6011579fce5a3f1c03bb2d6961349b8670a8d6155a6777f2303d49bbcf7533e3

Analysis

max time kernel
2679s
max time network
2684s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
14/06/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

3c2d6dd356d4632f69e90d1a0aac8cd9
SHA1

b1fa460bbe396e0e7f48a00041912858ebfef139
SHA256

6011579fce5a3f1c03bb2d6961349b8670a8d6155a6777f2303d49bbcf7533e3
SHA512

ebf7dd2880e5f1b7622bf1275e311cee788175f87fc36cd4d885999da1a4ee1c7dc8c175e73e04f754f6bfc3a02aa2db6477007f3cb34828b714ce17819193d3
SSDEEP

384:rx0MWJbnspY1ocy4h4lbGaDU8Hhhb1YIP+pmzpK2fa2hOwV0b0L+Og8xCqcR1:rYX1ocy46Ea7BhbiT4g2hOwSb0w8xQR1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628614978999429"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1276817940-128734381-631578427-1000\{CD13320B-6E33-428A-8A8D-903A1E2031FF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
4588	msedge.exe
4588	msedge.exe
1904	identity_helper.exe
1904	identity_helper.exe
4528	chrome.exe
4528	chrome.exe
5052	msedge.exe
5052	msedge.exe
836	msedge.exe
836	msedge.exe
4640	msedge.exe
4640	msedge.exe
1928	msedge.exe
1928	msedge.exe
4540	identity_helper.exe
4540	identity_helper.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 852	4588	msedge.exe	79
PID 4588 wrote to memory of 852	4588	msedge.exe	79
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 2336	4588	msedge.exe	80
PID 4588 wrote to memory of 1720	4588	msedge.exe	81
PID 4588 wrote to memory of 1720	4588	msedge.exe	81
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82
PID 4588 wrote to memory of 664	4588	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b6b03cb8,0x7ff9b6b03cc8,0x7ff9b6b03cd8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,5340998639778225563,7940405641737593981,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,5340998639778225563,7940405641737593981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,5340998639778225563,7940405641737593981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,5340998639778225563,7940405641737593981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,5340998639778225563,7940405641737593981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,5340998639778225563,7940405641737593981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5d5ab58,0x7ff9a5d5ab68,0x7ff9a5d5ab78
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:2
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4728 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1764,i,8113743188618770033,8974426914067714718,131072 /prefetch:1
  2⤵
  PID:4976

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b6b03cb8,0x7ff9b6b03cc8,0x7ff9b6b03cd8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,8585178112203496204,18236603018033072021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
203KB

MD5
99916ce0720ed460e59d3fbd24d55be2

SHA1
d6bb9106eb65e3b84bfe03d872c931fb27f5a3db

SHA256
07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf

SHA512
8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
133c68b5a633b6d309ba926496c943a6

SHA1
ab2f15e58fa21522758dc12e69693c998a3a1cd5

SHA256
1d3472c7cb33e5a53a721408431ad53dd3e0874ae10c9e892209c13eab6ff81b

SHA512
b03fdecf8533932759a2efdd540feb7d49fd524e5be5d72533ca0f55d1954935d9db93b97ce1e6254fd3d388268be0c8e4712e0063bd4fba7a3abccbf4525f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
40afe62e49ea2560ee1ee39c9d99037c

SHA1
a1e4ca9207e968746cc8decce9e8996dc0f1d5fa

SHA256
c4d924c806da2a2185b560b855a4ccf3b58cb353a7b878188f9c74a59d318171

SHA512
0fd37f9f374696ea45e664e5651e92470ed8164d2ff31ce6b6e43d4ae33eb182dcf48d2f5ca42c9b1208b393fabab8b611ab6ee93ec0a0421cd445ab940262e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
15f7fe051da60660128b09afd9306ea6

SHA1
f7e3b885e0aa7d918b4460b6274a0a96ae0ab66e

SHA256
e730781fc61c211ae59183af057a24185160271a0420dfc656984e23ce4ecbd1

SHA512
300dfd62468a51dde3d7fa6e482393249058c8d2e0fd312b3e10b99ffa354a255fa411212181dfbcab947790030e8720f5dcb21719aa7524139b1ea9de3bcd05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
40d477a611ed4dedc1faeb6db9f80b9f

