324996123811792061,9105734876788180130,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4028 --field-trial-handle=1840,i,14324996123811792061,9105734876788180130,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1840,i,14324996123811792061,9105734876788180130,131072 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1840,i,14324996123811792061,9105734876788180130,131072 /prefetch:8
  2⤵
  PID:5820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
2fcc009eb7ea4b849c71364d3efe3f14

SHA1
4835d832d1d21fcadaa5653fd4c32c817b185691

SHA256
317b52757fc959f30350a3b7bf1243fe3d8cbf26fdc99d78089b39033912b655

SHA512
0764c3662c2ee58366fb5a630b016284e7c191ec75d3eef723d96f4297869aa88b2d256c1f8c014df50dd175a6fcabc39d3e62eb58312f08ef7e603c57201943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
9e74ad2d3e71432f1d120254c7fd7b7c

SHA1
786ef982e0ab6d29dfef319931b621384f11d5b4

SHA256
9b994376647cbadfcd1de4dcacdc0758fa713b382eb0333d4d992463992bdf33

SHA512
647896983f10c9c1e498f8598e142ecfd1bd9c9da306ca6ee2424cf635a4fff64298368d35faa7fd2b00023d314a52867bc4d6ba27ce3ab38b8657f70b708ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5a80a3157fed924201f8c1fdbee8dfb8

SHA1
01d629413e3a711c116ed4f86c4817dbd44d8437

SHA256
cc473bce8cb5488433068c1445411a0d74b75be09d54fca82cccd1309bc1e7fa

SHA512
ed75e459f4b2bf198b6e7f8691cc876dbc07d69652572ace44f51bf86ac613f95384c5dd947e2e6f7a349fadf04c632f894eb292cb6ff4886f6ef4a60e831f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe590601.TMP

Filesize
5KB

MD5
9439f4e3197c3752a6c454d24fe7a1b2

SHA1
2b82ed80b1f423c68c8ad78f0f2d85c45f4b6df7

SHA256
8080102d14960c2183635134f4184e9179cef458f5b4fe093a199c7b4cf96afa

SHA512
d38c7e2c7851a11cd7923700bbe2531b53707d989d3a533b36f3d47f87baf629abf4c0805f4792695b71cb100a696dc26b37468a1ee73d2b6cdaf55cf1eaec71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bebdba6f-17cb-40c6-a32a-1f8c5510b656.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
37f8b1dbbd529981acddf7c42f1f3220

SHA1
f713567a9a9f1f8a14bc6d930f6ded47719358e3

SHA256
100094edee05fc709c6ef3d46cefedbe12d04da64edce2c6fabc4c4ef7e57964

SHA512
489907e862c0e7aa01b7f50bf753ff05d3689e82127869f6d7e16c69f6978bfe91cbea49339a035f3a921596fa53ccb392a2bed31203cbc36ea6963b95e0b87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
9208263c2c073fbc7d28909e84a77c75

SHA1
68ecf401b32a641a262361fd81c17b68a187e7bf

SHA256
e9fb1bd0253eac88b52c8bfffb9faf706fddf6a6161472d22a990f7448d3395c

SHA512
e72500faa1f6bae6b11611d1519796783e1b051752e19ed7cd940e17aedc0baec3654f7a205a3fc28c036d7b70aa8fde429b5ce4b1adb4526ee53bf51f32bba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
cfab81b800edabacbf6cb61aa78d5258

SHA1
2730d4da1be7238d701dc84eb708a064b8d1cf27

SHA256
452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

SHA512
ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3fa79bc71866313c4b7902b8cf071c62

SHA1
bf19f8d57977590a51c49d61e8fffcd30ec73604

SHA256
31563520a26c7fae5168632fd2b675ec9ceacc85f800acb157702f1c7a8a8bfd

SHA512
480876d16a39967032c3120e0e077e5e6176c979bbe430ffd305276c0f380b307bf6e5eb89394a223b46125765aee1cabf01dcb6a8d567ceea92bf2e47489be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
9332186d800a2101e91435b69a77c8c1

