hxxps://go-link[.]ru/mQLDX

Resubmissions

27-03-2024 10:28

240327-mh61faab42 10

27-03-2024 10:28

240327-mhsstadb9x 10

27-03-2024 10:26

240327-mgmkeadb7v 10

27-03-2024 10:19

240327-mckj9ada9w 10

Analysis

max time kernel
298s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/mQLDX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
1712	msedge.exe
1712	msedge.exe
5068	msedge.exe
5068	msedge.exe
3100	identity_helper.exe
3100	identity_helper.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
3252	msedge.exe
3252	msedge.exe
1260	msedge.exe
1260	msedge.exe
4876	msedge.exe
4876	msedge.exe
1460	msedge.exe
1460	msedge.exe
2596	msedge.exe
2596	msedge.exe
940	identity_helper.exe
940	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
1308	msedge.exe
1308	msedge.exe
4180	identity_helper.exe
4180	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5068 wrote to memory of 804	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 804	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1904	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1712	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 1712	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe
PID 5068 wrote to memory of 4620	5068	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/mQLDX
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef72146f8,0x7ffef7214708,0x7ffef7214718
2⤵
PID:804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
2⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
2⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4044 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4180 /prefetch:8
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10549886208556572460,16007000630746533561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
2⤵
PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\76561199111538119.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef72146f8,0x7ffef7214708,0x7ffef7214718
2⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
2⤵
PID:776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
2⤵
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
2⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
2⤵
PID:468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7539598136121333408,219201381161156556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\76561199111538119 (1).htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef72146f8,0x7ffef7214708,0x7ffef7214718
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
2⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6931326436854856929,12252386230189178290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d71d685b67f3a4e6f48e68cdc9fbb489

SHA1
46e1a03d36e6415f6c66b16a92b135166a54c5fc

SHA256
04ff065c73e61c4181fa9701c86a8447be587c1368d2fe8798320dd8e7db4554

SHA512
d6fe042bfe91af785bb134ca7bd04ae7309e215dd2db723ec3ec1ffebb8c2483b20b02fb2f68c28efd67811de727faed37cf734041f1f686caf35ab752b49d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bbfc01f870f7ca19effbb574d0433ea1

SHA1
ec1de2ce0129368efb079935ab5f0c202d15993b

SHA256
e25a880e51247fc50b05a92faf59de6ef5ceff5429ffc59cc1df7b1fd4208682

SHA512
6ec47dc648bb9487b91394d192859f469f431e7105a4bb6640ba521b0b771733f8eecc6349f2eca3322e23fd525c7206ab13b640186e4dc9ace601de5cc90d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a6ed248c1cae498632664ff4354ef386

SHA1
42972063f74fca5ae2b7b8190e3c1d449dbe6066

SHA256
c364dcb5fbb91628a69140b2851d0ce9e2b065aea3c428d594aa6164d1e53ac9

SHA512
4884990a4079fb0ca0b10dfe045b6fd5637ac7cadfec8dc746be20600cf9f20644b1510337f824c260f2a5c0aa21d740143461f59ac427eb251f6fe9480e63dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5ec2a3be-2df0-4e3b-b195-0d7073cc0782.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
0ed977c985af2f9b642a7e27b5fb257b

SHA1
5f1811bd4377b9e138ba3682bf5daf83f42485e9

SHA256
a10dbfbd9c26f3ff672261c534069e753e514e1533f556b7ae5d5a835e9ef14f

SHA512
8e1dc191e440006c09ec4532dc4e6656e89328f94ea82dc3fea25fbf9f131f242555f8b23bb132f739510c653bc7470618a4c29e56ff23d5eb861565a14c133e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
8480efdeb3202c200010bc1512de1a96

SHA1
59a268bed3a88b3c016aac1e93480500679b5050

SHA256
a8cb9e2624e2555348e6dbeb28662332e1129d27202fae43b6dbd6697daa2b9a

SHA512
ff3fa072da0c18e170e93065917c8524244475c4ea83324ea7b30e46498b46df7e76c93e0df16c2fa56c925ad5f0828a4240b1b2f3d18a178de091e9228bb5ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
e7542e3dbdaccf864c4248728ba936bc

