hxxp://youareanidiot[.]com

Resubmissions

09/07/2024, 17:23

240709-vyj5lsvfrj 1

Analysis

max time kernel
126s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youareanidiot.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-701583114-2636601053-947405450-1000\{D21E4DE7-DA5B-4BC1-A2E8-A5EEDF6D8AAA}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-701583114-2636601053-947405450-1000\{60579C96-0DF2-40E7-A73E-05DEE995C6C2}	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
3980	msedge.exe
3980	msedge.exe
216	identity_helper.exe
216	identity_helper.exe
2528	msedge.exe
2528	msedge.exe
2264	msedge.exe
2264	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
4892	msedge.exe
4892	msedge.exe
3636	identity_helper.exe
3636	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	3984	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3984	AUDIODG.EXE
Token: 33	4916	msedge.exe
Token: SeIncBasePriorityPrivilege	4916	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 2876	3980	msedge.exe	79
PID 3980 wrote to memory of 2876	3980	msedge.exe	79
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4892	3980	msedge.exe	80
PID 3980 wrote to memory of 4092	3980	msedge.exe	81
PID 3980 wrote to memory of 4092	3980	msedge.exe	81
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82
PID 3980 wrote to memory of 4408	3980	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffec5546f8,0x7fffec554708,0x7fffec554718
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,15872720385938860376,10409842185970035865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffec5546f8,0x7fffec554708,0x7fffec554718
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1087043144235643726,4239284424305752862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9be263f2bfe5eab92fa18bdfd5d92066

SHA1
f1f72f71c74eff680dd38d4aa7580e7f7769f91b

SHA256
36ca1afc2c715890aef7caa78fff8936f9e99e8dc18879bc730ecdf062cb2c54

SHA512
b011f5b1ca837d047173af6a5f571c4b77533d9bc255034d6a42fd1354d3e4989cca54bcc1ea9d875a4661f6a4761d9991cb3822cf6039f46e42318d1ab0a4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5beaa8c6cbfb6401efa9a5d8168083c7

SHA1
392ea591b103a0823b7f9c47703c32673a7ef52e

SHA256
9084af388c555c28ad8c450832e4b4a3b8918eae915b37a2caf6651883001e9e

SHA512
d49e5f4a981a96e2fa6590bbaa769b45c9482721e36bbecfb23801b1f57573ec10b2e5807a747424fc7f00ff725b7a5c3f43e706e1573af20a5dbdb156db13d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1f01aaf6e2b5cd4a7d2b09e4f4dfb371

SHA1
7a58db5a1beeac3579221d20ccc08f25c0e734ca

SHA256
1b78ec30dd3a79d0740a03b313ef4320369de853a60630fde0836bf7b4cc5dc0

SHA512
067118901f0b9bfbc2274a250812d4053719faa8a5ead33452810c069b8e651273575417bbc5ef744a49abc40781d0a1f8a14c71b7ebe40a6bf74acf7d692dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8a3b5459d85bfc041b26adf5267608fe

SHA1
9d1147f2b7d7a3345be456f403deaccd758ec6b1

SHA256
7e07679085105c2278c0c1d41314ee95eb36b7beb0846dc12039ac3d48aa503f

SHA512
283d680bb9730ca80a976c5a6ffc4dac288391e16f34e0dfeb80daeef3206dd94cb7aedaefa0cdf29f0ba9cb2e276bb6132d433801afca9bd4e9ce4a959afbfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5bee3ddeb9d07a32d6b99e1e74a0ce8d

SHA1
fb10b1a3123dd98536783944fbed6b0e9ba5d24b

SHA256
f258c701660629c41122e11b2327b59f41aa0df6371be576512391b939d72f71

SHA512
c808794bc37561d57ca2bd3345106ff012a282b53c374cb609feafd56edb2a51bf7a20274da18556ff41121a23460aac8e427947e8404992d3e8276f9077d6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
33db99bcfe1e8976d67b3d83312ed6c7