SHA1
8f3a05f38fed560e97ad8982d2ac23b8134181d5

SHA256
8c552e865507059ed0c519694af4da9855248599cee915d2d865dada1458c6a8

SHA512
b4acb8035e875314bf662da039154fd1013494f6c24dfd64a436e5ff642128b6c9d6c6e26780d2defab3227d6b5969f331bc2975216fbdf55a067a6f374dadc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
531b90904c5c637c6aa98becb1f30f5a

SHA1
46177a596346ed155fe53870a2f282a5a8054127

SHA256
52a895dfdb33b840313c935ba92b259d2c158387ed5c99d5ca62ff51adc92ac9

SHA512
ca59ab821c8cc42c8d412a69292b9bb5d381b7d037b1252feed671e3d712b0b5bb86f83c70d865e701adf792ac9d1c8c223d7c515ee631aa77cd5bd5537f0716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4ccf695ccb8ae4b99028eb376b097344

SHA1
a0577e90ba9118c3f18d6365c2a0351672a59b7d

SHA256
93c1dee0d0d470174cf3ed100947f80b00256fa10224109bc075aadf59995295

SHA512
d813b5da0aabf366513daa74afb8b6eacb270d2b2dc2f28301b77408a89ef3b329b0da7f742e308c64143f6b3d0006e85dca45f2329946e443a3a847def8c144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
46a470cb064aa55f4fad4e17928b6e1a

SHA1
7aa2d4e3ba345c4eb976eeedba9c876d13bfaf15

SHA256
1591da6cc7441f5c424507705a9d885173aebe6ce05890f6c05df20102614a6a

SHA512
56fef7a77ff0c7a5b77c2703a4ca9d927a87df4a1a0cf0d6cff41b596c8c39362b6a11a64a186a6764c989d1280e554d4f00dd240814c6a2a5162a96f5e00c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
621e94b36c4b609ac39fab52b5a102ef

SHA1
02eccbbc41156695e3e5ec72d15a4be5751005d4

SHA256
26002579669308e9035ed36ae31cc31816f5f2b0cdf2aef2f0baa57fdf6e8c44

SHA512
b27cb5152717965f762ed8f9e57590d8be1265232f9c88e66904bdfe56b8b2376e4b4dc6bb7a29ce6dabb01d3c9affa44734dbb2dfa908fc5cfbbc432a537a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
8bf944e658a320a225bcd0e34d38e1ae

SHA1
062f4c125b728c9194422a2e1c144cf5578bea5f

SHA256
13ce6d2285153fdf35353cebde6806c59ed040cdaaf9536937d6551242620f29

SHA512
4637df6239e749b8771b6fa0ffdfb18d2a25b681e83e610e4d16c4b85fd1684dfad3d255226b1d351d3e7e37554e0ca4a419cbda82badfe1e153ab990ad46612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
14KB

MD5
2276a7e9b6a64c6e644b45254abfd5cc

SHA1
9fa383542bd99eae0bb4cb16eee469396d89a112

SHA256
6738ab163ff748445f82b624153cc8bb0a89690bd2ae9468b600cef65a3d87a7

SHA512
3919bd794c6674d2f474040badb047cb7f956aed63874cf17f65aa854e64d8be7dde7fff8d6f7dc39eebbdad445b3c3ed1996c80c5e8ac5c207a499595968d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
346B

MD5
a3c50fb1cd870390ebf4dfe6541b6365

SHA1
98055d954d210798c4481120886aec6757715128

SHA256
2a1c4346e1c98efeae69c83ce751f72e4e01867a7617853da5934a32279dc123

SHA512
258f5645fd4f0bc12e1d0ddefd8e64cc5e35efc796c61625b02bcf61b7d40bc3b9066d6ee0f1fb77f181d5eae1a8df0bd867ea443373dcb1ded4a00ae7de7634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