SHA1
09077b1111b8b06d9d18f1157366ad721ed28d2e

SHA256
4e96b9e067b8e71a5665e78b2cb21406131bc1ea279ca2eebd558193230f6070

SHA512
6d8f1cd96a3b0ba69c901879673b657eed2c679a116fdb164a493855ff10a73b3c810bc770a5454ecee4aab7062e2340bf231f5e693b189e95cfa16deb0a188e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
b2765f3da2de5ba787b767c7951e73ca

SHA1
0ecaa0bf6229fc106d94c58c5e712ed32e7bff48

SHA256
7eedfcd05e57898937035b51f84c35fd5eb5e815576a70fcfea1d630dd01c328

SHA512
9fb6ef64d783f5c025c45ac1c9b89f94bf748cea076626568395521575cac15b5617dba3cb328c0bce0980f10bdddbb6363d48dd234316d6b1f1c80b8751eccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
0fb520ebc12741e3439f592b2c912bf9

SHA1
be7c06140ac5d7150540850c8cd6a676ddbdffa0

SHA256
17f736cd9b095a4e2f4339e1514b61b9712a974d261fc3ae3551ac70ea57856d

SHA512
b9d052a0e649acff256a65990c8560f3d689d7fd4ceb7997dd86f46e2aa0590f252ba663ff637f1e09eb46185157ced1c4fcfb4c453d88399129d3c5caede303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
2b5af6e507760d09eae2aad78ea92832

SHA1
cd5af5e1bb7483c9b0533317efda5f1cc406a04c

SHA256
94eb4bdadc19176c3701da62a7b434f236963982f5553fccc06068ffca582eec

SHA512
563a7ce7a46cb5021bd22bee5efce3a379c7efda2e86aae87bd093fdc5f0c4c85781687edac41a446712dd81e7d21c781b2bd6917546f073ba3cefdb42375fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
618198acdd26a77114ee11ee17579756

SHA1
4efaad6012bd31b03f14d3dd8d42c804f643a2b1

SHA256
4ee2481fcb08142749f8b2c773a03fcbb43b3878819992870c2922c984c1682e

SHA512
c2e70c42f0ab112b01408675f8ea490826466e82d0d8733b42bc4109e6749f81147862366c994f90342f775740f2ecba3308c4087b908a1a8b60a9d20414db09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
28KB

MD5
bbf444ecf378c528f2dc24e572a3d506

SHA1
6db7d1552db28483036b57df6fcdbd0864a0969f

SHA256
b6f638994c5e8e76f11618626b718acabf65a7769868b3dbc527a5cf6315afdf

SHA512
0322a9241beb220d9fd0c056bdc70acc17961b86592362c522b2a13fecaa94f936159719513f08a9bfa10100df0b323a730a0432ac36803bfad1078501752cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
288B

MD5
c34fe2886b5cfcf88aecb8fd2ee109b9

SHA1
5a4ea4ba89de1cc07b2433b93ef20973d0383542

SHA256
2dae0f17182ef19c42dc5a8b8ee9bc072c5a12d9933c15846e69874894542351

SHA512
2b459fa8ca94373ac958aaab265dd086689c5ea533cffdb598be8e9861cd56c27d222e73cda8352ed86621db3e9d68f6ca3001d91cd69c8f612be3bed1dd5f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
27e2ef27416d4bb5e1eab29ba06bde4a

SHA1
c91492f7dc133ac6ddf5e938e1a6bf9a3c0feb12

SHA256
41a13d651c736060cdda967f4d36276de31cefe4f94233c48628ab699c5e811c

SHA512
ef4e739872133932b9d61d5623db5a9e26447ab300b2d2271d033ced4880ac5a1d3d69187e53f7ec4551bf4bd9d84766abdd493df4908a871fe60b24673b47e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
694B

MD5
99bedf995e27c91db6ee3ed090d53645

SHA1
ff22c0c04c48e92103e5903d2bf5dc3ee07b839f

SHA256
2f0ed59f77776d72dd3a089b88515e9b0590952016829bf27bd9cfd51941fb6d

SHA512
0547a1219508bdc8c816e95b02441ac605f3299509ae0d0b0bd728df999d711ccb5695fc86d750aaa537eb00b8764735db52637bd609c2b03d2ee1ba02bb1bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
694B

