c48295272539d103806734a9195e224ab551691d41acffe9d6d70272ec0c4418

Analysis

max time kernel
182s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

4KB
MD5

edebcf46e1c536d7de63ecbe8d393f4b
SHA1

eec9362923bd9dfff2e01ee9504f617f574f0e64
SHA256

c48295272539d103806734a9195e224ab551691d41acffe9d6d70272ec0c4418
SHA512

e37755211fcbad05f753657708456c3a8cd69ba883460d3f7e7cbcde3214b6c0f3845ea3da4adc1e95ff2eb084c223fe538ab7fda53d4f5ea69aabedab266f8e
SSDEEP

96:RjSC86YRbYv2elp6zjB+w2hK17XYXQaTf:ReC86YAkdCK1bMQmf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3924	grafler.exe
532	grafler.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
5060	schtasks.exe
812	schtasks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 753538.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4228	msedge.exe
4228	msedge.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
4760	identity_helper.exe
4760	identity_helper.exe
4872	msedge.exe
4872	msedge.exe
3136	msedge.exe
3136	msedge.exe
1576	identity_helper.exe
1576	identity_helper.exe
4368	msedge.exe
4368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	528	taskmgr.exe
Token: SeSystemProfilePrivilege	528	taskmgr.exe
Token: SeCreateGlobalPrivilege	528	taskmgr.exe
Token: 33	528	taskmgr.exe
Token: SeIncBasePriorityPrivilege	528	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
4228	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 3656	4228	msedge.exe	83
PID 4228 wrote to memory of 3656	4228	msedge.exe	83
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 3104	4228	msedge.exe	84
PID 4228 wrote to memory of 4544	4228	msedge.exe	85
PID 4228 wrote to memory of 4544	4228	msedge.exe	85
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86
PID 4228 wrote to memory of 2776	4228	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe199646f8,0x7ffe19964708,0x7ffe19964718
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14597884188420046213,3113736240045373626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:528

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:632
- C:\Windows\system32\reg.exe
  reg add "HKCU\Software\gruift"
  2⤵
  PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe199646f8,0x7ffe19964708,0x7ffe19964718
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,7424056034994498805,8677114513764740983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:64

C:\Users\Admin\Downloads\grafler.exe
"C:\Users\Admin\Downloads\grafler.exe"
1⤵
- Executes dropped EXE
PID:3924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c schtasks /create /tn "UpdateSvc" /tr "C:\Users\Admin\AppData\Local\Temp\‘„—š“„Ø“Ž“" /sc onstart
  2⤵
  PID:3024
- - C:\Windows\system32\schtasks.exe
    schtasks /create /tn "UpdateSvc" /tr "C:\Users\Admin\AppData\Local\Temp\‘„—š“„Ø“Ž“" /sc onstart
    3⤵
    - Creates scheduled task(s)
    PID:5060

C:\Users\Admin\Downloads\grafler.exe
"C:\Users\Admin\Downloads\grafler.exe"
1⤵
- Executes dropped EXE
PID:532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c schtasks /create /tn "UpdateSvc" /tr "C:\Users\Admin\AppData\Local\Temp\ÖÃÐ××ÝÔÃŸÔÉÔ" /sc onstart
  2⤵
  PID:4808
- - C:\Windows\system32\schtasks.exe
    schtasks /create /tn "UpdateSvc" /tr "C:\Users\Admin\AppData\Local\Temp\ÖÃÐ××ÝÔÃŸÔÉÔ" /sc onstart
    3⤵
    - Creates scheduled task(s)
    PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
22ced4ea1bf911482686cfdb2b591a71

SHA1
bcbb4ba82e91a06df5d74f6d00c6bcf43bd95192

SHA256
75304ecc721681b4cb859aace304cd67a37f39f6239de71879f76da3d705c925

SHA512
13f952089d25766aafbf1442c221ca34a6dd32786e5d10a2297034a9a964e59fd47c004558d7c5970b05bb956c70dd96bf02801a3a3e930881f72cdf303483f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d1ee7c537a9b7b8b43f7446567d7a75