SHA1
89a939175c0a9f35f37dffbe1c600c52e11fcee1

SHA256
4b6655bd1c0cb9b285b89f7c505a164cba95ab28aa3e215fb4420205e25d8817

SHA512
87bd82b0c66ff24f52069a2a2217144b7d0c90ef0f480d86bf1d5ff8723e44bc7986ead37d86846382b9b39c06b1e99783d3c60a0526853928073e958f0e6642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
74843e86221ff9b68109ba93227f4036

SHA1
eb1956dbbd7bc14d59ccacae77624a3129cca68d

SHA256
4b96291777c00f5798d7f31325d7c321944413557ff1a41742e62bc4ca23a9fd

SHA512
6985953f705986e5e7f3a295af147c38d9baf41449027be4086d5184a59dc109f6eca68b430a71ff4a49bb6928b4e858b38e380da3d2acc98ba623dd9e6d22b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
996702ebf2ca6090bfdcb30eefff65bc

SHA1
257e5d5bff6bfea7372a703c427a09f93dab50b5

SHA256
79e2b8181d481a81368f3bd03a3cd37b2d7360ba5c16ef83d403af4332cf5282

SHA512
7fe8f0a9514dfd9d469eb56f6dc2df68b7a582b832d41e891928403d88573fb951cd18803bac54714f2c52d4a7401d22960bdd96ae31dfa99f9db51ebcef0085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
85e3ceb906b9bb3a934231dddcbaedfa

SHA1
bf3dd600fd4908b6a9706e67f1c14170b43107ce

SHA256
295698c17f9ee207f1bf20ca5a17f314d807ef32a3b1da51734bbc68b852e85b

SHA512
650dcc0c86855292aacfb3cee272fd1c613712ddc6c1b0c3911c6d7311a44c35c4da057448a1bc490390af19c13e75a0901ce658c4cfc42acb95f62b69e3f3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
cd359e07068e0f859152652f39dcdb53

SHA1
60203596875b4469cb658c61a22dd7565d339eac

SHA256
868f89599fb1b03368c4881813372a90ed555a11ba756c74779509b5137fb813

SHA512
e522cd8af90c5472e5362141ce4e55f79fc18e04d7d4d15416a21d14b75ace181b697bf0ccdb29220568541319b80cdd4defaee06bc3b66af17ee600304b0167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
2cbb6ed79f7d521bc63442d3b188f16d

SHA1
9df97b7de64d1dc684c56d0c53f29dd3d6537137

SHA256
77696704794a022cbda43768cdefd9cf4cf581da7f14d26af76a9558821a5729

SHA512
f78314d1884be84db1edfa5c52086869cce8f3143343d79c5e15b52838d30edeb2d607db2b82e471db7e6ed7b8e3aa83d3213a9972dcc82fc6b1c3f23dd37d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
64f055a833e60505264595e7edbf62f6

SHA1
dad32ce325006c1d094b7c07550aca28a8dac890

SHA256
7172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99

SHA512
86644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
503ec64b586a356a400125c827a1a8ee

SHA1
4f80f83aa4589dd065e8c0fd145ca3d0cc746a6c

SHA256
eb357692e5fec456463724cc237ae66ed8e4953f12e136ffd2be12b4cbef834f

SHA512
e58918554e91e908dfe6671b6711745a218e5ff2b613742cb6eb9d7728720e8fc0bfceceaf27bdaa4f56a7caeef0f0349c6b14faa592d94f97c8d2eddae8a43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1376d2d5528d6a87f4a3929945340d0a

SHA1
7be593f8652027953f2b2d5281aa8e752848c6e9

SHA256
0996ab83439df2a8617b1d37a9796075518255ecb391430f603c1661bbbe42aa

SHA512
0a0f67dd75839ae4bba088a9c075bf5d282646e5297a8bc5ee1f38af32a4c444b65e22992227b20f21e2a1288296af664e0791403488968136aedc11aa7ecbe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a74887034b3a720c50e557d5b1c790bf

SHA1
fb245478258648a65aa189b967590eef6fb167be

SHA256
f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250

SHA512
888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\95f3dcb6-d319-4028-972e-5c062561ed3a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c1466dc9178f113db75291eecb46eb30

SHA1
9a555b74cff19ef6a8cc23ac9fd5cbb0599b55f0

SHA256
ca51ebf753b48d092934753bdb0a9789b61a9fb2a9ff8fdf0c040705816f4ea5

SHA512
8323da405fa8f68a448d963cbe26e64e89d900b75d37f6442a6290e6774cd895e3b6ad767201c05f8b40196bcd0618b2325e75a3724a2cabc07c842e1b79cdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
ba6de8239ea91302bebb7df4331c1f17

