32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
06-07-2024 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

msedge.exemsedge.exeMiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3119450053-3073099215-1938054741-1000\{15688354-7E0C-46BC-B27C-E5EC03B100A0}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3119450053-3073099215-1938054741-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3119450053-3073099215-1938054741-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\You-are-an-idiot.zip:Zone.Identifier msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\You-are-an-idiot.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
3220	msedge.exe
3220	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3672	identity_helper.exe
3672	identity_helper.exe
764	msedge.exe
764	msedge.exe
1844	msedge.exe
1844	msedge.exe
840	msedge.exe
840	msedge.exe
3176	identity_helper.exe
3176	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
1528	msedge.exe
1528	msedge.exe
2416	msedge.exe
2416	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3692	msedge.exe
3692	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of FindShellTrayWindow 59 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

Google Chrome.exeMiniSearchHost.exeGoogle Chrome.exe

pid process

2904 Google Chrome.exe
2904 Google Chrome.exe
5072 MiniSearchHost.exe
4192 Google Chrome.exe
4192 Google Chrome.exe

pid	process
2904	Google Chrome.exe
2904	Google Chrome.exe
5072	MiniSearchHost.exe
4192	Google Chrome.exe
4192	Google Chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3692 wrote to memory of 900	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 900	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 1536	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 3220	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 3220	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe
PID 3692 wrote to memory of 2884	3692	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdef8c3cb8,0x7ffdef8c3cc8,0x7ffdef8c3cd8
2⤵
PID:900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,2310449040515536739,9061420339780972249,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
2⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,2310449040515536739,9061420339780972249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,2310449040515536739,9061420339780972249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2310449040515536739,9061420339780972249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2310449040515536739,9061420339780972249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,2310449040515536739,9061420339780972249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,2310449040515536739,9061420339780972249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdef8c3cb8,0x7ffdef8c3cc8,0x7ffdef8c3cd8
2⤵
PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
2⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
2⤵
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5564 /prefetch:8
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4964 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:1432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
2⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
2⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1
2⤵
PID:2748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,4700236930564291756,12473132970179681563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1684 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000480 0x00000000000004E8
1⤵
PID:3188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1556

C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe
"C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5072

C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe
"C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4192

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d037861362b54d0480616b7350fddaf4 /t 1176 /p 4192
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cdbb41ddd8d0c1fb12454614ac317783

SHA1
c48546b1fa839568c62bb2791042a78c0e6344e3

SHA256
adea86ae425af2ebe052e16af106fc730f46282c3657092e9002f7e5aeaf04ad

SHA512
ad7e244273ea7827dd640a96ff769a064e2f0c82196c25ac258e8d5fddbc8e89fd65b2776a0c5cbc2878aef6a663708997325f8419f62d35250bf4ea68e48482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0176e968a02096540e4a096219a8fe34

SHA1
cd301ea619d7c92daf64446caea1f1293da48373

SHA256
f9319c68cc75bc8e334037d946cc89ad65605606c1bfd12a2fe2ebd711b14067

SHA512
b6aba8640823d43f8968ff31a2e5a48b6f6def43ea6f83cef801294ea1ca9eb1fa16cec516893485b650d7b4407e34536b380712fb72bc9da581cc2e1e0ae2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0c8b1bfb13c475c600201587c2ab399

SHA1
a3466298aae8990c219b791373eb280019f215d8

SHA256
7a24f283f43fc580c38d907d3e2005a4aedb625f743f77ec82cc84a89f1fd157

SHA512
dd1139f58c8836652968ddef5d1457105c2fb01ce4d46b5914e4c1ebe84e453bb458d19531b099c86e296d5df79813af1f6d3bd569a829287ffcc888ff2a6526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c1de55e8af0859bea07b6af77782896