SHA1
56a7b96dc35a3a3aafbdb2303482eb4dddb53986

SHA256
33d4741e17cf718accb4e20a29aff22d880e6f287286d73368b8e4c9e0717c8b

SHA512
e8406c8eb3570dd0ddcb117bd5a66c0dc9ae9d7e45923b2c004a63a0f819baa4d399a94d65279b78fea3279c9bb34ba574db00f62991f51e735292b5b6ef7663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
445372ea4909bef6951c38ce1f9f8ae7

SHA1
738ffcdaaba0263781fbef73231e76fc28ef5500

SHA256
c198c65f38fdbd1b5b572964e44362e84ad1f48e03a847de89557bd23f339279

SHA512
ab65cb323f4c064082ada104e9334341704907d19491e34453e25b759280a936bf15966cf8bd04e983c79ce7c59e56f1ea014a818ef82f649660246ca8c47e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
a451cde2c41929d47ca1a8fd85edd280

SHA1
0a90a74c843353611472c2bdbeafeec8a6a1b009

SHA256
00a42e281ac1ce1ce523d776b61a95bae9b0a91809073484a0cde87c48402d79

SHA512
25128019327143b405c1a1ed20434f6e5d8dfb2431f6f2eaff22b359949cf5a75cf9b31ad72e2993acb3629df4cdca0b3ba264d814293421390f43db87ad1200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3fd599fe751145fae99b78c15a1dcc42

SHA1
c9f683c70f21d15c60a92354d37683218e45a1eb

SHA256
169afca5ac38e049ed1d38cf1b22bc4d9ad6cf32842581429b78cc676c92a16f

SHA512
72fb972cd23c37cfc4f34e5c236a2ef293b2a8f2fa610a24d0b2da775bf051312b4dab65e530180005ca63b447ef4f69078f190543b40f836d88f40eebaf41b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
bab70dbe2362ccc671d533a2fbcdceb5

SHA1
dfaf096c9f62b8c8a7820d678157eb4c1ca40247

SHA256
2d9aea83efee7e17fae62d8b13dabf7491c975dc26cff0099e72d9590e983624

SHA512
7ba9dd9612c31d6090ddf4865b3ad65ce84c9a64ac4889d2633b2bbcb8d0fc6d2550b8def1272d1d82127adde267c3802bc373866aac395e4c87f983b0fed48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
b6df4183a0f75b8d91d2e7f5f993acf9

SHA1
a5028a585992aff6d3ff9186542dc9533fcfc036

SHA256
90035806e1fdddc5a29998a674b0511982c77108962b907af8866656076cb5c8

SHA512
061a3341211b3aa08245160cc00a04fd40f134554aa5d41e8d5b89f3612416840592e19c0145c2aaea45f78e09384ae0c4f65fc4dc61f6ef39f50432e9c79475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1024B

MD5
8681b99f2e32decd304b63e32193f40c

SHA1
1d67568b8ea3ce86a2eb076b6d3267edb4252264

SHA256
b1f2f4a0508e5c4d54e530a3aa29804ce434c74c1ca1326a7193494ff11d7f34

SHA512
93d75dee2f5ad413b292002031b90b63ec5a2435f17194f0e7dd0e0ab29f3f0336b43fa6ed0253042af7404e3df39f2b313905f25c34adb00f8f2308e038c1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
576a88ef191c85dc043e7cae388d8ba3

SHA1
f44ed2d6bb456e39658ea265eefc4ddeeba5577b

SHA256
b4641f0f7f5658b80187324b3bb8f81a3539e6ba9ff8f71d415b03ef2c165904

SHA512
f5e51a1a39a0fee2b58c0fb99f7425f31e3eabb1973216150177a96aa6e786f2fd292912c026003ccc332693938ff7ce887b383ae280fd994e0e23ada88461a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
501412fdddf4371cbfcf687d5285c7c0

SHA1
f1cca431e73444bbb9632fc004be112cf19fec17

SHA256
7fb2b81b6506bde65582b9fb96287dfee44dc47d4a29ddab58d88bb0ea1bd59e

SHA512
e40b22bc624cdd2b51453fb8b1191003195a818db26e148f162e61b60e9497053b3b0df1f548d01f8622a9260541cd33ffc0fea7890edabde614ce530abb83fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4d02210b588b9e4befb8af366b9a9124