SHA1
cc7bb5cb3945767da2cfb375b55d13253a44a293

SHA256
b86e67b1b22206ab7a357553386364290c19903a4a9211601e186f2901262958

SHA512
0bbb3475563e73b9577af62547976e598ee08147c8225a53d893b0d6b8433fae6f986932a6f219183df3bc6914b6fc57c4175ff860e0b04585aa4a83d5b10614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
2c5d4af27f0e230c62198ade697d92d9

SHA1
325d8f28b44c70726baa862fbb4ede8180589eb8

SHA256
ec6a2d5277ff4de593b08873db1cd9d5b87793e1d6c7d579842255f29285f978

SHA512
ec8b16f9020211bebeab1a4cd10df2735525586859e6bebcb34144012d4c64b3985e291a4a142bb9d18b7fa7a0d3f2d3b0fcbfb2935c8454afc134ce987d3562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
2fa413749c8fc80fd915111a499ea6b0

SHA1
cf9dacf2451cfa462d573c454c24b9b209b31faa

SHA256
411ccb79eca67e7f61ee68ff2d0160771ed049590c35a747d2e6341eae05099b

SHA512
e4de0203a3680d9d694b76379e5c82549739ff51bf783624ac73bf4b622c69d08c0473de7f7d85a33c80354bc507d5ddc87cc8b0643e22cc661c4537711a705b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
57b0be737bcc15c1db1fe1930d6c4616

SHA1
d917e5c80c307ea8e77f0ff33fc0550ee939f471

SHA256
3f333be09c028ccb2b4d6a6a994f6f55000c220aa164000b8257084693cdc5f9

SHA512
5100834421de2327292e0f84a6494796e67d4894507299c48b1585d8fbdef2ea0e30e1cd866d9992aab3ba0fb5dc6eeb20f3543841b194ea3ef23d2f69afaa4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0d33308805d921a533918d5c9d15ec4c

SHA1
f1ecd364693e24849bbb4d8e7e6567ee8fcf14ee

SHA256
99b45724f44b547c05889f8b23ba692e9b2de647aa062166aa1d37953dc2db46

SHA512
1eac6eab550fff1226dd638231f19589f5079e43004a29b165d448a6162023d6b905c01498ed08f46f79f8e064cedaaa59a193a495f395349727da209c4ac7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
7281524d1526475627601f9fbde0136f

SHA1
7419e728755dc50545ecda92670d377d84821c30

SHA256
b788753234c7ae7eff01af8176c823fc398d40ebd199aae2f5111f0f7194af75

SHA512
d01ceaff9e74d0d3a1c5c2f3118ac5a460419e265c23bfdacd7debacddea6b7d229e10bbd5dc3c402bcb1e293db0fdd62a63ebb22af7db50d7efad942825433c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
055fc4b33d7289541b66ec7886b14832

SHA1
54f2360dfd09501fad6aad0f4d358485a5a3bd12

SHA256
a35a76dd773f5d40386f09e2437b0808f1bf27891f94748769d6ab69c0f59c68

SHA512
4ab8c476ffcefddf037baeff683b8ccc133d91a571c72ee857b3dbeb41af49a51f28ccfd2b48baebee06b50e048273b4f6618c1b29bff0815b42d9d7c1df2aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
586B

MD5
417c851bbce41dd005200d0352faafc1

SHA1
9464294faf180362bf7340bc638458f2e0680389

SHA256
3878f84c4b64c4e0a6917849c19883eb17d06f62c7bc48dfe7686341e0a649fd

SHA512
637f02b389efebbd01b192eb644d5cffc9da0ff2fb355f95088b2d2ab66727f2e1b72d320d1437d2a86ca0ff9e0972be7ca65abd1e3317ebd1a8e3d24897967d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
562696bb3cc694b3514988236308e8cb

SHA1
939e179285357fa97159f584417d87062ad91020

SHA256
338f1e1ba34893959e93e1060f155c4fb74693528a921565cb72edcc7e0ec785

SHA512
f5a44fe6cc4b95aecfe5487be4907a49cf33a55d12ae9714fcc0d03f5d9653a3b335bcdc6f973381170b2877a1c07be7500bab44f16ef50e5803d5061a56b15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
960a467a24f1b69bf7584d8fb08142be