MD5
da7781e43f0cb614ab3980249365018c

SHA1
359f5cc72e1822d77004093e3640f684f931ba6b

SHA256
cc2dda3ffccc44926bdc5df8c3b571acdf90e208881021d591ddd9a94d1366a7

SHA512
17f7f8cf4556b9678843de8801437e98d6dcd6dbbb8fd328d77b2fc207852eebedec36ea377176438d0049b0835ae4230b5245d837666e1672186f0aba283502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
873B

MD5
e07b12189d125d694fe6a8c964938642

SHA1
9216aac28df08c11fdc055965fe7c7fcc9012e09

SHA256
35ab133c8183532799bc1bad6e8a481551f154aeface38d7a1d50d2174056b63

SHA512
bf3aa5bbd047a47218bd0847039e5231ee4e12e8d62b77761f6b1c4c00de41b393ca8b0cca42a4fb988011c24ea1fda6cd2153fa1229d961082f3db3c9048698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
991B

MD5
caefacb5391654b37b6ba51f1e527b4d

SHA1
fa43f70274a5fac035f44c0f3f7b46dc7b2f11f5

SHA256
4805037428fa94c6423637646883b730b7155d53235e35ca8ffe6ed0a4832fe5

SHA512
ad80e9aa1b3f9413d1a0b0519126076cbf03f2326ff35d38b5d89024c73a9ca3eddce4fb2b92ca9dd97813e4e76565abb8403f78797e6798f5b3c127be78d9b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
522436964ed28e33f1da5a7bbe3aacb9

SHA1
91d458ca21a6c033c25e3e16371d375c423cd675

SHA256
c66490e36d01a6a18c393a34046630a271a155d4ba2df7a05080f15d04405b6a

SHA512
3abef5b11a9146ab6729eab81ada5c83f7248b5e990d1ee51080dbd599ca0132fd34e2f69aa2b6f494573ba67902e6e893c5d417d6096756ed45a1b943df46f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8155460cfdadc19de7eef74d7a4d1aa2

SHA1
3dd6b9b3e229fb2a86e0bebaa02bec05a47e44cb

SHA256
b414808bd0871642a091b5bf4c086c188c3dd0b4ea5efb86cc06d1787a10e66d

SHA512
7d66867a8cd53a484b304003b56f4879ff04280b838cdd6f55c3649ff833ca0c8fda5046c64a6e275d4772ebb19226c4c6bac49968dfc542d7dc7d9ad75addae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8f183d2742fbc71c7a351342a5410b8e

SHA1
d200f8c64fe2050ed940d4301a0012767892a522

SHA256
bb6c6058cb95d86931029cae8ab86f27f2e1100e60ac12db7910529c8d615e89

SHA512
ce64a164907ddb20dda56ceea117fbf3b6b63a56b92920780d659002382e9cbc1fdd868728319aa315211553493870b0c2796c3a371bc8d33ecff1ce9e23efb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
419112d661da2b027b5c3c22376ac6f4

SHA1
45db92106579783dab14ba4c1de73f858ba25164

SHA256
353aa58915e33002f632a13a483e988372340fba118c595e45c14b8039d61373

SHA512
17e871756178015fd603c5305ddb43521cdd94e38ffeeca9d2fc5e2f60e298810275ef40169b1d53e396de6ee0267426b3389b3ef761a5acdf26c2a5f538399e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fae71d7ab2c291480226db4439fbf9a4

SHA1
389c8958c08f165e109f3f83724e4cd98a09061c

SHA256
1ff835414f06895cbe8f8a6318f239b11644c3d2f6677606148fa5c9fd7762f7

SHA512
4fa2188ea55d11334861dbcae56aaf29309156333dc00a9db6a4d8e479ae0b4789f2618fe17ddaccba881c1e7d2cca40ac17c781e23bcc10289e741e81642561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
675253f4530874b94e9c1d5f3b85779a

SHA1
1fe9b7d4d4cfb3227e02108034ca2ef12903a60c

SHA256
a4cc4c425a643d5b0fa272889c6c50283d86f64a218f036b21aa28d6cc1db45c

SHA512
38835f2ccb46ecefcb7d9189fefa54c834236dc7d98e16af27cd24b188f343003b8121eba9d073a1439bb46b477758c057cf17c766a32f8bf8de20afba036026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
14766094b365a4ac9e2e8240705dc12f