SHA1
c879f1a95651c27e99ac3789fe1c28a4088d2372

SHA256
cd0c5fb888cf75a8f3b509b58b62ff80602061dbf2e43cfa600e85173f96fe79

SHA512
f2250cdfdcde2d54054b8e442ac8fe6a6c77b4f72a1f9eea47340304b00c22ad888c7c46e3fa4c47781a55c8b905c033fc919db9cb216efea5e969029aebc3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2fcb9c26-c484-48bc-947b-b2611c081eb6.tmp

Filesize
2KB

MD5
b04111aeb9063a43264d5c0ce60af72e

SHA1
07f017e281b08571035548710831080c3274a06c

SHA256
e6f65c0fa985882660e40a2ebc23b11e65c25754f1c76ac2d3ecf58a8f472b3a

SHA512
2aec14d03a977494f1f667e8d03aa526710dc953b0fc908fc6721bbf804283a92b925e3e3b5d0bee3dcb4559d53b2e8a0fdd48df2ea52888caaa7107a425f0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
a721fbbb45ec3f4037a9d48ef423da35

SHA1
7aff9d7d36e408242beb1b7c926ae190a3b065fe

SHA256
c72286e92232f08ed993a8f57c1d82ae32cff804afbff6b282d54e17243723d1

SHA512
6c787017c46a709a793c7c05fb61d91f51e36ade4209b624da6a6c3563395cabbb42901bd12a00b5a48982bb8b840030d791d504dcb959151a175fb9b764d87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f4368edde2629f25088c6b58cc0cb902

SHA1
1dabb61eb9d186135ddea30122a6b1325e0a3d7f

SHA256
71d3c4b6fe105839c5c44415d33ca35c7d1ee514aefdb6cb2bca857be12b6268

SHA512
cd3b78f4dfef48d31a9c9053472843567d935a1e6f171a5202a938963ea44b5a7964530b19fbe090690994cdc54fa96815e2f3661135683f4916d4be7a317e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a328b54bdb059c6b0bda2bf35f257b14

SHA1
589b3267f966af8a641a8b9ea24be21858a959a7

SHA256
40746f07a92160fecc3a36f4c867410deb45ea88226716e3c318375455ab7342

SHA512
60a4c4cbf915f51a67f579f4248219bac5511a287aed1b30aebaf4810adf78e83f33768abbe7edcd8f7ce7508fd6d67a013b5bac42b8dd34cbb0d2f00bb428a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
00906a0aa46dd85dfd3bcc71b40213bb

SHA1
5929327fb3392f570d53190776cec34f1d33eedd

SHA256
48007abc455aba850483ed832d8455cd3e28f6f3d1c925edb471d457a849b999

SHA512
78083ffcec9b08bc27a8f8a8c3b7ffeee4eab260c8fd1bb89e9978f0d052607520d0185011823297e60a791a6cc25ea62f6fe54638f51b6f17973fca76d4c211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
29KB

MD5
b86c5440405fd643e40d60ebcc415dcf

SHA1
72125461c02a765f0b843b65fe42662134531ac0

SHA256
da169610bb74a50c731945d339b5c21c529db620eb16482c97ede5190a367fbc

SHA512
b53229c2bd43d688ca88119cbb9104109d956edfd5e059770d8e6c138b2e104fa3f4a051dceb72dc9389b46b9a0ff96e16db52210c096990a4e05afa8a2c2a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
26KB

MD5
bb594e30408f1cbfdfd322ccefea63c3

SHA1
7d23419c4a0e2db94e1c2ba6b5d836430b094c9b

SHA256
641858475c0cc9def5aff72df13e69b5e1a9ed4205ae40f587dbec845c2c24a4

SHA512
e3711c5ce0dcb90f884980bb2458ba2b69567bfa1602f68850022196d967b9cd586dea1d28bb9172f3b1a698d8c998f60bddf0979dbd60d3cd04777baec15e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6543f43d8ccbf0c7587d28bf2ad6952c

SHA1
e2d145fcab28d91ba0a0aa4321932fe8ea00c6a7

SHA256
65d01def0dda17033a6b467866a31b826790f735b3c6de4f8ab90a638d64a5da

SHA512
5eba10ce6cc3a0e2c6f869fdd1addcfe5dabcd252ed0276513114b15df8c03ef85fd691a2ac6cda7ff6fe2d4d9ba0a57979b6bd870159a2e4d2a2a9bddfd3608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
462b95a065bfe953641486afc12db857