Filesize
32KB

MD5
4bb9ac6e72faeca724642933fee1879b

SHA1
6a1e7ced5e5c772e883c85230369df56f654ded9

SHA256
71f98af6eae3264b10e021f43416330636f550efa645a6a833d1b234d40427fd

SHA512
bf9ec85288225c06e4898c066e0fc5629443b33d8d0807883685f201055c56906346f40b376e21b6a18b0e9f685ca2ca77807cf4b4d5eaf11e6fea01864a47bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
b79a670487fb6d08065a8b5469584e38

SHA1
f1bb1803d2d01aa20d2e466e21c3cfcebcf5f384

SHA256
4577dad7d2495da452c190f63dc658e5500a72fbc26c15a872c066b1743a55f1

SHA512
e19817d289a307809933aca8553e12b6cc63e53c3039afb2a0aede20dea35a525664c076f4d2cf7ebaacfa3d8ed7f792952818caf9c1ce3b184a3a1784eeec2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
e014335afba60f0230dcbf015af9a351

SHA1
28f69133104852287078705e8d52b4098e4daf5f

SHA256
2a2ae3c32c20c0a8429e921eaf9e2ed8395167babc2de49cc700d2a50c9fe065

SHA512
077ce3f74361102f50ed00473acf68429506428750b9f0828b0da44ea463768186a692d6bb155c9c833835133bbe98ad449578d1244307d109a131f784c6f645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
830f096267aa0d3d3a7bead084020c64

SHA1
e181d755ef4be47cb79117545c8c5e66848ca1fb

SHA256
6cc61a4873dbd3ebfaea6c4f3d557ec90c3325d9a8f14fd0823122110560031a

SHA512
f31ddcd6512d6bfe7391ca70265108f2cfc847e3f971887b0d10fc80c36339431d861a0540e5785645398c7508a6387f66680b13f8e73c6895a18172f2548c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
30d933731481acefd2709076065a2e5b

SHA1
defd627093e7253e080485b2ce7727c6d3dd70de

SHA256
c5920ee55b71f4e24ef3d087ab216008fdd67266be63c4ba2677d11da07844d7

SHA512
d392059881daf821d17005e31b6250d2a15288cc7be5de03c70b38e2c4ef84c1ee75311f721699c9e270ff5f9c146916453c009f3e1c4ee019884e656a15c9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bc50455d81b3bc7a23dbcda05fb66aeb

SHA1
cba16d413e29306b8511600723c67cab249deef2

SHA256
885affc79ef33017a4b0a2f93016383c86803cbc42023e1a1fe3082fe3ab550e

SHA512
b36eb205a97de79d9cc52180f8c138cbffd20ca02eac306876053b2b15dcdb16d6c0d12513257d9616d895e9c78a06c281b1d4d61f6339579095c71fe9338fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
cad0bbaa5c4621d45750e38c875a2c12

SHA1
686e26b682e007496a14c44571f9fe9bf530c952

SHA256
94f72ffee29ab45a464f6818507c03ed96b2e07ced6c2a5621166b8c3bc17ed1

SHA512
ceeb84bbc278188c9e7249e430d60687bb1a3fa77fb2fddf2297e1824ebb203b143b9c7641652990ed960ada293336a9ea58e18cbcb506054ac8b882956c9d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
1991cc7888adf5011094e869e26f8a1b

SHA1
1962922b105960d7d6a11a089c091a63c15393ba

SHA256
44e6a6e46b2113a264f0e3419ca864bd191cb3bb6100ba380420e6764cb55dd4

SHA512
9ff033d3b5026be04bea82c5d993347344b9bf9a2f330e2d4f59e47e6c8a48db324a0433e0c77c877c79c2bc72be362ff25518ea5f81f7b2ffe8d3631ea52047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
048dfa400c9eb9b5d311c44a2cbac5de