SHA1
dc0c8243dbb6fc2c07a545ef8684485595d94b0a

SHA256
8dbe24773e2b43cece108fd4bb4590f778a426b7ea21464408046e0a2b3f44ed

SHA512
57de1e29815b4c476f35dccb3c6458a6442e17351c31f2698079766e481300f60ca782199b6499856480b82d1ae7c812c9c9eedad0cfde5b46587b8d486cbefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1198988ee100019a13841a5d7938c89

SHA1
b1b61b4441327a9eb66941c7982e4da9b32759ca

SHA256
0b21125419fe9d50752f62222f580ee9cea3c62c280ab01cff2944d8c584c16f

SHA512
00899b09f733cdf2d556f1dcc6714e575b59eb2e2c1aa07707c2216080116152e890ded9dcbc9ea4f1fdee3a4f252c53f7574a00ccb62d9e6c26ff76aa60bbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d238e991912e6288f27325ebdbf60970

SHA1
e0b8d8a382114e867a8a47acdcc1f358f1444952

SHA256
4f33ec3bcf68c986c06eca6453f661e0adfd074c6903bb1ecb65863871a5c741

SHA512
d2d86075bc49a8cefa800a1c3449bdca0ad5ba45ace976e951157dd598e636d14403f02eba7b8d2e989a1a1cc35c768de33134868b03ab6dc53a47e85820e8b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
774c94bef43e432a265fc985af34c381

SHA1
6008f17b8614bb11045c6ccfc06bb12ce43d3d37

SHA256
a7360269bcbf9e2da6132612cdc3f21382257d60b8d026476434952d97fe6ed8

SHA512
54049710cdaceb107eaffccf19642a269b9eeb6148c947f0789c89d8c493b591c0937fcb3a1f48f0f2d66dd766d151f2b7a477b97e82595ed5fb38759f502d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0aa45315b40a25271d8ec6cf8fcf4d81

SHA1
429bb79182e17103c84b363972d46ee13f761b04

SHA256
929ee0d76a411274e4ca87ddd3825325a476d15a0a114936a3ad2373dd57c19f

SHA512
c13e7338563ceaa5bb0c180c4106d5ab99feb61222443aeb758a2ab4dde09530c269af8818254337fc3d4ebc7106d99ea8211f4d1a3e8dc9805fd866d7b56481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4e306d8643c573a05691bec1074d6d2b

SHA1
0a38d43d1fbfc49d42dc42d6061823306aeb04a7

SHA256
3663d893b33276bb60a6475c041083c74d617c00fd1429adc8c3fd6f061ef685

SHA512
1df766e0b0329e370e560fd0d8b4e6fa503dbb4cd6d71493967d1785f62472f804f5665922a78bfca6bc5fd2a7dd8869448133c46549f8a74d2e6df612b59f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aed546ae7c5a311bd4cc5bf5dd9375f8

SHA1
12c64117d6b4b7dca7d009da584112161db81553

SHA256
999da01b19bc34b546ceb2be9d24fb564946a15f539d992f4fcfbc36e9964ea6

SHA512
801641a6c42847e8c5e4e6d0a86be13be2a89fb8ead3fd9490bf52a81827889af257976404acfa8797c74cc5b9d36884e5376a4d5d76e1814073e6649e3ee38e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e8371d5d70bfac57d849ab9949614ef3

SHA1
3e27092a4ff9d7132e4c08cd7edd598bec766ef5

SHA256
fad15762a65f68ea87806d272e9071203c845131d6396814b30bc6eeb87e9090

SHA512
da6b9d079fe70a236d007278df1f9b7d88a69615c42e7cc7efbfe8e574544f05a4d3151ac3535bb95b4c49b79705c82e0d8415fa2e482080a715b8ecc35dff4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc4f331c41bc4360af603316aa155436

SHA1
fad511fa8d565d7f38b67555ec38f0399d4dd332

SHA256
f2fd2d670e882ca7112d13655d77c4df483c430a18d003eebda08826f63a8a1a

SHA512
fc709c9415885583cd8e009ff38181da4b3060cdff974868b1fac96972c80406efd653acb81526bec25e8f2384b6276020d1443dc8a23f12560a134a99330408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\086c65e8-1a6b-4828-adeb-bd3e27836462\index-dir\the-real-index