SHA1
21a2d01be98e291fec6421cba4955ddfd99aea98

SHA256
b2c39cf8c85bdb1f154653fcf4b726b233d4db0286694c7f70871c6a8cdeff9f

SHA512
809049187f58503f75360a265101f245ee781b87b2a7f9ddb04d71575bfe6efd9b68e4cd480eb4bc67a888a9f237ca75392ac8ffd2271d76a8a7d39561f71f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
204a969fde3a14798297e53123b75791

SHA1
797a448458608e175fa321cc5a8cf4f3cead4409

SHA256
94fe01d0f95db5a2f41ad65fb96c5f78aebe8390b57f8089aa80f9f2801dc3f0

SHA512
613ccdd3a1a077791df4bf6fa0c54c366636e1820ed0febd62e4fe00d51fa8d277c79fa12a85cedeaf2d1d37213ab0545cd24cc3d6a8a7a470380f154069b96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7558c5f0b5798f3292b76305e951beba

SHA1
5642e39a4363219ae71596e0f2fea84becad0179

SHA256
04160b33dd9e40aff5e2d3839a6d48119ef22a1102b4565652aaf1756aeec701

SHA512
98ec924be8bd584b88f6e58169884f818fe445a0cf00ef3f947223dceb35cb298f14e8571496d2d91d7554141e40aedf251d719efdb18372c88307e4aa00790e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
5b87bfed0d4fd7360024cedafc46e861

SHA1
c5fcaa5898881b943d04a2e2c2c1c48bb1665e25

SHA256
37f0b27f1e2381f18fdd8a4e8dc9b58eea09c3bca47406f922d2f7d69691ccad

SHA512
466ff57c733ffaeb21e71d16bec79aee652058820797f6d12d3d4375502bbac3a73cb26ea1f4f2968aefc11e5ae70472ffbf53603769ee703bffbc974aaa6836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
645B

MD5
abd14e3ef712cb8b054c979ea34830aa

SHA1
a724599c3fad642ec646c1342c34d339c366aa49

SHA256
24236129ce24bc3e186a55e387c365d18ba22ff0e1e65cdb460765a2cc65678c

SHA512
ce2e0bff4a102c8d36223ba0db9edab5cc050b86d62aa233cdc797345f4eb5cd230259d72a32eaaf69e0eb0803c696727df31c9299a3139d69c7f7e95bc71ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d0150e87af277f633483e93e62cfc057

SHA1
80796059c7edac60a2e547863e0d300b029a5b26

SHA256
00b1f6c57170f3dc697865514c5ff6fd37a72bf4ec8f14f19c2cc96e3d767b7d

SHA512
b315e7783d20dd65bea9f80ebc8e1c232f363e278a9a253aa354cfaea9be81ea175b38fbf868d6b5384c0b8c1f6e9fdd1a158ee3f3de859717f4428b7eb72f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1020B

MD5
7fa26c8cf6b181923c8b0ab0f3d3a262

SHA1
7d4ece9f7b80140120c2723ce48781543b7d4a6b

SHA256
a88a55c34c37f9c54ec1c9dbf596cc43e26bcdc60fb90f0e96cd62d319ddc435

SHA512
0271174e8002baf86d2d37df47e6cd105c2932c992ac89db39d1fe292550b7de13ac48526f18421f0ebc25918d4d4c505064d6e8a9bb49fc17fc02b00242369b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
641f3f94abe7afd19ea72173da424f50

SHA1
c4a4e0f7b615e60684aa469ee16aeec74c25974b

SHA256
5b49b3efe616fdb3017ac1faac436bd850cba49cdc8b34bc77f1a9e3a72619a7

SHA512
e048457fe68c5b94ed173f64e0df78874b206f5d5a99b9ddea1167f32bc35ee8e52da0e49fce8ffd24c5677f70cfccaa9096578d27c29efb2a47eda337e874fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1020B

MD5
4c7d2e55e59e800625391e170bd8933c

SHA1
027b65af165e9a2e01094dfd8436518732d2c988

SHA256
45411999339a2848ed450cd66de8c49a88bc08503fed3c4ee30db8401a3d6ea8

SHA512
84470562943ba5d287ebea7468d427179de01943c4b90d6a4f0696ace3cf61ae64554e8bf66582a042d5c335d660b605d66acf7d67dff7a21a4c6a8a846efd0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4049b1e851a54ac505305fdd0ca39d5