SHA1
d5efde7bcf31d692d697ebbc54ccd13fb3624856

SHA256
130afd8eb97d11640a28231e9314983eee9eff75964c93abd71e84e6412f710f

SHA512
9664d41b0b1767ddc4012318fca427edf9606c525f868a5ba98e5987bf5e71e4710dd19a0ed7223c706588b5803f3b118ee949c51d6fd99696049befff5fd510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
aba316d52cfd9d531cddce5e4cf866f9

SHA1
9a28fe211f43a7718a615630d924beaae6aa060b

SHA256
4d83c8947e06437915ece206bafd4569cf8a235534f3ab2efa157e6a03ce5a69

SHA512
793ec5c151f3551bfd172ecdffaa26ff0c811617ad3f9ef736b777e5a64d6f7642085c5c824eab732e9c459b2aec96d9d4c660047a5b53902041b85ea1a5e77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d74f2fb8fceadea5db5b077b9f292918

SHA1
9b73322390f3164dd366771c2a2d632ef2bab8b2

SHA256
3f77728e377eb310e055cbb06eb2900f7df60613f2075e9f4ee126635b7262dc

SHA512
4f2dc38177df81054c7968a4b7fcddb73b47790840f9b456780819665084ffdb5b84c58fcc5edd5044f0ed5112afca4e28151cd41714085a81a72dde5eb2c4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
3358e831188c51a7d8c6be54efafc248

SHA1
4b909f88f7b6d0a633824e354185748474a902a5

SHA256
c4cd0c2e26c152032764362954c276c86bd51e525a742d1f86b3e4f860f360ff

SHA512
c96a6aae518d99be0c184c70be83a6a21fca3dab82f028567b224d7ac547c5ef40f0553d56f006b53168f9bba1637fdec8cf79175fd03c9c954a16c62a9c935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
b55b8baf9ced2da93c17f6b749734870

SHA1
b7a0adbe14b12fd8f7bc3fbc27a5611693057cec

SHA256
38f98d8fffec9928c61be37a6d4a3da72e027dfc239b53d784964cc922a201a4

SHA512
69c98fb523179d002566ec88bfcd12800ec0154ef76efc017d05c1dc5f2ea479e5ced0e9c6158a2e8546f88fe19d58a3627bbea546e4ab6905f4f340767fffe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
205f224cf1dbf73153a60a34a1e11d53

SHA1
45e75f6e04397b52ee5829f9e693e46b637e7fd2

SHA256
ad5909460f582dce0df68ef678f89955f37a5eea271b24179c2a2558b033992e

SHA512
26a05667248b9b99134c223ef9e2aa30ee0f7baff54e99d47a982cea17863f444ff2fddacb073b47dbea87c2a5947593d01f1129300faa1b3001d3f2dbe264b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
3902a4d1e71223e3cf9b4f9c5a4a8f02

SHA1
5c9670d3e8ebf703d046a59e12e84b6066813f77

SHA256
aa6636f9c70b463d80db2ef8d484e15f421558a102f6c7229184a3f37b440537

SHA512
70c8aa8eb99f55ebbf40677873495c7d8cebfefb09cbb3b2a7415b056ccd84c5d17560ae98fc96dd19da4f691679f4a6352a71ecbf9cc6610b5f8b35297b9509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
b0b18f45902c47aa9433e6dedcbf6c4b

SHA1
969095d120c0ac1945cfd33093a3c45598b167d3

SHA256
7c9700b1bea123a99d3a139f7f6eeaca634867bebc87b2e7d9633797f793d89a

SHA512
f8d0696fb7d49cad89ce824f62169e4dcc6b494da6b029f02bc73026d36cba1224bada6dface7589c8d3196b338b96db3e3760d75f79a30ad651d457cf6ae8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
612B

MD5
30bd975a3996a8008d2b281a49f0a1d6

SHA1
2cbe02ad33c3eab032f23d8e60bf341490b805a5

SHA256
0ae152c6c6df2fb6c772ead1bb35e6f6c73400e82449a9bcd91d38bb06297b6a

SHA512
313428a43a65be819ba757dee7afaa0f1d5760a61d08e276d108553ab2f17225d42d9b453c09925e52ef717e6b519fe89b8aaa19a3400c4bdca4a116a01b2cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
229c7a01f1b025a070946a20e3a5fd39