SHA1
539d80ae68493ae805e225edd06a40aad9b16f4f

SHA256
1cf98fcc4cf57c66c6bd6357fa002cdf233f9b1c10580c2c8f51a1187c29e908

SHA512
b817e9e903a05c60ea1bd6c96dd835b89caa42b833bc99e995b32ab7a0a51d56c9ebe262b914e7c4e0b9dd0e0a7f7373b5ba354bff4750d7f3d41ad8212f6ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9d7ae0e478349d6ed22f86b50d0f3cdc

SHA1
94d38d4eef271f4007023d15b5834f6558c1d121

SHA256
eb4c74cb959f891d2a187f8f21af2c832e9026b0a38d53f3130804617f8fb056

SHA512
897420903c2427d4728370b030527920638e764581d3c8580500067415b837601da9ee2f9a91b0915cb8129c8c32aeac42cd814f6e61545be20e6d249d118f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a753183976569a84580c05d594ec2d0e

SHA1
31b435a89aa7bc4fce3427523f010f89df2c6112

SHA256
e6268c70aa91f21d9c9be0ae427d7b4173d17b050ef70047ab4773fa5f7030a9

SHA512
7760b0d5998dff6e2592d503599bdbba603e26e12f3d4cd011afc1e37dcdafa00706c583a33a71ed50527f1114c5648e7258a17052c4f0ee173bf66ab1531296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d88fe4011166798a152e259a8cc60aed

SHA1
3b367160eb4e71c58034debc6eff88101135c267

SHA256
79c1c639603886504a4b7d3b2087383e38dd6ffa4824315e51d0a12a1f55bc59

SHA512
f98409ade3cbb2369d1c91c55e484c59a2b2dd4d4fd206c28fbd9260bce91e21fffd23585d6654506085a0adbbd047f88d259c057e3fd5346cda32db9ef9936a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9aaee229fd854ebb62589413119144b9

SHA1
b00f4793400fbbf95eaf757bcbe81621df645239

SHA256
2c397ca61a9b97d1143b858de6ccf0241f65ac05133154848208ba6d4f75e664

SHA512
ae3796f17d9cb1f3195c4f674d92a5b6123999374d10574bd552c10caa00df211bf3e1640250dbe7cdd2ea7d27bf9eefef579b22c87dc02e57b2aaf5e2c68ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1ab5012a69c8d9c32e8505324b5b1ca5

SHA1
a6f56225df2d71e9215fcc5bce74d46a37a63cd5

SHA256
0459423344ad91d391f9de81141bb10affabee50751b7705aaa1ab44ac5bc3aa

SHA512
c2c1c204a12fc3b29b79e3e59435c8b35c87bad5cee3e206f92919e683b3ae73ac7e0585d380d8b13df9eb056a621d8c1df839a5a871886b670354b2d515911c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4eec806bc3276436a5e90e975b4d7e79

SHA1
3637522c79e0afb55823ca238574a21bc7171817

SHA256
b23a812c954eb20c3c854091aebdad8650ab9f08118618b372affa2483e08820

SHA512
87beab8543cea58a53ab4d1264d9fa1797cb64a58970dbe391ec1c4784e3e65ea4db68415fe035df8a4a807df312019e538f4ab9a149d8aa7dd1e1c48c7b884c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
a49886a7c4f4a790814374afe5301586

SHA1
b16b9209fe22e3c7674f1566ffbab465dc13ec6f

SHA256
2f09fc94dfcdbf7f04baf00ab5a6169be6b50481aa0193d2d4c5ce401248bfc7

SHA512
de87ecd7ff04042f68cac1d7ca023fc53e130eb509a95c8acb52b81c373653e2c923ca53dc80d1e538324bd3f83405192978cca5d03eff8b56fc5215ab2c946e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b6ac247eae207f46c810f61d6c0cf08c