SHA1
d541235cbeedb7b08dfa324c3344603d9f18cbed

SHA256
75f56c6729bea84f1cef49e4f69ff2fa0c251998cc1482eef55c4bd0c10cc4ee

SHA512
94029822e2bdf1b33f1613342544f639758bf2bd8e09843946e2ba7c78443ce8f43e83b3c4a317843728e74ab99821f67fdf104d833de5aaccb108c1f9a5e590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8f8e0407755086e068adaaaad7ad73b5

SHA1
c0e573cacea1802c310fda8c3f18cc3f0bae11ba

SHA256
9aa882506aacf18b875de4410948c67469947c30fe37077f3f1741965cab03a1

SHA512
54df399c13df9ab3ba59fa853db62678170a0f2b6459b0d147d09a6b187f824681bc0dd344205900345d9a51ed30abd19792c647c2ad49888967fc32fc7e9a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
13b132833e3156aec431f6566353a242

SHA1
ae6da59108cef46b107b9c6c3ba17e2f68adf687

SHA256
8120307cebe644b04f4348badbaa4b3f8a2acc6e585c5157a36a61e2e052571d

SHA512
2ec6005aef3f34dde50f8f3f1f39dcd4984982ea69e227079f93d15a2b9657d647c8672ca5f7b1ef5834b55d2583edc236a78a9e4bd9d8fcd6cc21fdcc8b6dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4cba0f08717ab9c50fcaba260c7c25f2

SHA1
412d612f3e5efed40f147d1ff2deda1ef8c06729

SHA256
b6c9271902e699d540bac075fcd7e85d6bbabfd7bfc90481d45a5804227effa7

SHA512
dd2ab55c9dcf94a37ecbaa27c255040876ab36ce2c21d017a2d3531cea968eef753c7b3aa4b5d45639565452291e856f10d0e1648b5f20eda7db83fe394f8d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1c7ec27d94da04714401b9adf0b17756

SHA1
3e18d51664cd7c8036552c1557391ae0e7d3363d

SHA256
57be391e5772faf9845cc18c3b6c5e428c1181feaa56c5dd4c4d16472c9ebb52

SHA512
067ce3414a4fdadf8b1fbc79cd0abfdbde43e60b848d9f06e1310f3c1192ab2135347d570baa9c1eee1da941f70e66a85ff4a82fcd6286268c542c97a5f2ba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
382B

MD5
011b5fccdcb5fbd64617cc01a85afb10

SHA1
84ffc1460d8e64838032bd1c5da84641f4ae4d08

SHA256
c7b22810748528ed0fc86fd336950187312f18279e94204e34327bb3bcd674ff

SHA512
1c7e42c7252dff7ddf0ca3a53336fd6981f5601dca50e8732373b56d7281e689d28a7d4b25563439fc858fbb62fb935717ffc236469c5623189ea16fbb12ebc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
a788cb375344f8937295bcf03572db6d

SHA1
1c69389428ba90a1e9b0553c5c78890aa6ee324b

SHA256
2e51fd27f86248332715a8202c389f5ee13b1369bc3c3d990a26a7365b263072

SHA512
2cefb8c84c9d16be7bc59444220ed780f938b3e87efa27904ace8c30b191c5314e2d6de174c4a9dd4415d9ff42829bb171a3a1fb6cf4a20bd7664a2e84c269ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13356008369189709
Filesize
3KB

MD5
c094dcd7b426a3ce1ce1883b5d24c70f

SHA1
02e32a0288909c88deda7d314495f590cbb7c935

SHA256
26208c9181299b429d85c2f25c83289703fdcd2b218cb7e244b206734c0903f6

SHA512
2da0996887dcbab27c23f7b54c837a8ea32f20ba9beadb87599575cc7052ba454dc0333f28e08ff2eb58a90e5d6a3c9d18fe0d319e6aa65266908dc5bf6c433d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
6dae9beb61e244a51fd33ea5a8a4ddb6