SHA1
67189ecbfd83dc69c0ef2d0694b1e9e4f4f65cfa

SHA256
240441b0baaeffd10b41a0f74e58b08812bd248d0758160eaeb851df0df1afa0

SHA512
0455cb9dadeb6cd2faba6ac54bca5472426f6589651b251380dfdcfd917e8c54e66e81678165159d544c964c4f16200b5325998f355f4739535d3e3b5918f0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
ca7e6528cb7fe5cca82b6aae131a45e2

SHA1
c100773211588808f27d3faf3049a4c21c43cee8

SHA256
f9eafd749c750887362500a241084bea40de57618d375a0715f9b6d1fd514979

SHA512
38aa401b64d80580d0cac6ff3abb2b2a105a600e62914e6696eaf0ff1cef3c5addd5582ce2689fe727781afc6cdfc8aefb6b7ea6e131d0e6d1461b828abb6bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
5d352a03280eba57cb274d27ba6c6b7e

SHA1
8887766642a81a1248dd5f93239ce63e93839900

SHA256
3b358849502f5cfd881dd035ff274a5753f90047a131884838c677e22f2305ab

SHA512
b8037a046c4be7be120bbfddedc780a4175fc8e6c863e9095e39a4e16d2e8ced27c40f38c569a79df990057175e3db6aa35eac645598af3647caa5744052bb1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
944B

MD5
25c4609e080856663626ec6a61e789ee

SHA1
92b318f4be839f4e8d8a60601fa5c4aaa41eb50f

SHA256
eb5aa48643c91a074b5529a99d28dee530c76b8a45f680236305c59ef4f18e6a

SHA512
cc6076ae4313e40359a47ce01e1541bc47124987fc644c96efb28d1bb20b6ac250349543a02829b2f5cd1df6145ca54e39e21301f766807eb722aa1071b61b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
33a3572f272f654f3a62a2545f90c37e

SHA1
9a43f9c447ef8bd71d30bfc8c7543fd22ff41472

SHA256
b704191b0d50a935f9d08f1048eac8b1a688c84826b17f5c8d34b8d08b4fe16e

SHA512
fdeee9573f229e828118115a1304be3a0078035462661753fa9b142a1c6a0e74dca000031f4c956c7465c2d49aabb0adb75d64b337886e9f52210babf38302c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
312afe12abfeb335b542c5a8c42bf6b1

SHA1
a29c3578390fb66d9611e4264556d599c62f35eb

SHA256
a6ad201a349d149111c55054645c1a6cd6529dc31a1a944d92de9da1c88409d1

SHA512
9b71ad9eda8d5b47a3d8bd2e2277def6d3e799c08aef4c5ecdfcb5840115df7a73fff1f06afa9212ab64afa5890209986757e64df88834df93b8ac1b43e91663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
786a4ea96ec068bf72cd17025ba04742

SHA1
0ce4a39a480b0e0981142d94e2d4cb94fd40bb33

SHA256
ccfe5a960e3d2a0b369d4977747ce638d610b44d20dd847b7a0342e4ec293a1d

SHA512
2f068bba999b890d1c664aca9bdd3a504e5d56140062857110d6ac54a6190ff12e667023ea6b9517ee1dafe8308e695341a6305df4445ff0bd05617a7a38820a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c747f6c653598d3862e55d81ce055544

SHA1
4040351fa9867eb84d9f38bce5aee5609aa006ad

SHA256
4920e1ecf4d2efb4a8edac59e9748468d0834c4d6d668754a664a728aee5e071

SHA512
26d708e10a8b71df732f494dd42eea8bca88ec42092a14e35c86f9885fe6fc13cba07fd282cdc131aae466d32dda8e1da4b7c562b326d1c260bea9f8c0513504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68af00cbf73b258f249d36e00c715905