Filesize
2KB

MD5
26eeb44f3468912cda756da0891b089f

SHA1
a485bd52be0937bf588e00d35ce72ac1b2d45060

SHA256
22415af529ce52d08f82a50ed894bc40093cd898333d6159a4f644e847f03733

SHA512
5fa037c5f05d182dbc52476836e3c2125304d15bc18441205e0bec8bd750c97fe0d0775684990d7bff009f2cdca62a19b50b1908a7ecab893314015349b37381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\086c65e8-1a6b-4828-adeb-bd3e27836462\index-dir\the-real-index~RFe5867ae.TMP

Filesize
48B

MD5
99b6ac8df0330db8c400996b6897570b

SHA1
db56cc8201e486b07f74cac014ce279d18053889

SHA256
1c8b6bb1c23e915486987a2777ce3de679a4e3964d5c136ce45a19a227a10ed7

SHA512
46fdcc5dba33c409168fb8f5b3b0327cc38411038882817301eba7a4a70bc2d44e2aa620598620eac82bc51cf84ec5e07098cc7b92794f5db8b1e3c85e9e3553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
180cbb5c7ce82ff453975556dbe39183

SHA1
a566f3e7063e11a06a4a99353a76bca73e6f7916

SHA256
3a5d413ba71a16def2e68f687d52b9f9c1135ace4c210600cfaaed89dbde2733

SHA512
f01474cd67a32c9ffff8796b1b6af2ffe427abfba9cdc5e66f08eba3bccd8cbb8cde9fb80226bbac360bb84c0c3bc6f93e5a198a65a10ec028539c39e23c4085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
0c65e7846406cf03f2e19fcf1912215a

SHA1
07214db98894f391d39260add482c6292384f1c9

SHA256
3f3bf5da5f7b216b9597ee6b8ce1ef1fae16efa00a17458e94c62d20555723af

SHA512
1278b798ad71e50ec16212bb7418411cb8f576c3852fff5ecfc6f7153038decf1fd442d4167d0dff1a162e6b0ed8d2cda288fc52795d25706772f8cd4a816151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
ad4b5f553b98cbb6ebc7942988b53667

SHA1
c05476bc942e99d1dfe139956752f37def0a93ea

SHA256
a74de1044c0970c8bda64684c5ecb7041316bb9dc7388bc72f8a2a7ce8ab87a1

SHA512
98eb3a7a402b12bbac0ee8c7627bd982b0f6b27e85ad2aad972ecd9a889054e4e81b22f42ee82cb87aeb0c3e47290255ba3489f7ef7a10483d6345c40d370e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5855fb.TMP

Filesize
89B

MD5
db55eb1d21b71d53c416a1cd014f4ae9

SHA1
769d795519284bb58919b6410299b16e4731fbf0

SHA256
614b4293e2d258e351c413d639aae11c7cbe45ff46312b3e8dd088b4397198a1

SHA512
fa61886bc159c694dedbdf1d7ae337ebc9be1f7c74da4be36e0f559ba118e0d318bba4d2a6af5c428317e5bb45338a440b05b86d8daf177d3686be65127c9ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
947B

MD5
10cca9032ac27dc6ea679d9cbf1c2e12

SHA1
952dcf92ba0c6c2988198090cf71d74907c8d951

SHA256
68ac6363db5c40160c8e6d9d261aff25db42d9571dbe24d1b6c2d7f95e8bb12c

SHA512
b192c9cfa65275aaffaf826da99263a28ddb0bc3e1abbc568e9957f749245e209bca265168d727fa1a4331da1763cd78566d4118b758c4fc995a914a369c02d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
c7626cc2102c27a6dad0d2fd47b067a7

SHA1
212aaaf19814f232212dfc0336f5d5176e46fbff

SHA256
022cfdfe93ed4c577b1a9874df3bc75f14e79fe5b92c9fae1bcd43f788372324

SHA512
b6e8515039328a50c5f774242c2c562958bb085ba784feeccafe05ac8918fc42541bc4734b162f2f94f63a084910d5c65b9c6851065f586daf3f821fb1d1690d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
550e1589641097859676212025eb63ce