SHA1
10d6e1394a55e38cbe6cfcab58482dc7f5ffb500

SHA256
42ecfb27e7ec5c60f3b6635c060c666e45d3b15486f41260b25133db9f4f0ca6

SHA512
7534a4a9c4bcb546f824b57e975adb97244cbd974f11394ae8d625d062d9526ba9648212f12c365764d5bc06c9f701cb16343e57056b35cb4094e05c2f242470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
4e00b423be3f5c845af352d74185a47e

SHA1
4fdb0a50df8188727ab4ce19bec35a8bb74110cf

SHA256
6a797aba4cdd58c93c8571e391be7e9ffaad159033b4eb612a83769aba4f19df

SHA512
238ca16fa7128902f0815bb28b1376fcae818829b1721abe2507e8c122881d48e056b181676c0d9cdc91694cc32c7e5d54f6675dbbf1c13035f4adf426d3af43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Vpn Tokens

Filesize
28KB

MD5
599549ca7050fda41d48cd1d92212e59

SHA1
9e44dec26d7dbced9ca1214da493f613f9cb0150

SHA256
8eb4364904924eac8f323797cec4569b52c109a32d2d848af8fe3e4fd87eacba

SHA512
bd0da72d7582c887cd2e451841d8dcedf84b7d631220f696ad1b73611e88c77a6a974781b288a422c28cdf91fa74a2d5ca779403282f717a4a59de31b352e933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
220KB

MD5
853d2be377a4c95a1b379c499253ab98

SHA1
6bbe860182275444f7c7805202d49c1256e50e6f

SHA256
07080d9a949ebaede572a3b1f3e72dc17c148d02a17c8d68e2e96872ed3fdfcf

SHA512
79038b85b6d6ac8f5b36b1d1a3137e57505d82ec5fc64e980f6f057222c63a3cc778b9004d954d11805020f0916243c3747378341ad2f1273c213c2893d23063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
9KB

MD5
55a0c3bb50a6e4395da70e1af9b9b000

SHA1
e38500450db72265d4391d6115087e6f51ea4624

SHA256
79d95218c51705f21a063bfdae6ed893bf94c4c5f6ad48f8727ea51eac38fd4c

SHA512
2797534b5262fc760d78b7c0f1e669d8cab9f8526401244149ca10cd30f345ccbef5d210e4917ec07541bf3ab0153709aa6d2bd933290254f78c99efc4e8e449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
987B

MD5
78f9b7d63e41ee8a8ccfa3fb16e1874d

SHA1
951226c15eebeb047e69199e7445e93e222d51c1

SHA256
89e2025c9d08f4c672e042dfa3a1980264a435a91ca36438eee806ab191793f4

SHA512
a657d7fb30ff04513acd37cec5df4ddec8487f850489c08d9cac3df7d07791309cc67a4773103397a555b2380b237c8c69faa35254ce0b4196f7fd3b2ca1e1b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
6a7f5430ecbaa24557acc55178a509ac

SHA1
2a324c677d5040bfb2912e10f0a8f1e9279b9469

SHA256
8319c55dfcc8d9bb5e058915db7d7f2db689cfb3b51605eb1406b22c49ac68af

SHA512
ed141ace0d45ac6a8404cfaced98e9510e4673e4dbe9edc04058e3cbbb2441f6c9a355f1a2b4c1fb3cd101477d5a842e75f75d8e30312dd1eff647b93b801357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
893B

MD5
15ac06cd024174782aebecb384045dce

SHA1
0da4a90e8c99ec765a9ef2c245c81dd514a760e8

SHA256
d8c3c8d64c8024b4ae7f4917786831ef7db15aac030d7c037a9d6d3d18565764

SHA512
483e8d08e8afe491cc878bf7c27e9e6b1579399b1f0adf9b5cbde0fcf4feedc01bf83417f1d4574864621993f78a80e016a52b8903beafe684f76e533b4b7406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
8c82826b4b79464671b112d21afae6d4