SHA1
9f3a1067bfb808639ec981ba11b7dc5895a914e5

SHA256
29b1537192b8480a3848f34d9f314fb1ae0281e90d65983a77b95ad44bd25bf0

SHA512
d0d382748e9211a19ec15f42cd5758b21a6e783ca0ad7d5d0fca966a25e569457aaebc98a81c66cf9c1483384c232fca02b086b6bd64233bdc38aa88a9afce76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5021b3666d310f93628d8ab7a7a8a46

SHA1
96bea99ddfe535df4242790142ba631a0e7c8992

SHA256
52094856ed26f4a0b08d2905e591ab4eeca0d5adc20bc67c19d0823bbc860dd4

SHA512
f3353c259cee79b00421d7e76bf4e0314a5db142d9a0ed11be202b66050985024fb05e5ff5bbecaf2892a70c5d2443561b3b37b42268949e0d7b3faba8c8a427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b15e3801863153d10288a9c3896c6f9b

SHA1
171096771631289305cca3885653167c51c14dcb

SHA256
4ab383019531a90297ea6287ffdf1fdd798b54ee806da55c6548b1438eb9ada8

SHA512
f111108208e4a267fdc4295f68a039ce011fbf231604af630b73204a1646714ccdda5436154ee39748d55e7cfdf2a1cdc003b5494eba4941b43325000b62d9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f12069e8d6ecf260fe40a51fccff2f6d

SHA1
c6d2bed69df8a1dd4c38f8cbd9828c9bffae2ed4

SHA256
f5b9c913db825dc0a4310b00274b568a12e2415bb8bf936af669dd22bbc95b82

SHA512
e2a5d1f47597c43a0964d2190367e9e50a32e66fdee98a5cb7418560477d730a2de41277080980fc7ab2309cd20768af3671e35ff4cf09d8a8adb42cdc57a137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
853061d16e7fec88884a395215eead0e

SHA1
fd70606c50fb7edb07c5f444cfbcf41ef882d6fe

SHA256
af5d0dcae9e14a6e136b44c11dc3ade93feb3547abca80c1b9266c8193e92bd4

SHA512
772d9e2ed50883be87776a0d019936b217d4c05c3b89b6ca43a1f9c7eaf5b3167c83d8196da03b3326a78875575b3bbbeddb406720a3d975066d59103d6aa14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f69156f922b2c0fd15533b1a1cbc2b0

SHA1
bf4fe446bf08a24eab669e3de43f909f6a1bacd5

SHA256
ee1c4bd874e9c5999fa1ae791acc89aed79a4940b6a14c6dd1fed07d566d1776

SHA512
87f34d28cadab293e66ebf5113e1ece0e23698c233a47aac44d0782cdd334d0aae0a5010095c76527ce21015ef973fbc7e157efe65fd0078bb917eea3f8f53c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a825469d975535bfbd26ee595cb6ccc

SHA1
6f85c9d749291886da6f613bca81485962805174

SHA256
51c0cad31cf32d70f5a11d80a696eed45a972ddc6acf7c5773a01a078dae84f3

SHA512
049d24b188335d5d74ac49137ca73827f3a5a876f04758d19fa6945e9430b4dce6bff99945a5da24e453dff8ac6898b5c6241b3473a4b780878fa9af01c39b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
b78e1a6728cfaabe6245a231f49de8f7

SHA1
a51a1a0580614e7330ee801de2235d9278c0a860

SHA256
cbfad07b5a0e9c6697177458f3dee5e4b4b77859b400b2a7d124b51a504b3031

SHA512
8e737044812b709f826092abe6915a8a40a48168fd8916eb11fe9e92d399bbe526fed60d92706d68526f72876acda42724431e88d06343652f6573da0c8eb3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
20KB