SHA1
776dbc31a31dcd21976c76376a3bf6dc6d09e5fb

SHA256
81eb461d1267e1a8ad01a1b5d82eb04cb53246da80a1dcfdda39d12cde041bc5

SHA512
fb911890a1fee4bc96d22afd13b90f9ffd5dcb04d8c646bfcd1012aa6528a3ca482311d18c07663091af416a24a64e9ac53782f2ca01536e0ca456d153eb1234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
ab4cc77c3dd289b97d1b23865da9aae0

SHA1
87c96dce904b702c2eaa0274f98532f4776072f7

SHA256
804d8f78711e1956ffbe66a39a842b0002d7e80090cb717bc9c4dbaed346f91a

SHA512
ae339df0d241f69dc16c8c602bed8423db05caa231bbb94770ddfd2d6056540b5d3c0635e1fe8594be155d5846afb7c78ee442fbe5e2a19358a1124d5408dd58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
c408dcd0a8d018b1aa63e161f72654f0

SHA1
c508f5ddaf2795cea9cfe9226a3b3f27cfedac4e

SHA256
3836b18397db5416fad7a2e278ff1d6731bd858105eef68a4a029954c20edc9f

SHA512
8e1baf75b0d7b7be2e1bb0dbb0fb9376c419c107ad9d81983347f6064ba7958b4eecf344b8099654c8605bf7ade4f56b6e462e4ec8b5ac92c8364761caeb3cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
a7deb21a87e515f6c3be9b2c7487d2bb

SHA1
9fb1eafc2557e8bb3acbe538aaebd2f2715111bd

SHA256
bf4844f245602e08a2b445152a156f21372dc24109d17fda589c45f933cddc54

SHA512
58debc1b99666edcb579517eb35ff13ae6b73d3492b76d45b097ff1403282fdfed4dee1af65f3fc2895f0a7b383f93660dc93969d4792a9eeda3a7fd05471f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
e7d2d13786f28cfb34fea4718aa03f4f

SHA1
92f6bb0d80ba2d1fac4866e023c6528781542114

SHA256
e390408f34d993bf0117b8df0858956b18d22faf953009f282a9bf74efd2e961

SHA512
98a24faaa53872baecbaf8f5e86ba5b869a1d6b284122ebc50486a3e67d65c48a99b1f05e4e816c2a3cb792d6a6fc220fb59bc2e3bd8e07c5e2d1ff03a510a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a51bb.TMP
Filesize
204B

MD5
a946f57ca9d27183762c478eb13f2778

SHA1
9d2413294c8355608e2034e5cf29c896050da7df

SHA256
8316fac912231fd38641a67c4a19c6d0295ca0c06619b55d9101e7c7d89be635

SHA512
def7dad71f98b6ae9539f4916b8b6f5eabbe26d51db6343d1f6b6c49276e783dd1a3622b89946775e4114d815555675074c844d6bd3cfec0f3a1bb6bee21b6be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
399ae91495fbe20b4d124694f1f0bc10

SHA1
42f902aad2633681d67e724d7a79b98cfec7b329

SHA256
3f7a2d8b9c58076a4145c7b500252ba01bee87451f9f98eff0f31263ef323f9f

SHA512
3c173902c4fe306689e198c27fc61345addfc65b6abbb94d37762c0390f73996132cc713ec1643869955f711e36fe723c1c43170427847107a3a46b51ae59f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f67b498e-c3a5-46a1-bb6c-ff50d26497ca.tmp
Filesize
7KB

MD5
65ea289e9fed2da257ebfa1db411165a

SHA1
1bed3f97bb45fd3b2151c9b3a0171f015cf0be61

SHA256
e69b173a924554e38181869f26dc30e568936d06e32d754e19bd530bfb82f177

SHA512
17bb8d9247cb615912fb7222ab0f4a00cb8fe8ea00677751595e40227951d44d4b4465b3dd9b6e9ca192756cd360e62b340b48e68593da06e4bea17dd05bdf58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
2.7MB

MD5
6a18aec520fcd5f3af154d60e21551dc

SHA1
54e2aef11d3ab39d24ff587f702a4ddc5f4c4dff

SHA256
65aae1984221b4535bf7bc37448deef86da6c3e1a31b29a3b07c4a0fdba403ef

SHA512
b8c34ffc721c1f206dfec1261dea00bc1093ca9c5ce0fb2d76d7efa51aa6947d803021b6326efcb1e0225763e0b32bbfe3d122dd56cf6d7dfb9968df723b3bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
9KB