SHA1
7ced43abdf422c64a0f2a1afba04049773023cc6

SHA256
395a1b1c138c0b2a3c6cc64097535014be2e4c572980cab790346a106b0bf5bc

SHA512
fd97f6883e7561f54682e7415390d4774ea9b525d3b79c8e37073f8674d9c3bad79dee064f8e060e9aceaa63732d7d5349bab1f4b7219480dc1005b56fbfdfb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
124b644ad2a900643db166ba8a337b7a

SHA1
d6690501790064a7279522722c357f0c3f55fe1e

SHA256
dfb22c9a95624d78e1dee277b3cd73a97adf804e2e6d0376540ab8d34868284d

SHA512
d2896344cb7267698040539b25c39dd536ae4c0a9341767fc90ece9f7b3c49b8cfd2f5f044e375a9f6fc082ad774effe2c559e09ab8da98d78dad835d61ca019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
ba660999bd4cebba06ad529d6416acb9

SHA1
2391915540466fd45ef818d045049eefaaf87348

SHA256
2adbc7c39e7645a48d01553a6aaa45f55b783d21029f5021c75229680a103ee1

SHA512
9b52ce7bcf95f9854d4275de1027ddb0a3f32d1f34055b161a50ad7b6242645d5a05cb99ffea2bca6f9b0c65fdb4e709bbbcb20c4eddddefcd8597cd0f239eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
31b86779c4a44149b07c3e26446c6de6

SHA1
d211ea8ccb235b881b26c5698c2cfdfa29f53c2b

SHA256
97b8bb6c957be05cd912ecdcb2193d3678f9a658c7ad049c1f27049561b1b2e8

SHA512
4bbff3651b2223bc4068a2fd1eb5adf32f2cab60dbf749e9902cff487970dabe76551461a24dd38d9220fe2b2cc844904775dc814d2cacfffb5bf03864a7ef8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\f_000001

Filesize
17KB

MD5
f95bae46c438b28d87fa0694778d4b7d

SHA1
f9b96babe4cff78bb535c9706b63d1043c3b7038

SHA256
3da75dc0a8ca05ce4703087347e889ae0dccbb0624f6f85efcdd163c8da71a30

SHA512
db41af421ed4cca5ccfb8cc552ace8feec104266bace5c4fcea098db96b5419d7d499a2465d08853c59f57f26df26ebc47f9e222a1a79dfe8097aaf1f54c9b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
8c161068664d3f303b0d0f5a736734bc

SHA1
6e305f2af86568467aecaba69abe2af34c74a83a

SHA256
fde9037928ab3d9b7f2f2613639e2fe80ebf70cf691d161fe8000d0453e04384

SHA512
ae5c8f88c47941d93da6175f33f45876b8d7240039d80de95dcc39be2e4c55e0129182242d3febcdc285a4941d2e0dbd01fb7343480d6292d9b51cbc77fbac9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
9f0786e66f4c80870bd874b7aba0a394

SHA1
74d461c9049086ea0301b956203e7cb59438160d

SHA256
da3e73d31020d249d320f01fc40220043e34ebc99fccaec56c5a97f671a8f227

SHA512
f766b4ee7c28886c1901cf76c1c917e296ddfd3cf843f4f27d7a73db37247ae0dfb8c3f343c4ba124d20f4475e0fb4cf60860215480341715bb907d73630cc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
52KB

MD5
3df596a18d239905eaffcf7c8dfe5fa0

SHA1
9cf471b30152d7d2f0b868c9b1dc038bef094590

SHA256
26e9f32e734a928cef9eca01ac24e0118d100d015ffd5d1638dfd4257071c7ad

SHA512
6c8e4bc6edf41b6641379508f3f467b5d76df8445e4f1bc9be24fc4342e9cc53a2721cd76de247c4a8aa27e7580201965b3ff3308b572cd13a6882ed5c83c5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
60KB

