da6062107b3fa8e3e95c3fe0bf63e065a39e01016217ba841dac9e34b2cd4b64

Resubmissions

10-04-2024 19:06

240410-xsfaksca6t 10

10-04-2024 19:00

240410-xnz47agf92 6

10-04-2024 18:57

240410-xl4plabg51 7

10-04-2024 18:51

240410-xhvbrage44 7

Analysis

max time kernel
300s
max time network
310s
platform
windows11-21h2_x64
resource
win11-20240319-en
resource tags

arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system
submitted
10-04-2024 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

b96c2023aecaedc1ef2eba00d10c2acd
SHA1

2db4028fb645c078655b1540747368e510a5ea77
SHA256

da6062107b3fa8e3e95c3fe0bf63e065a39e01016217ba841dac9e34b2cd4b64
SHA512

146dccb0a81099bd762c649cca97a866f1ba2b2bb7f5e909cbb83eaad92384c5fec36999a90bfb9e0a9c06d79e08eab6c933601bdc77e5945f20a9fdc1a1a361
SSDEEP

384:rGzDpmReVoOs4xN9ylKeGMGU8HhhbOtq7mS2LjFrSE3+OVJCBXQL:rGzBVoOs4xryI1MMBhbWM6FrSEpJQQL

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

50 camo.githubusercontent.com

flow	ioc
50	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1233663403-1277323514-675434005-1000\{9468AA4B-EDF7-416E-80B1-4CDAF3570AE8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\AIMr-main.zip:Zone.Identifier msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\AIMr-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2144	msedge.exe
2144	msedge.exe
4736	msedge.exe
4736	msedge.exe
4596	msedge.exe
4596	msedge.exe
3496	msedge.exe
3496	msedge.exe
1776	msedge.exe
1776	msedge.exe
648	identity_helper.exe
648	identity_helper.exe
2028	msedge.exe
2028	msedge.exe
1376	msedge.exe
1376	msedge.exe
3620	msedge.exe
3620	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4736 wrote to memory of 2536	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2536	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2688	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2144	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 2144	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe
PID 4736 wrote to memory of 4200	4736	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff4f6f3cb8,0x7fff4f6f3cc8,0x7fff4f6f3cd8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9882650398325355971,16720287658562078045,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9882650398325355971,16720287658562078045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9882650398325355971,16720287658562078045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9882650398325355971,16720287658562078045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9882650398325355971,16720287658562078045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,9882650398325355971,16720287658562078045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9882650398325355971,16720287658562078045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7fff4f6f3cb8,0x7fff4f6f3cc8,0x7fff4f6f3cd8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5206710272349217455,5731063194824197504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e6aba29a2ef22811f3721803487e027

SHA1
3ffa0ac8f7a27c094ee5b80b87cce9e1cf3f5e3f

SHA256
a03e2ec6350787ed6e56d8623b1078e876714ac7d40aa9a4c1e53add3fd2350d

SHA512
8f3f9928bbe3513236c3e01f233558e6fbc2a5deb701ae737f9127db93c4aeb037ea30b6c8c6da5778189e2c7a910a46231c6604537d47e1258a2c2445ec47e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d78302dbc6c136154e9a574a1dec56a

SHA1
aaa91487c322600c2b2996e742ea6c74e20d4101

SHA256
a811fd3ef19ccab9e515c9cf0c8ac90e0babc0ea6fe496a6b420737c6bd53b4a

SHA512
bb8d55df31d6964792ab468f586c3ce171720a459ce7284247bc6530a4ad2ee9610a0148a3f803fd2b61a0ddb7aecc5b7e5a873999118fccc260201b6af27190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4113e45804b7888f88ae2a78482d0951

SHA1
4c59bba45c65ba65aa920cbd4eb0d7ccf517a220

SHA256
174195025b51f69ece21274cd7a97fff9f3d9a4bf57185ff3b1297bf2da6d1db

SHA512
16355c4c575a162396cf2ca377f586b3659a70e8c1708cad66b74bb3ef66cbf9ed33d9376730325d95420e5f4f558b2bdb6b5b7595b8b822eb6d2449a83c3f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e521eb4a4c2bbe4898150cf066ee0cb0