MD5
08a48655341bac08d3e49dd472118c1f

SHA1
3e882d66f723705268427e35c1398d2a70f1c533

SHA256
f5588eba39a2d6d30bd4d286ffaa8fb8c82b949e4a053583b96daeb46a3fcf6f

SHA512
1b606e6647e08073e0b474f1dfd27ff1634e102588ea841c4ea29ff565dd29ec36c8c29c8e0900471c3bbdc20257d6adb0768f7f3fdde1626fc5bafab9ae4a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
da0011127e5d06730ad9c0b4d743b1f5

SHA1
308fdcce0896db3b5aaca1de4d0abf831cc44954

SHA256
087315cab93b1ad0eae69d09cb5d11afc91bcf8f2cd44d10d3db0aadb0245b77

SHA512
9b10ff41f0bfa644b14b855b7330af577f594cb231d9a180673652e9a70b73b63f988d5771bd38b4467929f8914b3f10e2fc41a7d358485355ac2827b421e8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
565B

MD5
95afbc99e2ad11bda882413e9425fb10

SHA1
c138238f147c3b1945b25844532719a31aa4c6ac

SHA256
9c2724e7deef15d4c01a4cdbfc817135e21414fdf0afec4554039db1992573aa

SHA512
cc5ed11b75d8d5153c643828653e5536e754dcd4c320644e04a702dcb7832c53bfe96f5c34a4465b9e540c2df4daead460d8008db890640a60450c9ad4970be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
e19f82710bbd710287c0556892086167

SHA1
0f019ee8c33847d010577215cc1e6b5e4ad62885

SHA256
3df650fde18ea885ddce154754d1552ae6fe5033b4691afc5f4f73a8cd0c123b

SHA512
126366d0f00513b66b2853aaafbdd5390e6322425eb38c8727ca59d259cb2b6aa54f1afb5996b3955136d1c506509cc1c975dbfc3c9ee0fc415b4450f6509926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
102f77932151f5188734d5172aeee220

SHA1
4437adc90084807bcb6b92caf38e0fb50ec0166a

SHA256
b2997fac987155bc9dad986b26ee62bc3fa21a14be4810e89ce227892110d460

SHA512
3db4e129d3eaf41b7efe6a6928daebaac0278e47e91cd5fd47844cd7ae0829c25c122ef464b59ec11ee655e379f5e8ad214dd66fac049e3ee0333ba95e4f2814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
d761f002f268e8853a51615be386f4fb

SHA1
d5d7abda03b6d1245ef2430187d021432394a68e

SHA256
525581ada12883aec3874c4a31a666c7b8a8f3f1970a2808d83bb44c56ec6296

SHA512
cd965e8cb9f98c77135ef39636d73b81b641f2bcfff3d7d0231adf32808abbaebefede2f7a39a5de02b154f94c6eab1fa06998c93c347a92bb9a1dab99934f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
3846f7d04a8dd4642c3c317259115d94

SHA1
97879ef71464e070394e7eb67aba93ca88e9d4ac

SHA256
d447a05a2dca20c44e0a27129fb9961c8c67e78bca7a4e7c98094b5067cc71e5

SHA512
cb0734212717a9f2587788af21a70d920547b3a455dffe813927d343a447ee10350687eeb92f686c831af9f483aded2950f7baf331460a61525257b454df7734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
Filesize
17KB

MD5
9816c6b09917b0dfb201dd8d94f143b2

SHA1
1820daeb1b70fba4a1bb4c602342ebe85861eddb

SHA256
a3f6af7dec4e5accc91a73f8d0a3bb83f28fdb931404873748d13996d0a183d5

SHA512
a81555b11ab5ff8d9f571473f0c4bde30331313e4bb9f48efab7288a049ad5e74073c457d195d83e2cacc755bb2783c395b5ecfb24bb76941acb013ca828ab57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005
Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006
Filesize
16KB

MD5
e7f884f3e93b33420a307305edb14ed4

SHA1
b951204502dda9221b5089da9e56107383736b60

SHA256
e72ee977216ccc0e7cc260bcda1051d9525987c831339146979b278dbf5cdb9f

SHA512
4fe25ef726acdd7f8917f2dfddb0390f30b7611ae510d88ac56f6d527a122a667973be34e74ce364aadd5d9ec9d4fe340e3aee186ee9c50bf93c13af6ee8f503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007
Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
09890b7d2bd70cdc0483dca7d58b5291