SHA1
c22cf7b9dfbc4c0676dca1f8a52caaae49dcdd83

SHA256
8aa4ad6a71f3fe353ca338aef02d8e8344decffd543f5de0395bebafa68b5521

SHA512
be6d82559cfd9a5b79c174e32408c2346afd5fb3afdfdc156c998b5b828c5b5946c86b1e48e744b06412c0b13fed31e8c6e5d20f1e748f1df80ae2ef9953c19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58aae1.TMP

Filesize
48B

MD5
150546d5f505b3bac6464d9f9101fa53

SHA1
94d45538588ec7fa5f328c2534896b84f6c324ff

SHA256
3f23beb9cadd1ce46ade318e088950d08a21d6a70f7cfa419763efac6d569e17

SHA512
67a531f2706ffc2b54919b0b1f14d811a008c629653898dbe5beee0c914903c50a09b352be409056646750767dd0095e3d5f125aab36b9bd4690085761bdf51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
8d7c2529e5d963b3766f70abbef5cb99

SHA1
df95ec2215c41934fa8f9469d5c389c04cf1aab5

SHA256
d5ed009a41de0b8ee114952a5079fff527cf67ef0c2f105c225e9713a0a588bb

SHA512
a8ccfb90982e9d2fcedfc6bb59ae024ea918a17b0a93f1ddd9dbf6b258e2124e7e7d94a25c65ff344d9af688e5148832ca8fb0a883e210f3b0a827c69d129696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
c6b240d59fca876b02b17256f05b1c90

SHA1
f25541ae9bdeb8af4c33f7c0fdbc1b85b988a797

SHA256
4ea13158f64f2bc69d92573a0278dfa7636eed1c5cfcb32ee169522ca601db23

SHA512
9f6cd9e2de82ec92c9244e8ed271749a5eb879956933f694b2cf5a258dcea966b0369cde101b4115e0553b76fa3c3718623c544f666eab2027bd019db06788ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13365019459631380

Filesize
15KB

MD5
c05396d5aa44aeda578c0e8c284bc2df

SHA1
5f396d09e0accc59e2861b96a7afd3b2a2c3747d

SHA256
7fe07246617711b90db6abd29000d1b86cf3c05e4946da6e03316f79457af3b0

SHA512
ba873378bc72b15e4a4986cd50672507af42853c0d490510fb4c7b9fba0c0f183ef72137d192d917e25f00c04898bbc1d8ca54851ac1c8f733d7bdab9583ee72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
5c16f2b6cb745220c9875beb2390b76d

SHA1
ad8dd21eeb3a8772ba1b8011ed7bbb32d0e6c3f4

SHA256
ea4d10862ca2e66217b5ff98d758cab223a64f2977c967bf9904579693158270

SHA512
facab4357a1938bcf063945a1d10dd5146e0bcdb7848ce8f6a37df4871fac42dc1d319097be389cf2affbb4efd5c992c25aa6a91c404f82f838df0bfe91c6577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
05f32a086aafccf8fa701adecc293a3b

SHA1
fc9d863ca267f1f1f6be0211f6581e264e1883b2

SHA256
4b91058a2b3e22e8ab3d418f7d63f4cb6c9245d4eedbafca092f90f96da23182

SHA512
8341b60bec0642ee0d0fb6289c54a90cc91fed0f9a3d7c9921ef2218175a127b57975157c44b78622687aaa784f895ffb25bf20608d1a9f157c31e11640d6736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
20375fa805bada92051a4d2e43bdb27b

SHA1
a7618ef32b39bed8eb285a30830ff97ba91f14f3

SHA256
492f58d8a36c8bbe46d0c92c9656b09dd471506e0f62351511c91b60e4a0b35c

SHA512
9b4ba5279fe4dc4bd48d39797f57376f918858f8128b794be2e7a03bccb85bc3c203e0a6c73e8832782f389ceda809d64d0a7d1219fea65a3892f53d4d98f1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
011e8180693219d51dbf59da6faea4d1

SHA1
6a8ea2427a278cdc4f60b81392d427d08cfdc3e3

SHA256
8a0014a7e36bce75edad081c9a54d1cc2897333020d22a4277ef6ba6e4df03b7

SHA512
a83c6b21dd471b7032b2b740bc0d834ec9ec3d1ccdf5723e5fcc52d38dbca12e7cd061ec5da7d445fe5efc3e9216ddd4ff64f197ea2f922563268798ccfcb022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b2076603c014cf02d11b5d1b2888301