SHA1
c2b311b8b78c677b55a356b8274197fdcbae8ab5

SHA256
1f947cf3be3f525e3039b9c363bb7d7bc0dd2b70da434149e0f0cbbc5d13dbe3

SHA512
59e1b52a41dad2e7f36e0343e330b00bc33a7ba88f616928fd2b6cc526cac6effed76b006cb8a23ff45e85be27647114c7a8376ef3ba53d38ccb9ed4de9a5ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\04610b10-5112-4a7a-9764-d6e1562b96ec.tmp

Filesize
5KB

MD5
c13f19f49637fb379635e5b19f52a8bf

SHA1
6770309fab2fc376e8c12284e60d85a48925a872

SHA256
3f1bacc435883145271f561af1ef0d65a58f1ea2c49d6b773558ea5d510945ba

SHA512
b45b8c98930e6772bf5a955d7d1d5ca5dcb05409d36b1ca56aecf017c62684bd116004c39373aa7bb06b594cbce71352fb6db8f723dbdd7f9ac0c1205e409f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d5634a10ac01fa3b10fb206cdf332efb

SHA1
5118946b376df520af2ebdc0ff5d3a502c7f61e2

SHA256
56317d07ac931f2698d99ccb5997905d396d150c01ad6e7674514547055b8f64

SHA512
0e8b481a84ef6b9fabdd6486736124b82fdc69c3f6d77f1e6a1543dc322ac63b7d2314e94bab8045b9f39635d25d3a2bdee4af9df5622348b190d77b33f2bb0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f3e69b792ddf4569bbfdbec881d6992e

SHA1
2f57e7b795a0e16db9272eb41f1f81744599b3a7

SHA256
5374a9cde94af4a5aa34d45970d0f73473d7eff9d379dba176a98f704ad83a20

SHA512
32ddeb249e2debcaa5525a78c017347b21efc519ec959ff937cc1d763007d8a2300dbabf745799399bebc18ba2cb57c1aded7c5294a8c8d3ed69bfe17505e5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
35KB

MD5
a053b626552864ee4e93f684617be84c

SHA1
977f090d070e793072bfb7dce69812dc41883d4e

SHA256
25b3ad881a0a88c6228e12688078638fe0b96210d0f0e20721e3c911a5b37dd4

SHA512
f7b444b1a1c465a4614cd1b9bd678875251f44e227abaaaf1fa6b35bb67bb25932b9b11cc8fabd19d2d5d6e80c6ad0b15149869e6e41f6345db3d49f08683e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.1MB

MD5
72fc993cb89d53f0773201a09506fb96

SHA1
293998db5b96adcb4dd9a53e178e54d4a3ec3c6a

SHA256
bfb58245c620ccd9842cb6cbac334244f26281a902bcd1373b738fe7ab6cb677

SHA512
4112ad705ce0000662309b6a3d88fbf0c8779adb88e1bc30e8f56ff892fb3a25e9e225eeaa963dc16299b414c64ef2a8b67ef250f82bdd5e458bd893ad8d69ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
44KB

MD5
a9ed0f3a37bc313d7df62e595ca1ce2d

SHA1
3cd166ea5f37f3f645ebf7ee064057f7cd013eef

SHA256
3a44f7be6fcf889e508b789374c0fe29344dc6fa7a25348083888f7c98f0c57a

SHA512
6631523a8bd34ec39c69b2361c2192abfa998bea86d8690f0f5d25124b1ea4cbbef0e1d406b0afeffa5be537b9c75154fe7710c80650d9885ba81a444a30a5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
49KB

MD5
e1f8c1a199ca38a7811716335fb94d43

SHA1
e35ea248cba54eb9830c06268004848400461164

SHA256
78f0f79cdd0e79a9fba9b367697255425b78da4364dc522bc59a3ce65fe95a6c

SHA512
12310f32ee77701c1e3491325a843d938c792f42bfdbbc599fe4b2f6703f5fe6588fbcd58a6a2d519050fc9ef53619e2e35dfadcbda4b218df8a912a59a5381a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
23KB

MD5
efe81e4daef615b00dbe73ce495ca572

SHA1
efa6284b26573a32770851c3ccfc54de3d6642d2

SHA256
8a2115d91ed4df1f74c0bff1d7800c6c776fed3addf7e6ce4637a1bd0c9f81be

SHA512
a561f8475dc2ec744dad499bfdb45b5c113a216d93c3873321e9fbbf22dfdde932af4dedd5819f4f4e0c8bd614efb77e68825561aaf05ec69c19df6eb7271b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c8c1a1d3b0a0266c14e23a6c1f590cb1

SHA1
08ba26f13f54c1c80faa5e1892f4f040c09d410d

SHA256
9f80830c681995835d91737c8ea63715518bdd1026ec79a75ceb72831c44e01a

SHA512
1661ee00f11d9e8605a3144a2b6fc9d33e824b8c9152b6b614d20f3ef6cf983e52f7f62b98c0e8a8bbce297ba72a0f5e900061c9e0db57c48140a6ac88c23d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a9521f938d609be9fedea5e26e53a30c

SHA1
b03bc2e2cb95983ab3a3f17d92d385053e8c00b9

SHA256
e62a15e7551664f813aac5f0e0bf7ecba883d74b7258cd96aa4f64c7760336fc

SHA512
a2926fe6d5e3aa607e06392e8abc1f8219dda049e33f3610d4392d2eb23a0ea13664ff6195ec56d2340c7124f9430e793ce3b3672e6b52f1312877298522ff5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
212ef59f62cc6744ae432e563bb0ae11

SHA1
c4d8afa1ab41f2b6e4aca9180b5e3528a9668e7a

SHA256
6c928410d7c365569c27b3a44c740a6182395f7622949303496ecec84c60f573

SHA512
f97442d7af38fb18edbd5fe9cb3acff4f6f1833ebba7fe7ca3baeb80992bbf1096973dfb3c1bc463a75b338a9f82dc75e5da7ababa1b0ab9582ad7776751e128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
45977f4902b4d55d89b0504e21b36be5

SHA1
844e7bd14aff499597608dce5af7dea4ab0c170b

SHA256
c5769d9112b066a298b7421eed2ed4a95284e0f035bd159326b86825dfce6f1f

SHA512
622c8368861d56a55fdb25476f96d33551218107e2badce217e7a229800eeb4b7bec23530594300c89ee2b2620ddfe9c62da168cb8236a05fb3a1b03bf842de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
586B

MD5
07543f7e81a12c8749986f43b3a9f45b

SHA1
55c9f40d76f9c44802f7c6fb996776cef25e1a20

SHA256
abc09b4c8b6fae6fa9f1a567bbbda1bf6a231088ab9b15c5ace0e823086ba5e5

SHA512
fb458d96612636ff4dbbfde084b6a41f5d692d494be73b9c31146317700c9cf0f60e61e717c3dd2d3f7f792f7a4cd6a90d29c8b3c1eb456805e26836bf4001f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
46ba69f0596c48e03ced8e4315f5c3a4

SHA1
f959b9e31938ce2b7c41ef78b099b3207b2f140d

SHA256
d178007701bd71d82a70d215dab57695144ad98690ed87cbe031a9f46d37ad5b

SHA512
538edccba530dde36b26fa77a82cef76070681dd02ad97686782e8ba1335643611a7597b7ca357cecbb7f678dc507da5ed10441bceb2ec24bd26394f42185f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
907741ad09f5c7a6a471a511082d5677

SHA1
a519ec127b148b75b6712eb417c53d3fe42b27a9

SHA256
42819db5649c9bebe9f4347f0c63bddf894dc22f779a488571e3b7941abc9e81

SHA512
eb7dac1ed3bdfaacfe0b26ddfb2dca6bcfa70ffa1b5bf368734d98cbf412fe58ce76afd9d618b84b1f06264821b5fe49dbd3cc2bc6fe1dcad3ef11a7c1822cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f2c46475acca804a430301393f66cf4d

SHA1
d1873ad65c214f395e79ff4cee89088ff4011b8c

SHA256
88c03396ab6286a6c7d31ccca875a91abe72c2ec06ebe72361f8d8656aef3705

SHA512
eb483d56a438732c36b51672af68cdbd062daa4e45c6012791045efc64a80e8cd81a618f5a387538c2b785244bf4f57a3c425fb3d1bf18a365bcde161297f300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6a55aff897c45ff04b9ce8db19f365b7

SHA1
c23af00f7b4bf5827b37be9cbc8950e4f3c90cfe

SHA256
6127d1ef0e75836b12cb9d081c037510b3cb9a104fd6038455c94a7471700103

SHA512
ad57756276c8e9c702f2f268b25063495d070a3649b235a90235929311968f1eaf30f0d79d20d7c20a505e4c21cd7bb1b97f8bed63ea9efe30b1b2bc595500cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
073a55eee46056df983b58950a9cf4bd

SHA1
212569049d5ff271bbea0f644706b688ca24110a

SHA256
c587d0d19d5decddded90e00db4db5795957443e73f2b7eedade2874893e4fb7

SHA512
8eb83c23e1f950b4a50891c2f34cb50b6a8dfe9bcaf52f7bc17cb88887180e3286a87489417a29ab4feef9d8bf074cc1a3ff5cb962a14145fcf6feb423e340a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bfe4790c4a99c7c6854473ca3ab817f

SHA1
8a5eea629b5c6f267af138eebca8e7e232fba1c4

SHA256
198953f068843852b96d9ccf56def419ab535d1a609f4199e341411a5de26a37

SHA512
1f28b64610ca549d8d46e8c3f87599c9bca4fbb44cde5dfa4b17c28cdd0cba10d870b1d610f7c497ddd71ee7ef711919846951020f7642badd0fffb50357134d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66c1f94688e7040445137217aa708047

SHA1
9038c0b9be75f4fd90943ba7ac3c1b93a37136ea

SHA256
524cda6809bc98cc4148bdd249c41f1b256be9e8913c3f4387c1f0a4dd814b22

SHA512
da6870516c459932d90a523feaf3630a5e316857becc40478a15fcb25f5cf871368321c95e41a4e8103bde700f10746529cabfa614ad9279d2330c73748ac659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
86578ca49980e2dd678b9e922f09828f

SHA1
b5ff0cc233535259312bbd0a480370630bc8226b

SHA256
f715e343017c5a3386d0e0086086eba00577eac57c3434db7cdebb26af773c31

SHA512
bb8c04f37071279705111dd6a165a0e11ee5e9155785dd7730afed85bb2b7159e6aadf92180f7c5d9c5bdeea60ceda3efce3359c6b73fc8d802927b2e07f7711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb6542a249eea6fa7a33e6c6138f6cd6

SHA1
68d6f195d98afe49ef3bd4741c8820087017dacc

SHA256
0c0f4097b851363564d7ac6762f0ecb0a750d3fe91bed7938fa99c0891604782

SHA512
7bbf3e257120ccfbf304a852a7da60d8414702c4ff210bb881271d49b0a9f4000b6083f07ff3dd7fa3606ef3c8454f3139178781f47ecc40b75ce168ad33a316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25d1b5f388575f1789b76abd18cda26b

SHA1
9647c0f14d020ba946a1102bdbb61112b5e68efb

SHA256
a203194ae54ffa35921c821bad00bbdb711579dfd6d476339ae08a79de1a7f88

SHA512
7e196010f85a99e70a4d531036bcc41fb2340f157088c74a83c48d58ea3fd82003ee2c82ad2fc67ac6a52568ea4bc59a371c34df0134fed65efbabbd9890e914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1bba97db2a52cf2ebee64da34f38f970

SHA1
dda7f67bc90712ac962d49200ddcacb2f4f978b7

SHA256
5833fdd9f1e16d65eb67c2434a94b43ff1be56a586ac5f0c62c8bbe20d5c8695

SHA512
9e50c7726d0fd176aebedfaac2d4c616b13995f353d39d291f45f6da92646b0a255e305daf75ec96b53eae927847645616497f20f4c28f19ad8649fd62c9fd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
346B

MD5
99eb4f3410780d4f7c9f432f5cc23f74

SHA1
186c87877609c9f2b5f44bbc3f9eece2e096f842

SHA256
f6644a9bb1515338c075e4566e5a4862e68cec526012120ab1269a36c1f2855a

SHA512
986ed64fa359668606a5e6b7528d9244cd0093097a8f8b701a8108de20d7f7cb09befcbb5653cfe1a0c32813020b5646a278cab9e4d5de2f2e40dd2492037c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
6f3594bd66a249828126eb189333c3fe

SHA1
47d4d9e6558175b9cddf7323566013be04bdaf65

SHA256
ba55135a3b9d67099b3bdafd6097dddb75c0e625957e9c2c2810a9045cd9e818

SHA512
a98e0798a59a9313e2927994001586815956a7a0c3e01999fbfcb86090ed98c7c179aeb6f659ab54b2880c48dfb46626dc1f7cf7266335bba15de1becd7e1fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13357249294382244

Filesize
1KB

MD5
a76ec4540eba24c88f6c73a883cc3c8f

SHA1
6e9e35f0b607a285dbe2be4ce2f58044b87b6932

SHA256
aaa76cbc669689d446842d4e0cbfcd246fc1c1253463ba356a57b46347a98c41

SHA512
7fe9881836091c43b234b1c5f98075c35f67783a15d8e998807a3408e652480ff61403f58b648ce51f2e0a11622dae80c67c80021f8e7fb240a7b02864ede864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357249291290244

Filesize
1KB

MD5
75b343082fc7c91f813c82e303c4cecc

SHA1
5f9acf51591a9e4f4abda1a75997f4710e71fc77

SHA256
9c089aba547b36cc1dea6aaa560ceb900d49a8841b17b34d313974497c64183a

SHA512
5bd91459f06f4f2127b271823726881e224a3b77dbdebfbb8055c6d343e8918a7177ccb0f422f3da79a209cddaea155dd22741c3fd2488fbd237471473062635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
6e8d57a8e3283497c2aa4dca6c46901b

SHA1
61c51bfe59b1257d9cf9a02f803007f6fedbf406

SHA256
cf238af0cd3a34de261338c248e2676f0606c7f67192dd2499df584c43f0f99b

SHA512
db780b6a6205ec39f2977999304be04906e4a345bc59680bd699c4c1e920ceeb8950ff6f99ec0e143f651f6c273a9c6d5512407fbb069b81924e936f46853c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f73e88f626f65ef44fdb9189ebd8078c

SHA1
5cc44e52b85a173df57b439488995ef0873268a7

SHA256
df098b2c3cb4ffde3d66cbfdd7620c676d61226914ad210511a417d23a5b5754

SHA512
3dc85f8a253e2eee5e6d18e7d7c19fb1c8949359ba71fcb5bdd382646d61ad6109a97bbea44de42702a21ef1b7d7be7cc8e3cc8a4487257c8235b29abaa18e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29211dda1ad44d24aeb4a84f1c0a41d4

SHA1
3d1d9a98848e43fe51631d3092c625863aa36175

SHA256
f7ff4dbc8132773c22553b1c03cb43e6e58b3abd2b8a32699f6701f696bdb609

SHA512
3902219ae9c598871274af4bafff815a50df3217fd69ba30bfb3a5c7427e20cf61a038d5ee3505b80189ec28a8cc4070fcedded27ebafd15953ea9558049e8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9c765e9ad0c5e818e4b42c6cd089057

SHA1
2ef326c69438f16495486a509f9d77aebf98c587

SHA256
a7e000fc161020d854bf88f1e1eb02cd110850d55825f574decb252c0581dddc

SHA512
dc0ce1ad420909764ef3035ce58877b88395284756edd93bee6a1c950fa9a0e5c3f5cf46a7f0246072a0158d697e8c33e28d669ccd4b9b42a95cae99c7fcfea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb29b808a8497ede073aab26d9abc9bc

SHA1
da07296548507c0de316b5d113f4aa37c5328480

SHA256
a8896dbfde97187a5108e8d724087eb4f70fd20111d1adcf52957216358db88a

SHA512
287ea6a0e0d13a5d06086421ec4da4b375672bc753f2dc254a0c009cd5a533de8666cc9215e15352feba40200c471377beec6118b42ffa54422ce282cbb823e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3eb751f74f4b40ddafcf6add5f34c018

SHA1
3df506c12ddaf2f582b37f5737582896b3ec8af2

SHA256
03006d1445283a957c7eb07738ab48f8bfd408b06eb194581fa80cc58c8891eb

SHA512
6ecab4307cbab055f949ccb83d162549ade4f1838369ad9894489e1b3d73dc7e78ace0a57b9afe4a5dee101a067d65cf79f9b8d70899b60e50f637af6e827a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce6bac4f373cc166157c4bc095fd1db1

SHA1
37a077e206906c4f8b7da4be766a9a0da7cc9128

SHA256
be6a3b9dc433e05bd874ef65b44dfeb7f84e725ed3bd88bb1daaaf5e984c16e7

SHA512
b20e859845de697689b6a2785f189a86486b979902f352c57c8d94233a477059380aeb354b682be650d73369d468b152c3e54732e8a791793d2ded5c1d1f6442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
682484a18e979873dad295b1967aa874

SHA1
ee12878e28cf813e2ad1eaf4a3d159dfe7cf2958

SHA256
7561b74b2e611683b251768104667e449c0b1222cf385c9c7e1d2d37e5be7fef

SHA512
2c1ec49a35ebca5d51e07a280503cef27e7e3117194fdb563d981409614aa585ceffc018edf2f9b088f70b4cebfd45362f5bf13c5bdc897dc3fc799f8582c078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
327fc789f4d0318ca37d8aecb2234f42

SHA1
5e2c391affe4fcab482d69f5f11ac3ed762fed2f

SHA256
567ccf1c5d960774c47d15aab3ae848bab8276af26535c2ef8f03d7df8e6744f

SHA512
b216159f10b3f2d8c7bdd40af307297c505b31cc1992d678fdf56dac9a2a766ea24356edfdd3ac845044acc3098c4eea8fee434f4b1ef82729f2cf3c3a341f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589527.TMP

Filesize
534B

MD5
8f739b9f9a6c85e1eda71bae77c33cb5

SHA1
0c14aca9deef6e432eb151635d718d8e99f54c5a

SHA256
436bef6013bd35bb8e57a76fe9f153377b042cd37bd2e4b9500f7417ca953941

SHA512
0d3fdc27c65600cdd02fbc16ebb7cf6146ce689eed3a8dd7f1f61e0697b52aa227e8943bbb49195ad42e765e047b46a66dc2f22da0d1fdb89dcfd914f1676eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fd38f29ebe410aa50a48c4c53752474c

SHA1
3216f47f7b9c1a42b45e6121870d54f048ffd4bd

SHA256
23c1f16a8681d022898b0b484df51df8fe16c380a0f7a4ca7e0eb0002482bece

SHA512
885caa479247331a77c8b07249bb4581ede3625148916346c35d00d5a3754f5c9b07d451dcf1db335d0b323b0f4542e6124dc3b448408accc6fe4957af79bd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab494058-2865-4b6b-9b1f-dbac54b30907.tmp

Filesize
7KB

MD5
827d83bf032d192f83f2beec71d1a9bc

SHA1
e610c24abfcafab0f6d840fb21c46fcc327d73a6

SHA256
35750b427afddde8d3a61429a67cb62ae3c70113185d8404cf5784d40b84d09a

SHA512
968df4255176da19c1e6d57e4b1cf17c9a97ccef8f9af9248ce2b0d8e90450060914feac9109e47cc4fed6dbe74489025d3be661261b760542224b37ed3af3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d93e525bd0e06142564fa439f10f25d7

SHA1
1b3b1d07af6141ef2572b4e76d082fa2ffb2cfbc

SHA256
82080a998634eba4e61d8a1817f15e0f718ba7334e5cadcce7de6f6767a77f66

SHA512
f85264be636491b3a9994d50b4797699bb2330a69e054e18f8e87aab059ba3cc4a7fd068d15882acc5199bccadb6f097dca3f161960e61e777aee8c51ce6e1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
b539c731d243245fbb7ad3e4fe10067d

SHA1
2fe6686e35b2f0a08fd23eb7f1665b9c358c8fa2

SHA256
e5d29791719c521e9a8c666673acb30d23946d3eeca34e480e1b490e11ddbcad

SHA512
68e97dee71318252af84be7eb170a3cbbf402989fc5171b1bf5095041d1101735ff0ef9bb8515e178761c948432fba054d23f81c25ed4b652556dad9efd27aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
13091ac30dc51a4667419f6d493fd6c6

SHA1
8e4636c47fe5e902ccc1fcd1faf95364fd56a280

SHA256
6b93a323799d83edaed0d421123d324468c46d5b12313f5ca3ba0e4ec07eae21

SHA512
ff30eb58bc6d89b7d4f303355a11cca51d9167744318392389bbeaad0b261bf6af6196bf86cd42c0f82ac0ad5889a17f38fc0c7e423651bd5ba20a1807d87be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4a69833bc5a5c8b94481a103003fde05