MD5
1e0c4ac0eb3876ce64660fbfcbb07472

SHA1
38dd7dbd2337d2d0b373daafa068e2dfdcae7b4b

SHA256
03723ded8b7906b7ef0c8092de4a7d377c3c133e547409a16e675db66c5a3b95

SHA512
744f90516c4a0147efbb300cefebfd3bae47448edf2a1d4494ab49ce10b9654be8de5316c6633b89ae45a1146054c18a79f16aa8ca2ff6ea9aeff5673ec24a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
32dc6b6745ceb384d014b5a8cd8bbea3

SHA1
b4cfb76f457958b8f7e493ae59cbfa6381c1a2a1

SHA256
6be3950583e137fc899bc4674fa44aefd0b2c44b80c02f1e11ffb1c23ae14b81

SHA512
e0ef97881c80d17afed545905db1463f72cc14d17cd4bc3c8a641070d25a895343a1226b6203e9bf732d5043343bce080aae8b553fe6bcd30cc8b2b11298d8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13362880034250200

Filesize
2KB

MD5
04d96eff7545e3b6375b2a1b8dd4f0e1

SHA1
b4eb2485c3083fa49c3d941c1e0c2416e3bcc73a

SHA256
9939eb43813e8173ffefe2c15216d195bbf24c6525eb53992a1c493a5df10cdc

SHA512
b2d8370a7fd06946fab7125f1c0147ebb1c870e66228b3a7f129a418fa80fe34c0c5c6924dc888418b037b917a31c26079d6c0c9c6371e20836845d96161fb09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362880034468200

Filesize
1KB

MD5
af6382038abb50bf605d95b584bb4fff

SHA1
a5a05fec99c6bd16b056363c16eb3e38df15ab15

SHA256
14cda68d467e2c6cee8de9a5af3ee382541aafba86038ddabe12abff5ba72b58

SHA512
cc88d2027a426513b1c11ef80ef9e31147481dac6c50162d45d4ddb9bdc15b9bb08c860ebf7612d75aea7b957296f2b07c325161432991f031240eb4fb679626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
f55168c484382181fcc7cea5318cff56

SHA1
89d295c25a685f0ee730cfb2c73c7977e068e7df

SHA256
347b54a98c1c1329420684d669cb39419578fa8398ced195fdead2c2a10f22c6

SHA512
017b9748c2d54ddbb970c2640c1000298c68f9da8e0a76f715a350d1d6a9d6c62b91e70b5487cf2332450e49a7c54749aa038d16af60e840f3ef790739a8c930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d0cf2e0363e2f8bc9d1a5da4a5ea777b

SHA1
9d794a0e12cb93e0b892dce66ea56ed1e876e8bb

SHA256
6ef19b44c4495dad30550b582cfd97c14cc21134c7287dad09c96b388965fe0f

SHA512
2fcc900fe798ab8f11348c43517d4243dbbf2d0213d97f6e533af613067dce3194b6f7ac279208596f8c41e566efcf672b33bc0f7c06bead2c3d2042d111cada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
ae0e27664c6574ee8d2aba2f61499ffa

SHA1
9ceeac04b21cf687e80ee9c6d033e4b0179db68d

SHA256
cd99534dc4272dc2d5001611f09ccd6c4b2a77a61db7797406136e01f6d7946f

SHA512
1d5350da9b73ddebda88af62eb464ec4053eb4728151a609af34f4bef3e2248a73797ebbb1186aff075c68882d3c6171dcd954f02f9b93a8881b01e6d2dff9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
cea3763938759eb674ef428b67b1380b

SHA1
b818817a4c0fd383ab27035bb2fbcc114faa086a

SHA256
d43e5980fb685fa457f3eabf0fe407332c625a65e6b5a0a510baf7fcae770b08

SHA512
bb409781d368cfad131e446f36d94e661f70b50aaf4b86e30707e5b19302858ca3accaef9f6885e7874ef60efec6654668180097ea5b071ec109348d093619fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
1ab7b619e594d5ce541d79ac7c40e681

SHA1
70542d01453b3027950d968efdef907d2b4d3440

SHA256
42a22702eb1f9c5611f5d0b7ba1e9c030b901e51a09f744615bc05838cc39428

SHA512
6f607c24f876185df2374d8ec8f1377bb2da33c93b8ef61f30a27ee94aa54eab4a6fec19b44efc620e9330bad0c255e16523150adad613e738e780bc41294ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
200B

MD5
4ddb518e71f861b541428582b4341538

SHA1
8c54b3c55d17e12aca830d3c7d2d507aae54c839

SHA256
e293d0ca8ba28dc268f58ce12e5935e845014913d0575e5fdc33a3e5eca29463

SHA512
b5db274db9f22a509cbcdcc1f56a07ff1f4165128e4d2f75897dc42b6b5fca898792c815255fd5d70a5d9fd482cb778a43bc0182ad35852a4a746739e0fb98c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d567b9fa435a02bcc80a9092c6063030

SHA1
d310b56fbc98a64172c31c005d8243e2401da19b

SHA256
1238ccc12f07fec858abf286efd8ae6e212899f3aea8a3bdc0c338e2d8386885

SHA512
3d3fbafb061aa3e9bb71dff2e05d1bbacb61af5dccda1b723461895a7bf5d36c4059f9128a0a63072672b076f1b1c0017063ff18d82fce259af77b4f884637d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
d6b1e62d829d6b54ca57db17c1344019

SHA1
5b10b0e4fc29b37328aa44db75c8a282a1040c54

SHA256
5c979f818fb5606f16c43173e6abd3ec2cdbefc4f94d8913bc07317bef8871bf

SHA512
0e57f7c61ec047ea29cfd4aa3fde6ef5dd1488066cac5f4a5c315908b61b60179971c8be86172472eb3f67f09f256e426626e752a8a1f8f5474b967678ecc0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e9a78a7384b0fbdf562083789e03f76d

SHA1
a74dbc47762d8181e81ac28ea8676973636d9c86

SHA256
63d00e6ba5147767fa1384681b8f8e14b72f05eab0817b3604ee0b35696280f7

SHA512
a644c4f20e61157f75b8f1e620eddb66e1dbe6ed4700fa3935d7b1a6fcce0ad83967429031d00d347dcce48c96524b0b6d3c57bd3f536e4f28401c8a2c42ff54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
c4f2f1455c306a2e501790656183fa73

SHA1
531b6d9e12c1155d3520fc26bcf40ea65a5bb83b

SHA256
d1112f50995df4c4af21769418da8cb89a65ec7c483c0780858961013c4e2c33

SHA512
689c8a42a3b78b4743322a905bf638a8a370a3f9e81f0b33a6ca242261a702c7fdc13b40e20b89f596c03e5ca842574a23cfef8b1f4c142efc5fd033e601ffe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f38b102bd74e319c03db355988a8d400

SHA1
57713055fa65003748c54cebe70a52d227e93934

SHA256
8a4454dfd79d29cc9d51b688143abc16e21e63c07faf38e49edd08eb7e7187cf

SHA512
f9311f5f5fa3b27c3101bc2d25c5118d4fb31383513eac5b01c18658d7263eb4701c01df1331f6d3851ea07e19cdf239aacf619be5a655d43b00b89afcaea7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
29c868ed64f0c10068276d460af324fc

SHA1
249c6bbe5caface2a134ba25d15f9f0fe13e7ab9

SHA256
1736159a753c23042437f097edbbda26c5a9e7682777bfb4afd87c0ec4b01200

SHA512
6ebe8311e56e2d7c144d8841dce02357b0c5eb994df1eb8bf67733fac5f15d80c42be7e2c208b82cdc428cfe0246bd0458789e625650808f25c67f5adebd2649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3a3cbee51cdfe849055f66967924b04e

SHA1
f72ffd603f18d09d85143fdcb847ae638c283b8c

SHA256
fa7deac9054a482c2ec1fdfdfd78b6f968abc9f89d90aac178cc3950fe7d5d95

SHA512
6bf97364dc4ef89052aadfe1efba9f7ad8aae07c3ee407e112d4780fbd3088aab1163b20bd369f102d3c91ff6bef094b614079a7e58d3b30e575e2606c9605c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
e367d71ee6ac0024c4272a4392981db7

SHA1
5add1d931ae2c13eb8a284bf1bab037055938f24

SHA256
704f20638c2669a1611542281f424a7e6f9b85617d576ab01a6026dc4c2c2c37

SHA512
b7a682b4fa2afcd7f2cb067384ccfc5c42c4248cb35bca8560b3ee1fc1f8a1e220a0c2bbb201e45f8abc5bcbda6427ce75ccbb3f23caf6beab8ae52affffafa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c15215d633412492e787d6644be7895a

SHA1
9906a570cc4fa8f311555f95f9ee3bdad9ee7379

SHA256
cc498bac0b77a27cb607105387d20e61f35a1be21c93f64bc21fbcd930d15393

SHA512
d7b2053302de870452ba5559733db8f7977f33819f493a958c0e4a5139559eca2ef04e94b19610f7e4ccf0d9593eeff52c660eacbba42f13aae7a4a062969ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d7452ffc9b9b3074c2d03d7908ae5728

SHA1
51952e8ddc131d8b3b056d712570f29b03d1b39b

SHA256
89ad6fe84c1ad0734e7154c55d24f034461f1f43c4c23acc57948734958fdd75

SHA512
3eb98b63c831b92e854cb0753b16f31676a236fd5b554ccd9ea2637c714d569fc800c10cad064bed93f87d00bdf529795ddaa322a6c6b5b02f3c2432deafce36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
09d5e8859cd3abfdb9f82e96923ea230

SHA1
32afaaddb9ca316ca274266d209407f33b473e48

SHA256
feee1ea579c40078a1bc9372ea2d3f9b5c4a79843b08c83ace2ecf765b322653

SHA512
bc8d108e6321ea682ab99be49a84a8ba5d26ac99dbc1188472191a182ac40518558f9268d84f903693131af9fb80453eed0e42df3ae27146e4b70fdaa4a198ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fde9eecc5799011853930c19adfa10f0

SHA1
7a69d6ea20b002cd5a1bb9a28dd77f717320d53f

SHA256
a9f1b46491517bb20dc35604b67ca69398caeff4fcfb46482a9f06932d42fbaa

SHA512
6824620996b202a612977c8a83b7cf0a1a2c793d02b028e41badb56a91fea736c084649e3080b45dadc25a8e63184519c6b2940c3748fb8313590d9fecece8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3d2b89260c291df6781dbcf579dca034

SHA1
51807dda92f3f7e82e792aff0c76029e4bc4e743

SHA256
2a72732d586f2f1f18383cdd2ba6dd6b8826a5d4c66a0af1a58f2331f185f14a

SHA512
43f61ce55cebf39adb8912672ab693fe05068d3bfc6f51728729c7639bdfba0f2f514f930f0043c0d81808abb07e447959bcc1b44e1638522b0d87a0956fbee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
a38ae3870e24bb9cf3e29c102bb2d996

SHA1
722fa8c442264e4712611bb0b3f1a5cdd4910e57

SHA256
054e3f4b2827c61834e4419dae973ccf65ae02442398ca0e27b2ec45bd6132b6

SHA512
018ff28c5ec5937984ef2104c116c81a51a6175afa0d4019204d0ed85657a52d975b1213db7045a823230afdbada11b4c105a73398b62d8bcb16977cc2e36320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
5b21aa4cecdf3f80b0f15105ac5a2c94

SHA1
4db895a1b301b1b217ef38bcc5e285fc427287f2

SHA256
000140e2b8acfe7bb3fd2f706317f1d37552f1ca835922baaa225519416a56ce

SHA512
3b639c75336164866f4d2e1699dc1434223b50bbf2b4bda6a43055be3f9bd40374a666c6efe30feb226d4d63fc5e6f8db1ce4b067f794fc94de5eb575d47be56

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 753538.crdownload

Filesize
147KB

MD5
f321c4db407a21b79c1dc4b44c5e383e

SHA1
7e1c14c44f9b1be7d184198bc6c5d3c965b41e94

SHA256
44805897e99583456ae205cb124880c2ef5e85178d50d96f5fe6f871baf676b7

SHA512
527da373421ed932f5e10f92149eef2cbb6a7ed7068ebe2a11b403243bab1882a5f15a2bef2f578fe57332ad57a3f649eff061fb94f4c49d0f0a17222b76ee62

Download Submit
memory/528-67-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-59-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-60-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-66-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-61-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-65-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-71-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-70-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-69-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download
memory/528-68-0x000001B3DDFE0000-0x000001B3DDFE1000-memory.dmp

Filesize
4KB

Download