SHA1
7eda5183f0bf4006150d04b1af248e2e3d023cb7

SHA256
a5aea910f77faba419fc7e5c6e89c81e2513d94edc79d38f0024960b61da4c98

SHA512
9970a1c093538d649fec727d7efe2391e8c625553911d1025d7ae50055006b7ce45649ec0cc6dc91afb3c6cb24475edb26b54af912a183abbc2ad73a3db8709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587402.TMP

Filesize
536B

MD5
32e6443537ef588fea532147bae0b335

SHA1
d8613d56606dfb67aed32ace36660a1fdf71b484

SHA256
0cd47fc66201967a3dcee94976ad9f7563f26436a6cddbc3b8e4f982699d2ee2

SHA512
f9423b3e59ed9a4f61e7466cf6b2df3c97a197510c2155e4730e2374066e5aefe098cdf4018f31384c40ccd586e1106a41af81cb5e76918e35e95c923b70fe55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b71556faa5a6e8e7ba0b0bbd485eed04

SHA1
65dd8be9efc88ec8fdc596a653788afd7cf54a0e

SHA256
c8cbc491d5b57697f83e7eb8b4db8fbf4316634194995bdf8d1592f7d7cebd88

SHA512
92e3681b313adaa9e2c7d7e0e1bdca39f68201d419d06b5499ca01c994949075cf1caede9361e38ab453702dd6a1e6a3552695a52bbd21be5fe87f5e1fac8e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
2907fb176d7ed329537c656db87d93d2

SHA1
780f1cc03d2facfd9950c43a05504347f5f128c4

SHA256
9ac8de753dfe275a7dbf392829bf9ba2b020c7d1f42a4ce6bf756ce3df8f29e6

SHA512
425b2bc24618e9425205f6dd3df0bb4104278d89407159fb3cc04c388ecfbaabc815a6c2faac6a4618ba7d3a41300e96740d9f035758f92390c02fe104e31201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
80KB

MD5
995d680e2f7cac75173ab601779e4b14

SHA1
28e74a956964f0d52338d209f4f22b47f5777410

SHA256
4324eed92a2a1073a36d5f2abbcd520ab1f9802945d93fb79b52db890e601497

SHA512
944f437dd47a80b7ca513cd6a956444150677469a8029062c0236b52a36270180e160dad316cf68011fd5d62f6f954178c08da6611dfa4a3e6c6967543af6a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
77ee44a876861078fddf9f21b6bd41eb

SHA1
4dd4db5009c7c48472f40f1e23b68a79947cd89e

SHA256
1c459780eea02cd2f700119d740dbc34ac14927ae354adbd1f7d506098f194ff

SHA512
e4d98883bd45ae80dd55b20f5d4847ab09302ab540fad6eb917aa0ef21466effa3eeb9c0b496b37163102acc092eaf9b9156327b2f082f294c54beeb7dc80eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
17628991b269d5b716b5a9348ebda3c0

SHA1
e08c9155f9365b0dbb99099ba857c69d56a10548

SHA256
4ae985c456a4fe962fb0f03e39da88c2bb0a6595afde9c02df75df1852bd8a5f

SHA512
c97f83db2c7705b4c6e437df786681b4f91816ab0363e81192ae99ed0904af329ebf09c75f4bd0d451eb9ee385a3f20fe6034b98c0660cb62b200e7ed8c8c0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b77ec71c14c0075ddba1abb0f067183f

SHA1
289344e88364b158f1db9d6ccfca373667e159cb

SHA256
1d2551fdd90a2011ecf6824c9fe660b792df1a61977c2f1cc4cf3014777faeeb

SHA512
d134c326d12b937189cff76c74fb71163b5d4e25fb7b4890778724846c5283748bcfc97bda8919b5399f35e2c74b1b1f013dbd3919c22a191a82db56b6875ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
08136bf48ce2dcd0254d65d7615708b4