SHA1
10efb6a568705d88d48f55d14fa0142156349bd4

SHA256
77c97456f01e7fbd18c8def5eda33374dc9f12e07b111aad3d897936ae2d2ccb

SHA512
068a5a1b8920965e4ceb653eafbe001aa3732b89166755a991b2ce767fb10023aef9c3f29e0b5b96a6a005a73c2870d649f682c7f864662cb31114dc0aa2f164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
5d352a03280eba57cb274d27ba6c6b7e

SHA1
8887766642a81a1248dd5f93239ce63e93839900

SHA256
3b358849502f5cfd881dd035ff274a5753f90047a131884838c677e22f2305ab

SHA512
b8037a046c4be7be120bbfddedc780a4175fc8e6c863e9095e39a4e16d2e8ced27c40f38c569a79df990057175e3db6aa35eac645598af3647caa5744052bb1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
481B

MD5
176f9e9a51b4aab150cc77077a20113a

SHA1
01564406f27c1ef5615c0865ab7e5e3e47499fa6

SHA256
93093b91e0e17761200fe91304170d05e30d79f6b9cd8597bdf9994e6e61c192

SHA512
e154d6515b470bdecece71be581de90c0e8b8acce8d21305d05224f0e34408760d0303c1840432273af4b5fee8986ed2049cacb054fdfb03634136d467977382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7149f183a6f9fc0522b5e6d27cfc51e

SHA1
956b01f4b7d7dd0108c6788d83eed9a5ff5e7959

SHA256
c06d723f599742f2eb4c248411ec9ad72bd9c0fe69612c7e5c4f0b2396e56980

SHA512
acec3c7cc3e022a9c49a4fdcf5329fe2f0f3b548c7586a389c9bcb398bc677d4d0955589223ddb2078be2988c9b6586fa0650f35b1f93191d8ed65f9321af80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86b13828129613508a9c9126347d846b

SHA1
6b2f683a96608ef418b63a2f0f35a2b5c7d8e277

SHA256
67de20556a1f803e5bff5393baae8d9e9cc2f8fba04415df9bd707d0f3b96e2a

SHA512
27a4e676d0c64b84efbac3160d5915e4feeb5bbcb1959e7affab4d75afdbc702181b27088d180d2c26218937b3fd7436da38293c22ca528b0a090228aae9cb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8719375d933bd0240d6d88804a995d3

SHA1
5d3d5b8d01cd1f74c7421995e8ce4a43ee7440c7

SHA256
0b5af6b17d631bf915415e0a261abaf31e881dec97b45ec95fb7ac0cafdf2546

SHA512
baccf72480b2f0215ae009bd7696ecc725292a8273e3a28e584aeee4ad118b3cd2e1ff301a4dfe09f62e383300c07853bc7f0e07b5979e55f9b84c4404939a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f693b697a7537b8bd0d777091ae50b3

SHA1
11972f614c1e919755a4561214f55488edd174dc

SHA256
2c477b9f6237998c4c0568709b7bcf47c2264dc45a73236f751545d87a95e2f2

SHA512
be01f2540e25fad15f6d96e56ac300ec7194927f54e087e97142f3ac73ec6e06b4346b26754ecea4311dbed54c0e8960aca2004d37f298255861cbbd0773a8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9c8dce620a233a9d18340545b5f8a07b

SHA1
c4da0e83266932525ada429c6545b98725905b39

SHA256
11b4a71d97a318946b3696fc54e76b56b1e82263fd42d6be1547f7afcfdf41ff

SHA512
8eea66219a2801d0d2b4418f09f78e1ff6fabc638af8e426cdc3ad4b1ec6384e38580ca24ffeb93107375455b6a78be4fdd1f9d51388f6bf7fc14c88edf4ba57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73ec4288294a489a3cafc5b5f8fd1274

SHA1
44af5bd5456afbd02cc6d4e119ffbcc0bcd7202b

SHA256
78917d3eb313bc7d69268a9d721bc1123738e57da90fa7eed6c48bc541c1a408

SHA512
b0fb78267b3fe4346eef06201a9ab081df2ffbee9e762fcbc2925c5ac970f1b283b429b4d84fb11974885f9415ba06f6d8f7761d3120683ec5ecdef8edee8c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
05ad7c358b95aa66aa3deb4c95121662

SHA1
6b25a6efa0930c7b6f2eda22a4eab1ee16d9f633

SHA256
4f2e9f73ef07b6a8111524b3b00c6a71d1dc57afb95b0679da193373c3ae790a

SHA512
c55172da27024e150ba37e1e1ae6562db2a6192437b97fd7099784b52c593719fa30f08d58bf21bf8653b89d8bae5da8f9edccaadcbbf7cd2b1a4511016277b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13362861483002939

Filesize
1KB

MD5
622bfbd6549e6bb01bc52f2c1330b200

SHA1
d7774ea1a85b70fdb0486ede3147b1a36ce740b0

SHA256
2c6dac2d1edcaab158ff326571bb86d6722d19bc626f3b264e759d3efe14a292

SHA512
3e000c5d015e44475d79c75a8ada1fa0c111b1a4c8a5db40606d0eeca58ca12c9e106d6bd39ce53eec86d308e164b67acfe47360b9473f4007d190490803a525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362861483142939

Filesize
1KB

MD5
4bfa4f2060548eca71b2047adbbdccfb

SHA1
173e73cf73cb7ac07b3b7e0f372de5d0699f363a

SHA256
dfb1286025b530731f6814fa78f4285e20f9a90a2aa930641cad4c2d6d3a2176

SHA512
2810cdf2847a1c8cb81dbbf3d8899e4079af10f1539973021bbf503acabce16189d65caea4911bafd9069f43530ed9d3d947c912cb10372aaa0e44bfc53da6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
eb73a1f70bdc98c422f3cb7ee8fea83b

SHA1
2ea2fd13d19d20225afaecf0337e4fc19dad4e26

SHA256
d3b12efa3717433674f4ba45ed5f7de91b98f81e8690169d98461c1ed4f1d4a9

SHA512
92148a800293d91988e882408dab16cacfea95a1f1b3018ed5c8335bd9db218e7a556862ce211b85707a953ab1a853dd583e08b7cdf2b2f23d478406e5ac9847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
1dc2bd2a26fdbcf9f74667a3d9ddd9b5

SHA1
6273ed16ab91f1ff2e6ae27812b888b83331293a

SHA256
749b96be690901a7bfc9c9e0dad3902679a7aa0c533171e7575355f6ce9bbad5

SHA512
55808a145cbe312a8e60d076d1e338647255f6a348f9a44d2ed6f4fc489d87bb03a32e440055c52065bee7f86f58c6e87870ea20f999ba4808415986ac194f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
870cbaf653bbcffa5cd184b68f48af8c

SHA1
ae6d31dbd52b1dffc555de9e1974eaa0abbf9ee7

SHA256
b559034997eca0efa9b49e3d2aadc78f14b09efea726f8502b09e9b3da517abf

SHA512
f6b8d9068284622ced14a183279dadebc745ad66918e6f1389d115f211e2c5200cae2b205c8e1a65a543108e18bc714f74282d54f6cb9e8d5adb5cc088a93032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58914e.TMP

Filesize
538B

MD5
b9f1a79f1bf9e0241bc0c1fbb6a6bb69

SHA1
63ef73f0263597c38f017abd40bc0f67c0562616

SHA256
09f9f4dc7f28b7e047ca5deaf446e5f2780b0f1425c2d0cd7633106f4baafc4d

SHA512
f86c4dee8c28866a044e7c20f28c90448e2eba9acf0e5ef0ac76661e01fc1181e08d8f8b56e702adc3d6d2a447246fd3558dd4fa5df4ccaba3568439e5d6346e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
525f672e16695823c0d4fef266f9646d

SHA1
fea932c57962f6c882e93c3b66c6b3521f8d1ae4

SHA256
504d000919a2bce0a648cba6f719477523fb39b4daaaa6cc37ede4c209fd7a1d

SHA512
73ca02997bc57c135bb9953f9cbfa5ee1f1c8b60cc7dd9a9476bccbdd6cde74ec70fefd5eebd8de355e8e87da4672db51be9155bbd1a7207f0777d64c7cd5f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
56a898cbf155c8e438811d9c6d49e48f

SHA1
83dfea9765e3b648a639239705731d8e0dae27b5

SHA256
08f2c55917a60030b329492e42449ab33c782aff18343dbf99b8364b121f1c9f

SHA512
c73a3aecd5ff576427426257fa761f17742aa604f94493d8f5c821998ccb182ebc7b3b2eec0b57e3738165dcd3e44c0947136b8320d567ce5138875e0c8c23fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
f2ed91d8de3a36fa5bb7d79f06df2c4e