SHA1
043357efaeb2ea6450ac2cab3e143cb607f4e824

SHA256
fbfd060d781375480e7d2efb038ba8737f5fe37dce36ee28e383ad698b1dd3e2

SHA512
a5ff7ff7fa72a036954a2621e69da576fb672496188fb24f0ccfb332c570c52b6971ec26f03ef973d97825d377b8f6971d9adefaad34e3dd9b29e32d0a46dae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
c704934558eb09803f55d1e5b535ef57

SHA1
11703203618d6f84c02206b8342ee903264d2506

SHA256
85ce45ccd38f904a7af0651106fa7edca3fcec207e00e7cd2e8795115632ce44

SHA512
d568e3941d755c917d0595a43c31d932fa46c7eaaf5bb82690fcc135b67c43eef89c39558cc478fa75782b2dd12190f2d7c3f8212a866e2642883dc9a4ff3fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
a0a8955b65cffa9cf49c909473239c83

SHA1
57d0039fe06322543f683733386b5fd8f26f709b

SHA256
d76b91ac6029dbe565e7afaffdeaebfc749a95b9791e1c82e7e86427a26338f2

SHA512
0a54dffd00b36ede275304212c8f9c0ab2f022423e2564d4f4452fa6103e6eae6ff9693c1029842a319a38616d46a0ea17918c89a2cb0fc2bacb5ff1a4c7ba88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
ddff2adfa79a59da2c61b8652decd54f

SHA1
60ae419ae8607a5b16958d0628abc77f9e1df251

SHA256
dc7c744b2dceb376a69fdd9a5c1bbf3f3dc492f98f67dd6dba24ac1225296772

SHA512
4a26b3a504c2272f4252c2dea0614065a27b348eb7d952e35b9eda9fd9da51e53a3cc9ae63e9cc6eb018780dfb782c09114d447823a3799ce07c9ec448ba3270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
bec229be7785b80721598ce674adc336

SHA1
3af7dc66aa0de6533a540393882fd8e76989e0a7

SHA256
1fc4a00ff3ae38f092a8adfe96508ed3ddd10dc138f24e9f0fb9c36f466cd0d3

SHA512
fcbe3aca97e6bc903938a00183bcefbc6759427db2b68942e8a7f2f6a6048d047ee6c9d6ac99587fc64b9902e2041440a7401c91abbe5c6b146ea096b5b8a25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
8cb4538896870a5e5cf9d51b38b12c55

SHA1
74e9b276223941078aefa35e17634dc0e50474ff

SHA256
a0af66af55f59ea1a87eca5c50cddbafba187fc3336b63638fdfdb6218e77d55

SHA512
62a7ad0dd92a9f85db78b78a425163c35379f61cb5598fe65541b3785909f45593656ac02509777bacb98a182e566b5ba9ac9d8c17e68882d44c3b50c677fa84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 932034.crdownload
Filesize
955KB

MD5
b807fa33d6f2a10972bbb43bec84f935

SHA1
f332b829477f9005cb1d4e1e66c6cfa68dde4976

SHA256
3e0007ae1f7001211c6a7286a806cd00dd7768363e88e54f2beed28abfc506c3

SHA512
b85ad2e0c9372870b3d6493237dd7fd567e4d03ea25404ff15de26c12ff1f5954f71b2a05df6ced1ea80e2c1890369e8c53713ea4032245cf55456be3c019aad

Download Submit
C:\Users\Admin\Downloads\download.htm
Filesize
559KB

MD5
994f35b7661d1caca98fbf86db166794

SHA1
5e9fbc35fbdeedcb851b84223d4509cbaca220c3

SHA256
0b181974692c8e145af48c53603972abbd26cb494fa78d3b4d17e33a9350e6b0

SHA512
2874ec39a7469b6a24915127fa69d7bc3bf59e65087612c1eb0fb198701e67dcd44bd54a170943e5ad94d12b91ebea6e244e3ac772d30ba349d186fc9371fa44

Download Submit
\??\pipe\LOCAL\crashpad_5068_SWQIDAAXUUUMVTVG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit