hxxps://eaglercraft[.]com

Resubmissions

21/05/2024, 12:43

240521-pxzk1seb63 1

21/05/2024, 12:33

240521-pradyadh44 1

Analysis

max time kernel
548s
max time network
534s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://eaglercraft.com

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607684088556938"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5856	msedge.exe
5856	msedge.exe
5260	msedge.exe
5260	msedge.exe
8	msedge.exe
8	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
2152	identity_helper.exe
2152	identity_helper.exe
5016	chrome.exe
5016	chrome.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
5432	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe
6588	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6588	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5260	msedge.exe
5260	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: 33	1940	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1940	AUDIODG.EXE
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe
Token: SeShutdownPrivilege	5016	chrome.exe
Token: SeCreatePagefilePrivilege	5016	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5540	msedge.exe
5540	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 1056	5016	chrome.exe	82
PID 5016 wrote to memory of 1056	5016	chrome.exe	82
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 2984	5016	chrome.exe	83
PID 5016 wrote to memory of 1116	5016	chrome.exe	84
PID 5016 wrote to memory of 1116	5016	chrome.exe	84
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85
PID 5016 wrote to memory of 4280	5016	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://eaglercraft.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92b39ab58,0x7ff92b39ab68,0x7ff92b39ab78
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:2
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4128 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4624 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4772 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5500 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5440 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5540 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5820 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5296 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1944,i,13467254717327214778,14124568315576199439,131072 /prefetch:2
  2⤵
  PID:2432

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2716

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x154
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9176a46f8,0x7ff9176a4708,0x7ff9176a4718
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5778617507347765757,9726256289042529012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5778617507347765757,9726256289042529012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5778617507347765757,9726256289042529012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5778617507347765757,9726256289042529012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5778617507347765757,9726256289042529012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Offline_Download_Version.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9176a46f8,0x7ff9176a4708,0x7ff9176a4718
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:6936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13681671102992891330,3698514475792090481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1316 /prefetch:2
  2⤵
  PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5432
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /1
  2⤵
  - Checks SCSI registry key(s)
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:6588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
19KB

MD5
23b27116b3c4831452570f751338a118

SHA1
7d554a38e31099d02daafad046e94fc1adccedfc

SHA256
c55c717441910dabc60477e7cc7c912c593b992a88fdb173fa8308735b07a69a

SHA512
ecd101f01cde501c64d961d050686245672426afb50ab00cb35e9462615477a267568cd3310fc7e5dbb39e345d0a30cb3b532ff2e0600b08a2851fcdbac13828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4760a66b710c690aca24e10861257803

SHA1
8891b9cba2f633fe9484f3c16fa6ba292648182f

SHA256
b4b27bee77c333cf64aacd93e8d0cde1f79f1c8b6c7410e779e3843acf03ce17

SHA512
01cfbd56be8bc280b0be765f6e43cce2db1e9d6aad5821a96b9a11d7126aaa3342ce2c7fbec5ddcbdb7fdbc36922b6a531c06af2da7316308eae63736909f531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
1fe1afea8cb8004aede6a3e56502b78f

SHA1
7df9f4e71a840aa14f724d18387d467c7f145622

SHA256
e5c0bb8c36ea74b547252cf9614a89ae215f37aac341287b13f0d5d9563190ba

SHA512
bcec88f23eb335f7df731c54668ac523760156ea5c25ced9ddf4f884afc8bf0978105a5c9973acc0e4949449e03f8ac79bcd295f6d262aa49e6a88dd7763a649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3cf20ee7b9ad86f44d5f8f7a63963ba8

SHA1
0dfe84398aa3a220d762b5973f56d0bc6174d843

SHA256
52ee26479fe44f29142647b4ecae40c87ec46c22f4b89c061f4893cad858b50a

SHA512
de12ec588e5ec18be23555f802b0d94f7c3d8ebfa9d792e9a927ddbdf41d10b9ae19c2a47843265bcac77d20d8838c7f3e710c615841bcd23c9f276e50f3b867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
feae56eb18edd3bbf7a462b11208b5a2

SHA1
6cfe63b2d662c25aff67b36890f28a3f7cbe9b5e

SHA256
bfec90ccd0fd63e9f650a391b1adafc47e66157afb31d4672bb283c67d925358

SHA512
389bf1ec343bca16bf770df8ad7fafa63d6765f8fc087ac69eaa59e3d6eca4ddda918a7c4e9b049dd36b17c7de560db0174f8f9171ab00b401e2640732a3eb59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
02311deb6a97d87941520831e4255d7b

SHA1
7e1a4f7a37f3b3b87d95725857372c6f706e5a1b

SHA256
3787840953ebb730322607f4777f84dbfb3189ee2eea8ff2896868027555010e

SHA512
4a7886ebc8ce0ee1474583c1091fa0998a95c7617ce5b4de005cbf9b991923002eb80a2e35d77619d78a93224529c974b8e5db9c6b8f0b0f4bca1db66746734a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f351c1f1d25e5ed40d46110bd8ddf17e

SHA1
b8522d545ce86dd8845f88a221b77a339b8cdc01

SHA256
ba8a726b0fabc2726bb54db784ee4ffaac757ede46d35ef80e95088357d5b815

SHA512
b0a48d6180d07f8823c3e761d839dc6a01403ddc8459a3c2bdd8de27f700307b1eff0dba1338fe15c9f4de4d01ddfbbab0c091b156d0af6deea59f7175901cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
3fe48203393a89effde16af794ba65ed

SHA1
78598e8ceae5058b010021631e9c2dd285138efc

SHA256
5cb43c63bed9b95b0e2665166069befb11b4fa5ca585275deb8256efb874166b

SHA512
106aa93016b53624eaf4d20782f24cc38ae9fe230998bd69919907654feb587dfb4af3a07b1c2c7572c4796ffcbae3352b7c592470d4961de6cc9f7f3f6f1fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
e547169cdf6a76fcc58b928ee912b301

SHA1
9f7d8081727bb4c44062a1822470d9cfacd33252

SHA256
0ba90ca0d9ff6e4e8332770b556035878020c99e346f38ec5039089cedc8d041

SHA512
9029dfd72f81194d28704c830ce212a90b368d084133246f44570f8f0d7b2497c613d3778734f5f34d6cae49a0e197ffc63db6a3e343155cecb2c1b9b5387d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
27d3d14ab490e50bf7f30dd80792cd6b

SHA1
1f2c3abe3e992869f6696fbc52f40d2dc87379de

SHA256
dba9f72ff163fdcf299312772b2c45f0f551c22d9d476d41789b959328433d85

SHA512
4dc8fe3ec1c55a79d9a257e20b65e2b0664ceed21d589502882ce45d216dd0b8a26048fb6de658ed2af0c0d6eaf77c37b6c74dd2f0245d3b8ab101c0ce36124d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
95bce896013e34dba7fbac23de25ae73

SHA1
1b351548cddf491ad9ceb4a2e3e3424c7ac534df

SHA256
08cd2296c262535421ac29d1bdc10cdb713a9afd0919fd82616caaf2b4719c0a

SHA512
217fee2cdcddebfece0deec5e8591c443c32364c987016a471cc89fa813584495dbf4d60d220f79ff2d3d70ee17d77dcdf7203ce18044d2c10222841400c6b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
75f5cadfdd0925b3f7abe7cda39c9b07

SHA1
7dc8b2c1bf3d5af2aea66d185a77f5897ddc888e

SHA256
8051e031553b0aa26b5f8f1008f71501fca88250c4d2e7231dd227215c3623df

SHA512
159fffe34013a464483b4e3d3589f3737ed5f17993f5aba1c4b0012e920c62d4ae154c8e9db7632a61ab01e363cf3fbad3aac11ebd266676bcb8dcb083d2c560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
c1e474c6b17396b13998d4a7188eb88f

SHA1
7bc3cbc8cc604709b179ca6db55ae22a3213f851

SHA256
7afe08240271fe81171ded3507132d038cb3a6c4f7b72ce2f6f67f0fc9a76985

SHA512
c3f74c72e94417ab243c2f10baa8d99d4be3b1ad0ac491f9a137de54d528dba8c4a5cfbd76d57bd9eaaab1338441ac4dc109b835854e5425964dd35e9bce3561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c275.TMP

Filesize
91KB

MD5
2189eb09c5d1887c195fcefd16ea0e0f

SHA1
db9bc4b45e1a0ba8b3608d85acef725efada6b00

SHA256
f7dd8e30e1c30ec217534c4e3f1dfdef63943f564c00d4eb4852cadccf70a6c3

SHA512
37e6f063f4d77dfd85f276881696989b43469f048b190c4e6dbb5c9816176fc42e2dd721aeea141fbcc06891bd4b3f24621643c9b247906aeedea5e2458a547e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4ae2b16fec57d3f97841d79ee469efd2

SHA1
9a92169a23200ca5fe3bd09f38fa9fcc386c66b4

SHA256
71b360814a137f3e7a779a299ab6c658e7124ea3d5d1eb279137d07c456df2a8

SHA512
5bebc878fb9164fd6fe1b863a3ccb42279e0332b36c8d50ea2081e45571a89effc1b1a7a8de14d6feb56213acf941d277f831cae9f7590a1e7439cedbea520a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9fa6b9af638f3b75cd3818688825f89

SHA1
667d7cf91b28a278e24c67694a94d35b28198d53

SHA256
d5d94937cb05e9f416ba5e2b30d8e02b807f8e13d18e653c5c8fe7d462afb37b

SHA512
b0c1f5b6e8ae1c3e114302bf2f292bfdefd14da3b1fa30e39613f718e7b7ae658c3bba1f6203f31f23ba92b57bc35b8b5831379305cb7044ae666545bcb238ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4a7870c00233ff27cf7323290cfe6170

SHA1
eff31fed9c5813beba4db9129fcf6a412633f81a

SHA256
1a75c6307ae73107d273e2f33bd22beff19a525ce3db5a29895e4f0a8abc8806

SHA512
3f2522e9d347fec154546e807bf49de5af01dc9622f9683e15b33c4c9d88702299e8a494d21a2e8e5af2642571ba00b6478d3336e19b29ea57824d0a89da2b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
6e5c01ac2cefb4b8e3c6ed767cd0b04b

SHA1
3e3879514cee2b4f64cb70be30e43c0262565ee5

SHA256
01df4b2420d3b656b4d90fbacff027668cdf5e9295c48064b62632feb6efefcc

SHA512
03bcbf7c65130d08ef092e5fdf8c706511e349d060c01b1c7724838db51479425feb421b83327f61aa4daea40c8b525bf3e5cedc123f7b41fdb6cbd6e352f1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
a89c130731fb23856b9abccab9a0b448

SHA1
a27889044639802a60042300a653e3d78e2733e1

SHA256
6f9878084200851ec29728e3d42ee64670a7c47f7b3dba4ea472da0aa3f865fc

SHA512
b39367c4edf12321d9555f9db635e9ad6b81a9ef0961880bea83778fa5f234873037eac4699866320a7359d5d385e0d2a88b81440a7399c13c51584ee4f2a634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
4e83b64fa4721a0f02fd87b9943dd5be

SHA1
81adf0df6712499d1a9e97796496ccaf489f7f20

SHA256
59be8bba4c209ec13fb149d7c4b29a6d2a36eca07c42af731f82347155e1084a

SHA512
11c5026a8bef81875964169f784935934cb9d4374dda138de1bd2eaeaa18805729ee48d299feef06b288b9db8705edc211476787960a7c6d6f5994723bac3ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
292b10bae85bfe7d6dffa55f25d8f7bf

SHA1
17378354e02de599e3f7185f40a904521f198fa1

SHA256
c1d08f5931c5305ccf38cd18c0438551305fc7d94c59eadfab82e9ed3b84b20b

SHA512
b56e314a88964f9c0adb2de00a89f10d54a4cddde7875b3cd2c66f1fc562b5ebc85cf00127021e8ac2e4af9acc16a02326b7500a0a953790d9939178a1767866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
426859469f6859a95cbb4e3b6a307437

SHA1
12a4e2637ffd5f7a886d66df09599b56e8e167a7

SHA256
f18d83ef1a0e55ff46d8d80feec15b3f21ddd516e2fbdc4c98cbdcf6383713ac

SHA512
2c009437645d9631ff30ff9b6b2906f9de008fdfd61eca5ecd446fd73c3cc511a702440196792698f4f3c17fcb447f840eaf5792f66ff55835e0e08eb211d7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9934804fc819a770ec6cf13a56717e9

SHA1
d9223c20988cb4fb9c1615f676bf9c8627c8eeab

SHA256
45b49adcc6c6f9158dd2a061c89cc573f5bd76dcfa93aab0e3fb8584cca9dee0

SHA512
1cc8397489e4ed6c0b75487d6df3ee7ac57aeceb6522e809baaddedf9be8f06e2cca83048628b7d8407463c9a26862fe28c4b7b7c354e1217f3f47542932c792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
256a92c63a522a94edd80f5d874d47cc

SHA1
e2d13c82c3889f8825168ee123071eae0f832d54

SHA256
9244385433a70ef6f6d1550e1696fefd449810a09abfc4fc1ef530933c89206d

SHA512
29f9de36528c6351123c97cb97e4ff4d9ddba44e9e012684e2b1275e29bdacb7660be0a3743966d63093142361e06366362f13cc46d01e7869dd74f7208916ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
27d5a1eb1abbc38a62959c8a2e3d6d9b

SHA1
9c5887ea83ba8e897fb5d35972252d64bf39c6ba

SHA256
fec9931225a1cee44dd558b8538d93cb3b73163630e790c1763300b107a88831

SHA512
e46603f90117226309875d13a2b695c7bf990145e9f4ceba5f7fad1727538080d298bcf47b110ea6bbc8fcec9e15fb30846e8d6dc8f85decadba23d8f97de17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13360768443579780

Filesize
427B

MD5
b9ab90c21a51599e852a0a5149001348

SHA1
ab2aa88c4f9f0994f3ef93465769d1dd888978cb

SHA256
02b96e288b523e5fb2f02ae889642ad3d64a79136e4bb08530f9376a6e06fb6c

SHA512
84e4951c431c33b5fe30c87b32297cca576f66e9cde00a087f9b1e1f8f9bc8ffd4b1afe57e302efa3abe74deb52db92220e984b140cc7e63e134cd988bffe4ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13360768443582780

Filesize
933B

MD5
9aaed9b2f8fd04a9c14454c8d8b14909

SHA1
a14c13c91550d9499caf3cbac713f27257ee01a0

SHA256
cbd9c1d710a8e0379a523547b4cb91896fb4d75547e9cd35d798cf4cb4ee340d

SHA512
959b97d9fb1f6ef4dc9905aee4393e5f2c2ccf5486f22ee31f59de257dba5c0229bc481e969172c7731d454f7e9b185ef812be64cfe9cd2a1106a21cf0bcd3b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
4b0df402967d386b11841832df90445c

SHA1
f13e0b63d71cbafeff48ddf444e951500304614a

SHA256
8016bfcaf781f4a50dbc221fdd2315d5df70e22f174fafc4f1a24f3c4c243751

SHA512
282d69f753d99ab1dd266f2da36fdaa80f1bd5bc30df8161fc1ce7ad4db2a3efd9aa6621c5078f395d9b1ee3e4e353eefd93491b6be9ed5fede5ea4d7d67fcda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
a4e1d1677f26b76388b5a4e7750c2392

SHA1
8708a7ce1762fdad3b6d24a247aa3dcd492c45eb

SHA256
40674ed1be6c78c462965cdf5f0ce40035ec88978abeb566ee970b4de6c758b8

SHA512
31a1849351b7e9885bfe0610a1797b7274a17b16a5c96075cb2ea7ff57114bbf2215f32a6022fe0653380e7e7edc4e6d5b37a38abec5878f1d0b7eb250527218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aafb3090-2199-4dc7-87fd-5af84dfc1c04.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
3dddee63b4defcf9c12c3b0eedda9abc

SHA1
2bc0f4d69b17a36c440747029072d997b7faec20

SHA256
d2990a8c9f347ad349f1d3202dbc3c041aa2d0e51a40192894c7a36f02cd613c

SHA512
ce5b52d09520fb97ab1e7bb791c793a7ff60c2607c087af0a74b6d7003d49b94528b7c0c3fb1580ac264b31ac65d725a90986cb7f5a661bdf51c6962ec57af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
e169b6ce8c8e8b429b53237bf1096fed

SHA1
44d9009b1e4d3307333dbffcd18517f6bd5ef87b

SHA256
93d8cfc8376947b215094151fa2f0ca306819295a76fceb394dca8248cca4cb1

SHA512
1e7b8b5dc0497faad23dd11a2cb664919d4326dff61f4093bcb37c77c85fca2e168171b259ab7655c04a42769d268d008df1f184e773e4735b73eed202a0266a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
9bbb00a0838e571e51297a5300e73cee

SHA1
b2ef48a387eb40b44f602d3703d08d7c187e8feb

SHA256
3e474a629152585d9058a388b594b3c87fc8b49c263498d4ef984a4bae66e283

SHA512
501e93cb717cb6256dd2922d7c43f4df09faa55dc4fd0bc014a9fda960051e03d856cf82e5805375a61f5f958c9fc4c02a4e7228095a631931c202b20ac2e8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3a308cfac205304bd3f880c1823aec78

SHA1
1021558ac24caf9eae495a343961aebc1d30b80e

SHA256
0c3054defafa534a623933e05118dd7bd675d06cc548502bc639e3183a1655e9

SHA512
2a8fdf4227c4200b4b545da7ae127f84c54e5290610baf9e17a541bdff3813663715a2f09ddbf2685e9714b6ec3160e766498aa60eaf3cbee893f40a0586597e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
bbb9c9545c107948c412d3082103b292

SHA1
75fd35e365652e05b7710849355dc0ebcff38983

SHA256
7c58c0be0a9e512c7fd713527151eedc223825b107b4b9ae22e61d9255bc1425

SHA512
db26fbcb56626147564f3629a27417f8dc44b0cace82de0fd4bc59bdd608ad15be1fbee72a0894baa128a4a6714e30b9ddef9b888d71b9a206b84be6f2f0d3ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
863545d297d288d09e15f85d31d50718

SHA1
78c2046e11746a63bec4997090671573d91456f9

SHA256
a3b153833effad5b4862470c6e5ab0909056bc7aae657b5725c9365bfbfb709a

SHA512
531a2d4d91ac2c3dc9d6e2b70330d7516e544094f923cf9f8669493e9c35e61dab7a531c7f4c5fb0d66a532b647ded24d859a894a13b401e19a82730273bd2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a15f3f2013fce2942ffcc277cb0c502f

SHA1
2e7df6d242a3a21ec8501d36f29d35d4ba97b017

SHA256
7f44c9f44af9e3e4568d70feabcd6348481b062556bd04c0578fab6dba355352

SHA512
eff3b9cab7e1350323767af5fa2e66988433dbe1cfb94474a9ec978835e3d9d2e5d1574ef8cc3655a3dab883dbe8b71089a39e889478b84e2bbc1b0725130187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85e13110828e614ca95a7d343433ae12

SHA1
515992c03931e95784b0ce4248933e47bf6b13b9

SHA256
f58fe79b00413614641895f78a468dba873b651d402f2094ec309a7b39450f17

SHA512
80137b5505c5683e06c667970fa42500a46e3d55361193397c85e05b15e1846388a444eb9717e8346e6aebe15589f1b1d7de757ebed191b0c021d97fd18b711e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87113a18d31a0b678432d3916588c231

SHA1
2be29a4a85df999fece699b0da4f99e3563e0573

SHA256
ca7b51e42b9a6eef2af3c05c844ead188f1134f4fafd47c9e81f4fa6db003653

SHA512
5e26fa152ae24697cb224f2ddc6a62dff265b05f9cc1fa0e3a848f62f09bd9723fe382a4ea8b5bb737bac10ee95a5f0ed6767141a63b8e1cca8bfd948d7af5d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
00ca46a089878900e60410141e62b94b

SHA1
ed4a2691954354fb0af635cec56cdb276ea6c21f

SHA256
3ce47a5cd2943f92440ef97f60e06fe0f0a3925ee3547864efe191b654799f46

SHA512
f18540a807827f4e99b07dac1fe9d165130f532284e205c98c8d0ae563fbf24807ac4bbd1597db95278fd7f1ceaf2ab2e081e0ed518a17ecd1e08c17bbcbb09f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
6be9814ed9438938f38180a571920849

SHA1
2db41b51fcde8a7ed13c12ead1acf343d3b0e0da

SHA256
5caa21d3ac7671d86cae7d4369b96244d433c2d9b6bf521c7e7ddb9a63ce73fb

SHA512
e35f0112461977c34a28cc1798927763c86721d728eee39124f18504ef355eecba29f4a3e489a4bd4be346f4bdccd0bced3c05d62fc67bd09ba7bd015cc93763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
3a53e12939d1eeed42eae7c37209be3e

SHA1
d5bee95ce42b05238dd0624cff830a9813e955a0

SHA256
b0f4a2cf08d49603dcdc76a0da1ad64d40b05ba8527ef9e990472c8f648729cd

SHA512
d60b6f5be371a23f4b3c14b1bd25b7a00fb3c9fff4014abf026bd77b60fc091dbaaccc5192a23915f29e9cd879dea93bf48df0cebf006ee1c0f161729c6ac3dd

Download Submit
C:\Users\Admin\Downloads\Offline_Download_Version.zip.crdownload

Filesize
7.9MB

MD5
193f44e0ee9839830cc613ba04ab222b

SHA1
9eb7e22bcaccd75a26b691e1083d669b66131c1d

SHA256
b275cfc2b76f020769d07a053e5bffa912ec2e616f85985ab1a20b1debe35dfe

SHA512
9707afedc7dd4be5c64ac433de3047c4a74d31ea9cfe5a076cdcc100c7664ad52c76e145f5d5c91d60611deaa554977de9f922ed8b6575c1872047d6198c9855

Download Submit
memory/5432-543-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-549-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-544-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-546-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-547-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-537-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-539-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-548-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-538-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/5432-545-0x0000014415DA0000-0x0000014415DA1000-memory.dmp

Filesize
4KB

Download
memory/6588-588-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download
memory/6588-586-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download
memory/6588-585-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download
memory/6588-584-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download
memory/6588-587-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download
memory/6588-589-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download
memory/6588-578-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download
memory/6588-579-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download
memory/6588-577-0x000002BF667C0000-0x000002BF667C1000-memory.dmp

Filesize
4KB

Download