MD5
de13b587b8bfcf2331dd10629eeab782

SHA1
acb9be49f67ac68b2a506e15945c63573eda5632

SHA256
469dc762e89672c9257cb54fc658ee3d7b0d4bf66d74cc05552015e9f1240928

SHA512
78d33ccfa3d0ae1969e8ae940b8c22df2dcc2b3f6a87cdefe83755b4c459b9753e0268fc6af18b0953394b174f54d12c11f18584b2db2390c825dfd0213c0cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
60KB

MD5
86d363a5736826caf3f7227412877552

SHA1
fc2558f03489c30cf64e29cb2c2262d10fe23150

SHA256
0336d3f16c33f0ac7dabf602531a226727370ea2e8b92a768481d4c6f3db77d3

SHA512
4336d85ca5bd7897a7024e3e16677b80828caf82e03e56c1cd7df010d023ac952b420388bdec0c45f6491b80f09829c186fa00030b0dbf3524c0a83849792de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
66KB

MD5
2b33aeb129dd6c383649f96af40882d1

SHA1
b879038eae30e8ef29b152a56f097931af1db2b5

SHA256
8c17868dee4d6d72ff207868db8b67d0f9820bc7ea6b09d72a016ea8e682947d

SHA512
e8303c3f53f8b50bbef911212ecb204dff90df344f70f1b1fb13be47062a9a1281d5e6efd31c39a496dc478ea57e3222951d9f50054b0da29dba6be2b3a89cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
a096af277edee3827b95fb3270780bdd

SHA1
b2218849ef6b950f7c6a06ac8cd04a74effe58aa

SHA256
0a524d9e485797ca8e900175b16b1972d03a31c839dd7ea09d2b55dae7e29b7b

SHA512
514dd4ee5a402799a1dcd4b35a0cc744371651045f0e481368f8de90da4ca863be86e225fa756a9b1b299e7d23af95708fbe176b7a48cae6c9ae1b30b2794ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b7b63f2d96eb4a6e469172623d32e821

SHA1
51bdbeab4690358b5b2039b6e32a465de65f348a

SHA256
a2409abc6aea714951c993090079680729f9f981c7c665c03e7e567a0f55ffdd

SHA512
26a21286bb9de7d8b331e8c639577b57b18dc930dd83ea04c044f68d0d1fea23458a6672f62dc2b46178397994b9e31b98d51a1f19d106e7fdbaaa73d8cc2cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e0495fde257df2ef62ee7e3fdb1ebb9d7ff72300.tbres

Filesize
4KB

MD5
62e449e69465c929ad1048113cbf5850

SHA1
26818433137f3eb93c51acf4856d2528f3cb6919

SHA256
83e1a9162ab9542062140820e3a8656a2e60b4482a7ab6be4b39b53b064732c2

SHA512
27faff677a72f894392c525e46b5935a27d4931f1083ab51f5795f1d61b2373874554eee9d7493f456d0e2f66d450f8a7e98156e1ef41fde4388081eade36973

Download Submit
memory/4440-67-0x00000297D6360000-0x00000297D6382000-memory.dmp

Filesize
136KB

Download
memory/4440-8-0x00007FFC4E380000-0x00007FFC4EE41000-memory.dmp

Filesize
10.8MB

Download
memory/4440-66-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-9-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-252-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-113-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-112-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-63-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-6-0x00000297D7230000-0x00000297D7758000-memory.dmp

Filesize
5.2MB

Download
memory/4440-5-0x00000297D3DB0000-0x00000297D3DBC000-memory.dmp

Filesize
48KB

Download
memory/4440-4-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-0-0x00000297B8340000-0x00000297B8460000-memory.dmp

Filesize
1.1MB

Download
memory/4440-3-0x00000297D3DC0000-0x00000297D3F82000-memory.dmp

Filesize
1.8MB

Download
memory/4440-2-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-611-0x00000297B88F0000-0x00000297B8900000-memory.dmp

Filesize
64KB

Download
memory/4440-1-0x00007FFC4E380000-0x00007FFC4EE41000-memory.dmp

Filesize
10.8MB

Download