SHA1
ab34e4c6f75120b7f418a514ca0b1c07055f6888

SHA256
b5576fcde45c7d1feb430f01b119572cff0a054e14bf729c54b2e85077ebd249

SHA512
cbd958ab540cce84383284727ad02ec61fd075922a79e7ce2eb34134b2938aac74c31c629e391428da82a1c062539a30f760a801df1e7094cff5ef8516bc74bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc9a52a0c29ecef74c8a609a19ef8bb4

SHA1
eada09bc99904ebfc00d3680b178406654c37f03

SHA256
6fc94d85d27559932ca6948722ee836dab6099ebcea84d4469359a020b60d4c2

SHA512
c35f5674b88ccd459d90c5a48929825ca4321b35185d8254005a5cb96f30f15376f3e594cdd43fd0f786709d10c965d4fbe752ad1f7437af92d049dc6ba0976c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91f62c1c3eb894bb844a0ed38c0369ac

SHA1
b56dd20f0f042faf5016a8a51f9bcec446ce15c0

SHA256
3f2ea52cbe555dae77daffcdd00a785abfa12fdbfb7fe7271c556177d028c1ca

SHA512
07b75ccc8eb32b94559157eea333bbd44f814406beb5e18b026c9961c236a9a9cb3e138baf9ea24cc23a98158bbfa5a40b061dfc007744d91180c45ecb4eaa66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e988ee0480480ca9dd2937bb34ef73e

SHA1
43872b425e00b8df6b655716183901ee2c070e41

SHA256
c14958bbce58716ef8597f7018e9b7dc5a3a020ed02104c55d69126e6a263ca5

SHA512
d934919663423c563429838aa71b5c838a01b541d6f6810019863fa455b8f3d0943f3f220fafb01047cee6666b5c037215301e73e53b2d9d0760977adcfa8772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
871c502050a7fa08577f738a58b39fc6

SHA1
8d1122723cd2ee20332cf2ae0f9752e078c3a73c

SHA256
4cef09ef2531b56d4a090ee65002868ab8ce74026013a272b0ffca24946c897b

SHA512
4a2422596f6027a510bc345f745d294b1be020d48477be69c107dc7b7a309f77ffa2d57f9c1d57b8088bddf791d23e058959fa57c0422aee2b43f88903f3261c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
585f62512a29be773cea9e931daacf88

SHA1
f7e697a2d7117cdc9bcb97c51a4aca0357be6365

SHA256
513404af16c421bcd68311f1c399ff1433e4d7b820459ec238225ce962ee3df3

SHA512
22ccf52cdbdbc608f571768602a45309d6fc7a81e4dcf39fb4d7fec094c818cfdd3d40778e4dab1c28e1e95b7f0bf91ab688f04fad0ef225c5d0ed3503a789da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364711863212215

Filesize
1KB

MD5
48f0137753ea1c5caff7436182090a07

SHA1
9ba2edcbb5f4abedc7bac059e6d8afbe7680922c

SHA256
b0ba046be5b4c373d9d524145c44b1451669d8422dbee48d753a7c52ef1da833

SHA512
dd25068be855f01402f91a02e15b675a1249d9250b5c814951906e21578d7b1cc322075846876f4c2f7d69228cbb38091effe9785a091f5afac044300b011f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364711863456215

Filesize
1KB

MD5
2a9cab2ab23285948aa2ec481a85eb09

SHA1
d11cf6203fb6e512b6c97539eab5668d0e3686ae

SHA256
fd40336a629024a6326a559737626b2f277e711305d0f79c55ac7d76ddae894a

SHA512
e7b2dc5e93c21fd7569dd53876c73fa2cd196c17c6f7047afb205f30698675be8c9d8c05c448d6b7b4b257377d314e87d7a75de5e71333178a6bd90e46cd65a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
8be985ece811ba0a3f10087f5f4e6fd4

SHA1
c87c84d4fe182ffb8362f3cabd33349af94e9b55

SHA256
da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a

SHA512
901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts-journal

Filesize
4KB

MD5
10d0ba77f7cfbb1f70c894d33ca6526a

SHA1
d53d42f9795115c85bd7307531dd17b68bc78c4e

SHA256
a855f76755d11d8a35d975de975c0e7987cbe7a4a4a52194ce4e4cb59929fa64

SHA512
e31b251c347a08dd4e2bb87002d22ae3b637ef4404acb6ffa55d9dceafd5ed5dc740ccf055f338318b017e3039c69fb716090e7d16a97204c85fec8d04836078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
016f144eefda752d521b80f48808c2a8

SHA1
ab53cb4417aa12d283526331ee9dfaa8d5c8dfec

SHA256
4cd02f2b00e9860c0c92aa18bf455e8a35d981a2f7f5eb5a9a68ac5b1b10e426

SHA512
83caf508e69f46816b2d9f9ca07c530f99a9dc81ba851dc6496bbf0d4531eb408b118f5892ea9a632ec8d8ad3ef72da234c2143e2aceb119cf2368aaf128edfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
4eb26a4f00c96ab97ab61058c2751f1e

SHA1
bcfe1402346e18a39ba4cad33071d4b9001f6363

SHA256
46a7a75fafa4c9a2491a5f195364649495d44a7306826fd8b2dab3291ff27b06

SHA512
fca04b8e8a4ca7820f92c6d90609ba48db3ad24cdc0bc33d83119174112101786e5ee6382757f8aa0e237f0239294c0be1dee569dbc3d2725110c91bbf81b964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2548d0f283ef10a3c1c6c8bcf64c652

SHA1
39c5e89f9e352c57f9e1114ed0fb8a7583e2bf68

SHA256
289605d5786975555b881aaedd5cd816fbdc30478e9a266777215a470fe36867

SHA512
b778de8e9759cfeb4ac7386872ffda9c6f8db91fef5b9acc17d26054bb929c77033d41baa1145526ae39597e1123e1e7af8b84265892900b213fa2bec0c361ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1926436f952f1d3e9d7a115e9fb1beb3

SHA1
57b86de9602eb3da520685f95730cbf55dcaa10e

SHA256
6eaa72dc864da96c1e3c141b81ef0cf9cb00aaf3a528cacb9ab8689125619207

SHA512
2d9be8f0d98c11d56f5bb1b89c7c1e73b26d792806ade0c7d8c6cea3936f2f53dbef05970f6e5e4dd4951f441d3f3c1fbe9f0f4e0bfaca1ae1b79c62ec325311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b720eda6b421f42a2c304e124c4d32f9

SHA1
9f11524c324f104c29be0965cf6e1039b89470f5

SHA256
cde841014811438279e5c29d4f2558584caec8892ca4068f2049fbf8c0909aaf

SHA512
e63bd43967b7d6d168a42adf122e9a8172919c95387faf1308b794dd9a3e9abf5e1cd320a4651ed233b534bba526c715be673b2244e77c10dece5b68bd29236a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
c53661835d480a21c36adf2cc77b2ef3

SHA1
3d41a3119e55466d38237e05327c3b48fc8b4726

SHA256
1516639f491eb718825a99dd333cc517c590a13e4ef2b928e00b2e09588717c9

SHA512
b90c7894d28ea5503266b8e52c70c518cacf7ed97ef627a8d13ea133a5554f96d7979cd641005c1a8315d23ff1bdefccc0dda81f25b18bd5ca7c3efdefa07b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590843.TMP

Filesize
538B

MD5
d3078e0b957ef75cf378388e72056750

SHA1
e76989438bf04373f152ac8d8b3a7d1c098af3c8

SHA256
4b86eda0f55292d761b85687979afd0a87d6e10861fbeb53ed99d6f48402b8ec

SHA512
231849cd1e456e334fa7c1f0040992a1f159deb688639b3696296755e6bd1485dc9bc3081f1815dfd2ab780e1d3da0a9e4159be4ee3963afc6846a098930a7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fa00436a31a20d78af98c4720cea59bc

SHA1
00a8b0fea28836d8ce01ebb7398448de3beadccd

SHA256
522c2aabc5b7389efa2442786169a07894d6c03ffb283807b8259c68549d708c

SHA512
b5591fbcd71369d8fffa7d0ed80104d287fa48b04e4594cad91f195450581bcaa694c3bb3758fccdd79fbb703ae352dffae6c7706400c19e43849a2a126a76f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
200B

MD5
d5dbc3becb631ad9c60bc126075c3bde

SHA1
72db7f73be06526843ad4cc7beadeb6c3ee13e7a

SHA256
56ff1e4459085cf48aebe7864e8a6ccfd38fdda9df01ba21c1858d9c549d6c8e

SHA512
f87adabbe034e0b442304b2fec9297beeeb4d2cbbcaad8cab7f8b5fe798c70fd6954f7de2d5fb9316970000a4133323f6b2ef65b519f88fae10af9ae9cc8a3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9a8e0fb6cf4941534771c38bb54a76be

SHA1
92d45ac2cc921f6733e68b454dc171426ec43c1c

SHA256
9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

SHA512
12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db

Filesize
16KB

MD5
d926f072b41774f50da6b28384e0fed1

SHA1
237dfa5fa72af61f8c38a1e46618a4de59bd6f10

SHA256
4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

SHA512
a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
807d2742df4c8b048d0ad65191c15d78

SHA1
d1bada8a8686381e1afe35df5652cb3bc402dbed

SHA256
e2b62a57088fadafc3093434800388ac253486f5cfb0916d4eba527bb6b29d7e

SHA512
14902c6fa6dff6f42765ee686fc92dec397080d775b47c23337256f8aa9b5a86fa96c69796bf692246849e8cd3216f92d3db8ef17d3dd2d5fa0502a2ffec83bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
a2494b2c10fc11df5080e6b0fd0f170a

SHA1
76e2dcc70c2d3f9c13c6687747ed0335f4cb4fe0

SHA256
c1f20664d37afd79e01814941bc86e1cda5159e196f963e2e1069bb82d1df865

SHA512
7c1c362fd279fed38dbb732851c29a56ce3d0aa5e7b4a196240e6b466910a4809879352d799a028fa74aa0aed6388108995f378fc4db92791bdac33c8b6056a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
f1016178d573445c8d41caf1e265d800

SHA1
09922609c9cb9c4b318392658b352bae315c35f4

SHA256
d3ea381bcd9b1c0edebf30a938593da396fd94c8e22f3ee5f236aba67869283c

SHA512
aefb9b20a4f4d4cf16870b6a50e86179215577376a2292d16fdaaec876a5455907a4d9b6a6cbba30731269da23a5c51af3677731fc7a12abb98bf3c8978a17db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
df240fa6aec8e5d5d78d9cc9f5ca6ab5

SHA1
85d98a02a9c128872d500a100049cbaea468395d

SHA256
10bdd148a7b2722922c623a14a7f8f0496a148799cf95161cffe4f4c036b0568

SHA512
73f807be499617d6e0cbfbf0e32174ef3bf14b0414f365f9839d640038469c01913879c8356184f47018c7c0798fd752aee1ce7f710e7a864fb58911197d313b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
dab4747ab1e4e79ba23a9e13fd8afea0

SHA1
55199212345d71cf27106e75c3f5eb0ce40d7b08

SHA256
a4f793864bd7b38fbc06784730df9cd34925c4e55e5ed927eacbcb0c4d44d8f7

SHA512
97d931ed9ef4995363a9614a3d294573c048d5bac867f84ab767f01ff4ea826954bd386698df23086888d842e1992a4aeabf3d121c0a916397506b293a8637ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
cb6d9fd259282661feb51023a3011b39

SHA1
acc2f236b8a396a651d2b5112c585e7e954d0b0a

SHA256
7d7a88f431784e00c7a54b8ccd63a48cb25294d426e9864a780a5f0e251159e8

SHA512
04c654ceeb1ab4a8aa6c51834fe31b6e82842c500ca9a8d4e7c3ea40bd155dcbc37e15c736309044f3ee249c47e4f3d7bb5a2d514d311abd3c7d1a9281ad1a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7a3e9631dc1bb3263970066db2407f0

SHA1
b77fa24a171b595d78df3b8eea531d815caf0835

SHA256
50a7122686c466ae4c19722014a3282fa7ff0357c325e7ddcc17f884baa44b01

SHA512
cdd2c6cae44cb92097e86c7052fb71dc6e7eb2a257f6e7b5a78bf4176dd7121a44aea930765b5e579fa8b31bf5521fa30feb54052c1e4550c4197632af93caef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0cf6cc2ff98b664a831c42d2929b4df

SHA1
6e5b72678b974ee08a4725d9c0d9f86ce319e935

SHA256
7885d4a477bde57ab77bf54bc8cc6582d5cf1ef4b3a7f2a9b7edf414209f08c5

SHA512
b6659a66bb20db34cf2e863b0fef5ab8128ca681b45e432c80f5b8a0c3ba4a84e74df03648b238fc4f3f33c0c125c19ce8698ec129992c08a16c8cf1b2e2be0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b790c521d2c0e6256fa0d21c71220112

SHA1
fc88c3a48e353da8ce9d8859132591feff6bf2f5

SHA256
f6aa9b534766d34f25281ecf026b5d8bae524ec27ddffe4360aa547dd0144be0

SHA512
8852e13ca2061c19494b6316f937e7a55a476917b5db5a4bf628b4339cca646c05d968091375bceb1f89fea25d5710006fb5fe04d08e9d329ac7578cfaebe6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b40f9fa0047aa05aff1a5b32b98464e

SHA1
61bd1216d14999cd45f0394177f145bf826d0e07

SHA256
45dc89f5808d74d051047a73d402c27303ceb118c82c99e7307c56ff4a5321f9

SHA512
7efe9b17a9f188ea223c897ae182957d517d6705770b2b0cc5cd73c294bb7a4438a7570e3decac9c410567a7a1ae3c144258f381ad6460948c0f6728edd4e2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
ffad840836a59d98759df4baf3ae1249

SHA1
4df8252e4869a356f0e66d0612ad2903e9c3b580

SHA256
ed6b07b7ebb160617a701e0d070d6291ff9b2756002bbeaa31162f38a38a7635

SHA512
efdbc87f6619b885a098361538cc55d8d51ec1d65fb1c3202d3e051934261e91a054ddb3b32c246dc4d7d977b4b68242114b257a79eb25810cc9381bda8f0450

Download Submit
C:\Users\Admin\Downloads\You-are-an-idiot.zip

Filesize
33KB

MD5
4acd75f2bfeb99226a8c9cc721284208

SHA1
4c5fc527d8825952a6f45d4fcbab3bdb074e9713

SHA256
47dca4e070081df4b70053c858a851dbd720845d4ac579eb5e7334a44ffa16c7

SHA512
ba18b878ad12916ae75dd1f5fbee09bbdfef4776d243fa4e9d7b34a113978b529a242c66e868c52cbb0cab4198d0b356e83dc36355f9452e03e7fbd4e0f9f6e0

Download Submit
\??\pipe\LOCAL\crashpad_3692_XAKNJAICMUOIKYUY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2904-844-0x0000000005130000-0x000000000513A000-memory.dmp

Filesize
40KB

Download
memory/2904-843-0x0000000005150000-0x00000000051E2000-memory.dmp

Filesize
584KB

Download
memory/2904-842-0x0000000005660000-0x0000000005C06000-memory.dmp

Filesize
5.6MB

Download
memory/2904-841-0x0000000000660000-0x000000000066C000-memory.dmp

Filesize
48KB

Download