SHA1
cc63658536dc43e29f004bf25ce2908d0fc58d45

SHA256
f4fd48be9a134284c80fce39305923a825c13c06acf21af433c0f17fdcb41c37

SHA512
13bcb4e09de063eafe5d7af31803a71d9cdaa078b9dd1837d55cc34b0b320afd9f323c9eb6c81f0e2d9339a2f8efb83d611c8ca128b02f35a3c51c0a9c9bd9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
7e4166f326a52f29556567770eae0961

SHA1
81f6d6dbb705d751136cf4cb04f6e7ac1a999542

SHA256
d23e9c84b3296b977b0a08f8ecaae32d5a62ddca629e5a682b67967124d57e0e

SHA512
6bf51d00cb385991372c359b79ffcd06172aabfda2573fb4c046cc6e353988392fc97e7b0bf9e99f9db8152050c897e661888a7aad1e7f44b80c01df317dd845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b270c81272ed87aa8df9814c88703a76

SHA1
2d80d1a53a8339602f65ad72932775974b57fac9

SHA256
db0c82cf306f2bd486d5fd2182a9f1298a2f2c635fa00c0e6f5b68bd4ebab712

SHA512
c7275dcbb6b6a0a86111b005af41188c1dde772c9e479d4388c9ed54ef91dfb4415fb615bc391b06dbcf1cdef92fc91da6e55176d849b4b9bfac2d3e8b72bda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
9216648830abfd4952f772f1fe114174

SHA1
8494007862fad17cf4046452623e6bcb45cdad89

SHA256
70ce6b6c871b49dcb2a368f8f016f842734e450be11d52146d02b4955cf4527e

SHA512
f06dbe84870b036b82fc58b4194df1f5fc0ebc2e739718863450e13d79637487506384cf756c5001cddaa346907f7c1f42798396a2917851c6fd81e7ffe8b275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
18KB

MD5
8951c3500755262a4ec181c5b25c86b8

SHA1
48e1e5d6cc17bad46f2fa770d620c5074f82c6f0

SHA256
93b9a2345f96229ffdefec524ead46a8dc5442cea95c996806cd25845919ab47

SHA512
6e8d6235eeb73039fa3bd59da89efb41c33e651fb8a2ae6d49857b810267ff46acd54c2f7f150cb1f9b47c2ea1e904e3db94fdaae15e44b3806c4fe496363902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
21KB

MD5
f368ad6f7fb38c5f6b872d9f0426464d

SHA1
52e3b460e4029837293b9a542d4bc24121efa673

SHA256
a52b5ae6a5a8c4e00aee9a5a927787cd75c79324edd5999587e950c2cc0cdb45

SHA512
26d2f48d704b26862123d5b11c5be05b23789b871a6c58d37844781fb58386736b50b27d55a34f3cadaa1820ea682dfe5c95910c3c9338022da4c2322ce23c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78d0f5e8d9b2247f08a8e3c4ab29c56c

SHA1
8a3485393718e277412edda67ac54f43ccc6ef76

SHA256
6f3ebee31db44b954c2ff610378bdc2932fd52ac12e7011e1b0f6f44853070ed

SHA512
4a09571fd6847b328e95602dbbf6fe7aa67120a4e85f889bd42d0694a12dae9b14ab8be1767e99de3a16d2e330fe4e15eb60b1d4ecf5e3061f66bb31ff3f62a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ee6cba466bc81e3462193732fa147ec

SHA1
14ec54e11e581b08c44b7672611f2f280fb66dc3

SHA256
a99f8f0689c6db9249f55444b7691ad4190b33efde1c77a069260dae3b353b0f

SHA512
dd7cdaf33902a04fa2953ed24221a1ad39e1cb84c27b82799d1fcc2ae73cf2afaa233330146f2be0f8b947ea317ff11d17a2a6a0e4f8f87a27f3146ea9ca8438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d1500b9357e93397edf626edff85cba0

SHA1
59e2b0135060881ba84245f5e04be88dd2ba9116

SHA256
341c980973160c72f0220cb5b60cc8eef332738d3e3d92f1040d31813a243472

SHA512
8dd3080738456e834b7aee365d522500df1c1a033b42ff71cb94ec4be86ec67cf6f25593b542e9e8c3c02eb11776ea95e7d93d71771e544c46e8d28f4a52e362

Download Submit