SHA1
2da5dcc57856ed10e5ffc6b015e4f2fa4fd549ae

SHA256
7a01d326837e635e12cd06c0aaacf7f0a19358827215868ce4e99bf05f528ab1

SHA512
e3c77a7f899cf614bc3515fe3a22b318e5c07304b12f14fea6ee5a9a6a7d48f116fa815db29b951bf9fffac790714e81c10da87a446062abeadfa2e201f99417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
df66d05c260c7d062067db376282ca93

SHA1
bd2eaa27b7025df5154c57056e9a3744e0864361

SHA256
056792296d1d732e6e606e2052281251fae9e1cddf85348dcbfcbaa3511d7f67

SHA512
8789c15b3483811972365918730d0f58ce9161eec2fcd6c24c5e584ef773d9a526f3d2cef50436687e8f34b0af0041de6fa214e6fb8795c571d8ff55b90603ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
39bab2fd4efee7bbe03a5ce32e3be9bd

SHA1
26165eda051945cba3f61c8beb3f80c282515450

SHA256
b977a978c19337d95cf0da0c1baff3518f37a3305164e9059f8cbb4fc1a42b9e

SHA512
9a8752af9c8995ae8abd2f87651b1dffa753d932d8208590bf419d1afa39579dc539ae438f544ff8d0ab4c3b929f2fff390a798814533b61647f4630547e8d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
670f64e8773d472de79b8edda12753a1

SHA1
a97307f8a7b73856503e0092c4e68e83aa8ffba2

SHA256
9dba0435373f8085a97ccd4dadfb5a87e11f25e7b625717eeb9fb626ffab439e

SHA512
60885de002268e09ae83711ae61893b5723078f07c281e5bde5836a331d902e95834a2a6146d8165266cd0861ad3b27ea4d5f1a48cc6d1ca97c3e123275c6041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
b87cab00978d62fa0e1c35c31676b310

SHA1
a44a38abd81253b1f23f657e33018552dbc884d9

SHA256
a2aa60160b69fabf48caad366749290d5413165736891456c306bdc53dfd1965

SHA512
035b708eee0c8199e95627efac8eb6e2d54e92ecd19d75a500d7ad49cd1e60662c4b4abac98859e7bc4124b9f3bbe0e8dce84f061b442ab5f080a90110da5d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
799396b62c52d7e7c6ee9a736da16381

SHA1
e1c87749a2e1b778ea8979e724ab52f69c19ebeb

SHA256
8358435648e3197de07cce708bdf779ed6b9bb0b0a90385784e5344282378025

SHA512
efdeb15e5f274b24945fa4eecbd2006931492d802f59a8c5b614047059f157f673c0168f4a60b57e649cb44cfe75de2db0afa2d3a402e3a61e371c567c82ef51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d82daf18426006a16ac286ef6a008f4e

SHA1
3cc729afbef17a8a4687d462c719ceb33737fc07

SHA256
503e3e946f867dc8b56fec1ec494f9356f2e4a816cd6ef688f96263732ad759b

SHA512
edb856677ad50c9766dd201dd70d628a02a27196157f6a695792174c42d953a6ed936747653b1c9985bcfb70740497b02ce9ee8df4624e3175996a620bea89f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cf5fe83c-362c-4870-9afb-685a57464872.tmp

Filesize
11KB

MD5
e1f2baf766225cb9d7b6da734468c72d

SHA1
a8f8ec5098eeea7b65d229406e386442ac1087e3

SHA256
6513aec6dd383099516ad8393582dce4c27229535a26ae50474d5a63d4e339a1

SHA512
974bf6bd87bf06878bcb24c4ea401418e512a765ddadda4ef234eacb5dbcf2ff76d1f7b5216ec31cc911813ca431db50a6956553f8b49220f7cb7c5db506d53c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
b06693c054ccd37bb7067a436661c037

SHA1
33c5cc300fe1b8df62dd834784d8880676e3a4e8

SHA256
da12c5db28b539062419677743772a6638f4829fb5f1a07f20c5f42404221166

SHA512
6521974eaeb449a4ec948ee2997a837675b96ab10b5a1dbf76473f8548351632657ef076f620bd95a2381da56a7bde2b1ab685a3642a0ae223c7c815305922b8

Download Submit