SHA1
e0049a1b632b46808af5d5a0b99cc18bb6cbfb7b

SHA256
2f5b27dfdc9e84ddedeec483a9dbc65ebbfb2d0f60210918c5a7bb171fd5c2bd

SHA512
20dc6b6ce614b3957ff1a45e1b3a8e3798d24bcaec7c60b4fe7cea4a8f02ca9c848ecde7b41d5ac93626182b608c599e4ac1ed7a2bf4353b3290b44e9b99d004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
baaa7eeba117710d41409da6fabb7c0a

SHA1
d2ccd0c8d59733ba646f29fe0ab4038e83978176

SHA256
3c350ce390eb9ce394d7fa78ee8c8e459d11ecd6d6728a59ea40723249b62623

SHA512
91e15fa87d539dbbd746b465d9b98907cd2549c8d27a6a0df16c2826426847b3a1ea951b31b50bc6e01ab603ef34d823d874d8112b3b1c9c1907abea7f2356b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
1de20331d7cbe89d1ca3a777fa309525

SHA1
1bfba0daf0e479f21357ea1a1f425eec1cdcf3ba

SHA256
cadaf324cb20f8ee96c2dd513c5c5cf2d45a001170cc94ae893c146656da5a01

SHA512
79bbb47c350477bbe1a7ce6b1696791d455d148781b5764b2ff9a2be91425ed6679fca58b48c6a2afab379b21950a8ca2c6b1347daa62e41889f004252b3d0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0bcf7505c1009f3ddc05d8ea8359ff3c

SHA1
349134ecf18b24040e2a30903d9625a1edf79830

SHA256
403a358ff9ee38ba36007ae6fc8668c1166432598a81d6417ec28d83d4cff846

SHA512
fd195aec92ad6fec3f60e0c5bafe75790780e00914378a51af958ec481b23a323d7ad41e036119b158bc46c417b71dd871774217cfc4911368eea4b754aad429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5390044966cfbec5bac1ba72a5ec5b19

SHA1
812ea934dae24d535fe1bda70d2d8e8ab6f83f09

SHA256
ec00a964b660ea2b7d65a0a29831bbeb4576e43d5444f5d843590c4f1b3e5a34

SHA512
2ce048bf1e7708b3a812af0f42e1fc9005e9cab596538dd2edffb135015ce331ed976a680b8deb3f8cbc8bca930009678090b8d1f529ad72cfecd4e497bd47a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
31cad575cc54cf86246995e8db9865b6

SHA1
8a70dbf0c24e2a1b6d8feeae088561e3c3703e39

SHA256
2e1174f96aeb5901d3b6c536254cbde6c0da4c8d2ceb2b24e117544fae2d5e31

SHA512
41a884e83020b1503e208219233675e66b4357aa8b2388aafbc45d0c5cc3712c0cc1d288bc29aa1e6902a35b8a8b076e79e64654427658502ff121f063069716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2af9f63898c6b26c0b91b287fc0edd5

SHA1
56de0ec8325253f80276a6be99f4fb922fa3467b

SHA256
ed51f1ac29ee57d850c6c5367b20b859985944f093e1e89bfc28ecb663dad813

SHA512
1d667e0f319b48062817225c707bae29d31d0e77df3aa9666d063531f06867bab4995d01987e7ee855fa0369a54a51b99e2b9716534fb7cc5eead5c43713d210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
fc635afa64620906a0caa55d611c3fc0

SHA1
994ca25e48dfd8e15e60aebf27cff6f0056e4e1c

SHA256
e53dc833edd903e4162b1bf2855b2b5f3e114b31e2bdaf441e8133d40864a938

SHA512
238f35ac8c2d9e24c45b17d0c5bbf2a3eae3b5f57f7506061058f558556814eaae7ce76dd512ff4f6981d97d9aa20ec8c4f4d52363f5931703291a362e5ef36a

Download Submit
C:\Users\Admin\Downloads\AIMr-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 891909.crdownload

Filesize
21.6MB

MD5
a0fc208c95a938ba6d00c798ea17bdc8

SHA1
22610d8fb388b860759d3e215984436546c22889

SHA256
a9688e0734f19be5fce5721ff2bf5966ac130c68ceafa1502c3f14380a0d2166

SHA512
c2d0fe3473972f57f6a4fbda70ac4b6cc0eae61d1b663951e2898261a8c2a7f3db81a5cc6adb32c1833abe5646a5305d4fa5c20920a132e2128276150a1605a1

Download Submit
\??\pipe\LOCAL\crashpad_3496_VRXGTUCCKRVGJWYB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit