daae07490831bceddafde61b3a1829043648e5ca24778b4a69ffab9829fd97de

Resubmissions

11/08/2024, 21:28

240811-1btcnaygrj 3

11/08/2024, 13:53

11/08/2024, 13:52

20/07/2024, 19:16

20/07/2024, 19:14

20/07/2024, 19:11

20/07/2024, 19:09

20/07/2024, 19:08

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c12.html
Size

7KB
MD5

ed05d5b3d7de3d798bf68dfa44fa4aca
SHA1

8b93622287614b48dff54351aa6f956a6c670b73
SHA256

daae07490831bceddafde61b3a1829043648e5ca24778b4a69ffab9829fd97de
SHA512

d256bb6ac71c7d82f31c6d1e5c13536ec9c81ddb3c5060c017240be3ddf2a3f9a966924add381fcb2af26561dd04c7b593548b6fb271ad52c0c477a0086361d6
SSDEEP

192:xosfzn2lcWYAA6Si6SP6g+6k12045Tw8R2:xosfSlYY8b2k12j5Tw8R2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1176886754-713327781-2233697964-1000\{176EF1E9-A6E6-4CB1-ABCB-0DDA7820DDA3}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1176886754-713327781-2233697964-1000\{8CE9F3C6-F3E3-4547-AF11-22D446BC93BC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
1524	msedge.exe
1524	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe
5860	msedge.exe
5860	msedge.exe
5956	chrome.exe
5956	chrome.exe
2036	msedge.exe
2036	msedge.exe
1504	msedge.exe
1504	msedge.exe
1872	identity_helper.exe
1872	identity_helper.exe
3884	msedge.exe
3884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: 33	4628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4628	AUDIODG.EXE
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: 33	5852	msedge.exe
Token: SeIncBasePriorityPrivilege	5852	msedge.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 1856	1524	msedge.exe	85
PID 1524 wrote to memory of 1856	1524	msedge.exe	85
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 1980	1524	msedge.exe	86
PID 1524 wrote to memory of 4932	1524	msedge.exe	87
PID 1524 wrote to memory of 4932	1524	msedge.exe	87
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88
PID 1524 wrote to memory of 3764	1524	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c12.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac95846f8,0x7ffac9584708,0x7ffac9584718
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4136858865660585242,7167107899963021501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffac905cc40,0x7ffac905cc4c,0x7ffac905cc58
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,17084120796469896522,13056757045051916972,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,17084120796469896522,13056757045051916972,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,17084120796469896522,13056757045051916972,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,17084120796469896522,13056757045051916972,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,17084120796469896522,13056757045051916972,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,17084120796469896522,13056757045051916972,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4732,i,17084120796469896522,13056757045051916972,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2356

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac95846f8,0x7ffac9584708,0x7ffac9584718
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7151095171442439058,6960104656103907945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
48f541eb7c988b0a9f5bc1848a4b9a12

SHA1
a56e6ed7c9ef497c952cae259b3484c412a00066

SHA256
936b06b39153b56e943d801a6bfedf23461c82ead5d56625e4cd4924c9021f0f

SHA512
4321853fd7b4f46cf819bdf0a4f744eacc6d372cf41034896b470611b0a9339469fe0adb9af0893f384e36b496d1afa98c1af36056a22fc8b417482bf8774dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4a1b32e3ca648ccfad1df455c484be6e

SHA1
94077a569bd905c56a2412832ec3bd694ef23043

SHA256
e8b02d6673e4afc04e34c4ba25f058a2f8abe287c6997784302dc0f52aa618aa

SHA512
0c36ecfbb7bbceeedd4a2f655a391a8a7fb4f6efa5d607c75a6a1a67185f71281c41590d91948c3a3cf7bea8fcb4698603bee4e70a5c0059f365ef786e822c7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6f415c01a50d6ea8cbc436cb3da09791

SHA1
25ee3b09908f667eb96ff54d0acf6447a252e6a9

SHA256
ecee894a2e99ef99777d7eff4df15f9e0343dc344b1b266bee1828217747bd89

SHA512
ed7e332f3c9fa07e57e10cbc40f74769197ecc5497d088eb5922a64c6ec3b48498b8844c8c76750aee604621bea0c1da5d98abeeebe2a621b464dfd3640daec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
87cc9b24f9d28bc344b89b210b511a28

SHA1
8fd1074f46b8fd8857e4f96e8a51ce688687feb5

SHA256
e344ebd42de7d67a525cd8b5f40dd457174900b345bd702013ca22b84a78c06f

SHA512
93e76d3c15572b340b17434b694c81ebcd736afedd117cb509948b5da0860a75a2fd79351ad1baa1e64fbdbc6e1e2bfacde1c8b55126c5e007fbc158450cfd47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
965fed4c5ae72c97c80cba62e635766b

SHA1
e32c2be475a3b1692e1619981066aac8a2170461

SHA256
a0a795053cfcd3a857ba87591dbd46b9a2871a6f40cd99d2a488314270dc6cd5

SHA512
694a3dae00c74c05d63135fc0b4e9d78394bcaaa1da8c67ee7a1aef0996137032330fed77cdc80b37aea2d998d267a107adbeb9d151dbbd0726c1c63eff9be2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8eb6ad202121eb14d4153d46d318d7ee

SHA1
c102fe88974464184423497f0375d95ea3c21a7c

SHA256
223122423bcb14b5ef7f72225e0a151fcecccd207294da3708e3a592e9bfd6cf

SHA512
3a38a9d805586804065406830a663c0ac95abfffea3973788dcdcb0aa8fa16caecbd5c5356d9784c2158d416854e6f568196cf08edfbe56c3c77b83c2184b219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b07d44f3a2ea17ab7459fa0d948bed6a

SHA1
1badd362f46b4610d1a139069c82c5e2c02ef5f2

SHA256
5ad5ee2554c011661955c206046077d1fee406732141d2d9d0c14e72930a26a0

SHA512
af204a871a0f0109cb932452b557ac2b45431ed8feeb5f14aaeeb1d4607fb11e7998183d1c47b25263daccf4f9499e60cf5444fbd22fe46d191fc9ebbd658336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e8128b0-a013-4ef8-9f50-bf815b294ce9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f5c0fe98676a592f469ff2ed3f9cda08

SHA1
8b8e918fdd8530b1f8b0c70c4bc570fd3b5ba40b

SHA256
cabcbc314da25c95945cf3d6dc025d042bbd06bbcc9e742d1bd19eae2bfd872e

SHA512
8d13c50c0fcdf184c677a6feddb681940dbd13eeb1d30999f55de30a96c6104f9b6a4bd41114765ca8f9610f58f10ad4b0317ce7345335f5a875059b52879de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
8e81e8e23481f900f5f067c2bed4a736

SHA1
853dbd7615827beceeeb273f396b6a86aed54090

SHA256
b7ee2f2682f5a0ba39da0835c019dd573b6cd61ef9d106ccbef44e1aa15c0b14

SHA512
3abe53d41d50c845c9fcded30ba91363a56dca8f71d26378cbf32ad258f19a16290ac32454c2c1703dccfdc4d05adbb91583007bb2e2bdb32a510fa15a7655f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
78b45f66500680832e342e6fb8f0c7a0

SHA1
457528aace12ab0b6487a490d7b8a6adb13dc8f0

SHA256
5cb9b5d3fb0be382aa00936369c7589c938a438c3942c9883072dee465458c00

SHA512
6c1aad5408b7c02a828596f5030fdd310b78b79dffdf3b3dd997aa26802b55026bc18d7fff44a0e3fadef8087b43964262a9894fd4fc06de1b229bbc6d3b2b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
27KB

MD5
6da5998f8e90d28378c84a2f8b1acf9c

SHA1
1eb55404a9d4089239d61f07b64d83d16d578bca

SHA256
10714240fab1bf95a09c0a6461bd3621783b763b6847bfa8255622d7d13a4fd8

SHA512
8a96b06b85ef59794870598ce40cd67fd1d608ddb08ea71fbe47e499dc449461ba0a0125188f16efe33a4e22cb8fac403685ab18748a119379aaaf2327976310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
65KB

MD5
4076f3cc8c3a26cde3cde1e3e5a98a73

SHA1
4e9b6a5e1aedd34f39a45bd63db554468f503614

SHA256
1c447bb53729a9184e6eb2264dea94700faef08021ac111d712237c270f66378

SHA512
e4597326111e48d77784388076a5a780df25564ac2d6423b81627230bf80d335eef962149c895671f48456e0668abba300b1593a2b4d07417c497dae6c6678ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
80KB

MD5
c974e2e0335ed6768d53661293697e75

SHA1
1b07f37fbc75c95178a79a28239ec9a367f51ddf

SHA256
b778ab15d920370bd64f6281dec17f3f31178e5177ad9da988286917b4facde6

SHA512
c89213270d10a04ae7aa14a33b334a4d0aa88ca0f54cd7140925cabec8b3567a2e9f5480505e87d44b37d86cca70ede023bb7d8fafe2338c74e91504229ea886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
99KB

MD5
f6c8bfdbaf8e9bd1f23bdb6b6981fa43

SHA1
54df76f29106a34c3a8c56c84bb9f83e443f7f9a

SHA256
74936aad2ff8e85d66dcd9b4c7c695e4cdecd3fbf5cb6af6bbb1d550ec706b40

SHA512
d406ffbfcf5884cab981648e891cfa9b2ee6e2f44f3d72772e0fd5d3475710a3d07a7caac300e24abe7c5b61205d5c7f6d771011a1892bdc25d974d78a5b4602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
19KB

MD5
1506e7bb67a9eb9468ea3a2751cd0cae

SHA1
17588bbaff12c9d1570a96bdf2d0ecf169907a4c

SHA256
127d50820fb5f2d62dec44178f827c44e7ab3166e1ce999e0d85fc0f48b58aa3

SHA512
1bd113eba8d326989f3b649cb1f0c6a0c8fb2888a55a252b9029727399bb1e6a638db70472255b985e3e01d122ba8d50f5ffe4e27683ce53887468e9f3c74b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
00a65af9fcf75ba2925425f1d66a69e2

SHA1
43fd3cc3aa81df58365f38dbfda2e6eca6866085

SHA256
a1db19c5524297d47ee9b19367482f659cc3b1702348ea804a81e40d162061d9

SHA512
39e41a071eee128cca0525ce6495f5f2078276c9017b1303a6c0abe29899c20aac4d86e2a6282e6dd295a5e2125233800d4ac44f4ca5d5fc2d82c7f70236a943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4a06f1bf95eef5645e2b83b5d4ad0405

SHA1
8395447f45b781d45209b3362abb3dd5b5aab76a

SHA256
fad20b7622b96df1fb152992d63c42113ab578c4ffc453d602bd3012e87db832

SHA512
4a99d607b75039515abbcda835d190e6b108841aaaf6bc19c04254f545b82baac5677eaed61cd6ba1416f7586b597fd07310777ae1e8f1e23a19f4dcca0c902e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0a4cbecc939de41eb8bd9b94073d27b5

SHA1
c11cddb0d276b1a3acc1b63b5455f36e07c2bf2f

SHA256
40d8ffa717fbc971e6055735f7fc26f4ca85608f530b7845e61f61e634304a8e

SHA512
29b3a5c147d32c0620a73a9d33a6ac355de73c51700ea23e8aa6ad00a2d963e99b22645d39cda930e7e89fe864bdcb92d8b52499a28ad7469e8b96dcbba0e263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
491b6da8f8a77739280e27bd40c185cc

SHA1
2f4a7bc12dd89ef82e827d904bb2b83dbadb2f5c

SHA256
d852dacec8760afba2d62fcb54cfa99b6905f7297d7a455463321c7f83d06e88

SHA512
888738cf49b4e518a4146a14adcf63b411796842b32030d6c6051db0a584a58dcee4f824eccf317cde611e61398aca970cb151815919e41f1c93ced78bda4f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
2d9fad649f5fa9300c63f5ccd4e5c5f5

SHA1
e5d778d2e4c87b420d16380009ab31b36659bc8c

SHA256
fdf88320814472e6bde89021dce652e1d1e8b292aded23fcce60a94d81bb5565

SHA512
582cf24e1c35a97acdf0fd913886583111958fda5ef183f29df19a3964b75309c346c97221c646128d286c17225953c6dbd9b4ce3ca7e762e9bcdb9b68f21110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
d6f4c8e4329ecdc878b08d7eb3ad52c9

SHA1
f96ead3801be9d8445e959f9d972352ba1c2f460

SHA256
8cd8cf68e572d1badb327a5d60e040fd3283d207a9b2f535488f1854b690b7a7

SHA512
c248070a116d6252869bd654b5c557e4ab50eb07483811356d1779ab0199ff7f2dfbcfe60bb17451c1d1490c959d2a5d9d52866e7c0eae80f8584c8fc4778f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
4299c3863f781623dbca56ad9987173b

SHA1
af25849ee055f0b974905c205d2a243d09b8eb08

SHA256
029c08761f06de4b818db73a835253ca89ee2c721c39c2a1864b81ba6a20af5f

SHA512
7bfb2347c02f6e67047796f9a58680409a451ab4e247b53f44f49577e2c0725ffe5e32178f4601409552e742893daaad021ab4d3341f3ed89f927fff911d0d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c295eef3cbdb646f17fe5711e7c6aaad

SHA1
0b6626ea40cd0f24adc887e28da449b40a0f0cc4

SHA256
bc5fe773397740325d6654fecdb2f7013fa6a43c3f7bb8bd50954124ee0029e8

SHA512
6e2e5e451d9772247cddc6517962f1ab96aac5686254da6e502eaca8f175ade17b7a0da4a502deb5a7c80e3be00d6fb67be89a2ee349fc9c253adcb32b510dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
a9e80dd8080b61493450c8e52701a898

SHA1
43f7dd8952d47901c653e1759946be7f398d5424

SHA256
2188336806dd94fba4cfb1cb2ac58d60a315404dc25888ee3a6a0b1847494a3f

SHA512
c372ca5cbd7929e574b54995fa7ef6589f7e96ccee442d89b9913f4546d441e811b2fa226385e216fd718653b8da2a32258b7750a7bfd583f44729838c8e2ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
dad526705df70a58dcdccc5cdd24719a

SHA1
8340df2b73084fbc80f038053c1d41c9f15613fc

SHA256
eee79919735be6eed9802337a2e848c7a4374c43e2c2024a75569c7fbc0d1808

SHA512
b6530665be9eb08b03be3d9f0dda4bde4ef05e4425e38710c9ac2647cc368d5d2320f65b112d89f26502231d9056d4289a454cb68fec017074df3969324ee166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
252B

MD5
7bb98d41d2c86f182a2e85faca35c4f9

SHA1
e9e3075eae9d44fc51c40a5b7088dec9b015c9aa

SHA256
2fda1f7b98e03d48a5ad1cafadf612d207c6288bc668668626170c98fb4ab31b

SHA512
88b8cb7d3c3b4d7e6bfb62a2df57a39a70a72f4c9d555f5022328ebf694b1d0ba1160258b278a87112f4568a8b193b80159dd3d899665429ef1ca5dab52e6846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
50c2ae43f342d4e82e98e4acde666dbc

SHA1
c2316e7a3a6f689d93a2b826661f5b1cd0a17f78

SHA256
cd8fe316ede37e8642246bf6e16f33cdbaaec7ee2e0b486375f0a604aa7fdcc7

SHA512
287ffa69b9d2f62685884de3fb881441d8c9ed8b49153adcb7e86e493ff6354d531068e2f1a78bd28f755cb72d013cf442db54645e25178490e3172459c1cc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
396B

MD5
cd816576200e83e1e3bd7aa7b7643eec

SHA1
dced999a1af17aa7483bcbd6a9081f87fbf24967

SHA256
a2b35cff6e2b119f386212990785f5d8c6fa298f9a41809ac2cbc6bd01cb9277

SHA512
e8ebc262456704b384ab709fd9ab38c77d57903179c575b39faeefcb4daa6d876d52b328e8d8a56af8fdd98a887a0e2399f2db32abad9cd2844afb64898e251b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
759B

MD5
87f771399a51ec977e820317a3734fc9

SHA1
2ed2f2baa3675398eabc4298c2d5fa0902833c09

SHA256
da2afdaab602036fff35bb215a5f59083d0046fd74d17398f3a0572cc54806f4

SHA512
b09cacf1c4be9e88fe061ee944280fabacf2af3842ae7960718ccc26cd8ae2e157b5c53244d0c9e5ed1b7b06f702387afa69125cdbebf022fc370d7ee98bac5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bfbca69d152650fe641980b6e82ce54e

SHA1
124d7e05e92cf5d633b2e12497d44dd93e3284ee

SHA256
0f55bd992387415dba79026c3b4765e0898e2a758fe00f030c3e033900d77e56

SHA512
094a3229d1eb2b59643369a019e6aee9963f3718a6c819ebcf910565605cfda1e82bbc9146f973dfd548d420f10abc9a5944c83b8a2f2529e9060790cbdb3465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a9f0796308a2051ee79180dfd1f1147e

SHA1
4db4554c39ef2f939e827aabe14d9a62e6de922e

SHA256
fff01cc517816bc4da33efaa374bb66697f2b2bfa64052b3153ec69fa7d144ac

SHA512
ed0417164f58980447b64328074833e527c222b209b698d39a0deceedb135bd804477df4f6ea38cc72581ed62979df8fc2e4c31cda7edc92e0bd9a710544ed90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e32bd77a429ed314b9780aaccde6feb8

SHA1
703214a794cbacd2f74f758d1a1e6e6f296c44db

SHA256
0c6c64c0dd9110de4eb177e0c09cd56ac5417b90b6178c42b2dc8d7b2dbef186

SHA512
3495c6119c25153b7c424242892c22161dad99c5eeb370214bbdd563a49bb5ea510eacc6e3944b4f545cb617ac225404eece1e9a32d3e8d99e62e0f4cb8e7fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b82dc878221512dd13f80632dd12dff5

SHA1
8bbfcd29577ecf1ec2022e594f715a0e5972e06c

SHA256
580f1b26ac7c5170ec8e0bc212a63094aa91e46ade5b2f91cb7c07e6e2aef2de

SHA512
ff06fcaf1c70a4fc15ee355b611601c298f1a39bb31d86fde5989297cc71e8bd231f1cc48e7b4d1b286f8910d50af7de60c5647b5fa9258d9d791fe39f551f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea3871cd6e4579a8e25b121083bea4a2

SHA1
f6201f76d1b0bda12770ae8a38b7961f0cda2a8a

SHA256
7224b6466252acb763618e4f5556fc6d23a5ee5406a6085ecc50724de053a8c1

SHA512
79e830fee37ae89c9399024d7fcc52a17e33bdd88adc73e582280b9f86affb4a993a18c5cc55f46b47e4f8d456690faa71cca19a2c9b2f40ec220513e8d9fffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1832afc40790511e0335dabb39c6bd7

SHA1
59c9e3f84ff0cb0ea47b1528db2a73a07be53fef

SHA256
4671d2a19b4cd6572032ab47dab8a05490485539b08df9722a5b4b35062be93f

SHA512
c05665b710f30250841e4abef173b8be4ff0e12f12d06e878624f640c2d284dd211ea50370a901d93cdbf9f594fba66f350056e8ea42e56c4d47b07e3870ce84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f9b0127cd4e3c02115ce1dbef08463d

SHA1
0c3d2e633482d05e9368507e7fbe2b7fec8fd963

SHA256
cf4b0cde3e753e89dfe2a0adb7f64084053ca78d71068794dcdced1379d34089

SHA512
9f6c770f652b74a23b208172cf0f1d751233223f81ecb6b849702966832ae0efc0962de36f86146332322aa6d7419b6532692caf71aa3d2731b3e043fcea67a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
adf3e74292bbbef1a908e14086ff2233

SHA1
a02b7650828c340694e5beb884f4245a9822dfe7

SHA256
14856e7576d410d071eb8714db8d109e0a2805d3548601edf3e51d89c5ef4765

SHA512
c73eaf3779abf38f75c362a8f9684a39f56416738896006ff8d5ad77e6615d8e3780f2233b77172a0076730628a6fd02ec430641b231e8687076f896b292b22e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59d69f.TMP

Filesize
48B

MD5
6a80d2ea6576fc7eed1caf9f4d06ee6d

SHA1
9ca5c7eee618ced72d26e932bcce539e1c07207a

SHA256
ca1671ee6344590a8cd70dc830fd38f1a1ceb491d765ad5773a7b8d1c8b880de

SHA512
9b1c39c7d2e12c2fd0fef35ae6112446a1b76dabca6465fd2b5eca339d7b1c1c6d0345d606b637a8b382b2eaaae9f50327ca27916e828d066cdb7d476a2bf39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
d030ba73d48dfa31cdd1b4bcd2579c62

SHA1
09809f701ef0048b4909fc40e601b7a5b5445129

SHA256
8be4a95c4d3c984a896d2f9bf2de73473a177a80bf486e1ef9f2bd81fcbb19f9

SHA512
61863f083cb0471d91b9d7da453fa001deab117a656b176d7bc4052b988752d0d16f2eabbe434dbf35f8df43466cd8741b2692dcca9d1e92c2a6bf2c96cc1402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
96f3710eab02022bdf65d59a8ab75461

SHA1
ecf65df98ef0ea3eefeb8827e9c38f723cc48b1c

SHA256
537ef96e0adda75399bb83f0a477c83aa0c0d6868da5156dd76edfc1483abfdd

SHA512
438e371605e2bc13d8b3e84a16d946c0db7779626c68e9bad73fec783f4bd2adc1d9f9f559a1fe625e9618ff2b8c7c2fd25f42c7dbde395a8f7b13cfd41e57ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13365976585251803

Filesize
14KB

MD5
90c2086ae9bc0f86103772c793ddc25c

SHA1
4aab1ff1f385feee3fd77aad96a6adc8f4d2507f

SHA256
57239cb24adb95974ea1de3a23f478f0303705ae447797e670ce75f51251c34d

SHA512
a49da717f5465ce942f3f8123acdd3f837dc39c7d5e8cea41212003a7460838de326b4a47962bafce670843934887232eec641c0ef8fe383aa9d83855e254e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
c44a060e861791a5e104a3834cadeda2

SHA1
2403968f90a9ec49e08e26116f26afb154142cea

SHA256
7729cabaee518138c1f681b33fc4f7508d7c5b8d769b488a8b7c2398cede840c

SHA512
cb66d609edc37ace5e79d108594c1a6ae21b3b332cc4a16bca0e2524e991bc96f78505508c409607ecd9203c2f26d1144a4cc49f3b2c54041cb1976e1c998f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c49ac8dbd5235cd2401b19056fd03d48

SHA1
b80ea883d7cfe6987d10aa22deb9c6ac6d9155da

SHA256
4df199155e05ad0c9630e701df113a397ce179f787dfcfb422b923f601058309

SHA512
b708a2b3a23d52fd0f9be83d20da4630565cfa0600f66327cb3f86b0a93d5548ff3857501bad7da89497558ad18dd175b47e4ecbc15501ff813fb43c3bb38933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7d2d9cc73359f1aa645b346666c6d8b2

SHA1
901f4434ef8e6254bb70aee162dda786b08a00eb

SHA256
3dbe3b2c950362d49b024bad27f0717dbbeb4d60447e1608989cf882cdab482c

SHA512
4be3b36d7f907a81b7acebf92668fc19edb6f705b80cd65ed82180d291813b3b8b5b94acd9cbf34cb643a6d3cb1decf78c95442ad7a06274643362379e49b892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
7745fdfba6ec41f16f5b22528645a93c

SHA1
a1132a41dd548e699c09d620b289ab890b9696da

SHA256
9a1673464a2192050e37166c8cb04da97903f49ce3747bb4fdfdf557bcb37040

SHA512
7c24020d49509dbcf0e822989f041d321c5b0cd7e0ae6538f21f1c5824ab37ce80aa541ecfaac8d7a96fd4f2f5a686ceeacedbf6bd71109e56f8c2574b8d6965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
838e758b377f32358c48efa25df4422d

SHA1
abdbb7bbfb7b943a54de5c71bd4d9e18a1f4fe46

SHA256
1d2948d3afcb51f2064a5ca092d876b7bbf04451dca97c76838275bb2eb72972

SHA512
1222f1c2a2e409fa902ef98922e340bfddd5afdbfe99cc7f53ea3ed5debd1afe3d990614eb9321a3dd2bac6cb3dbe10914b1f2691b40b3c6dba2d911237452db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b6b54eb53c8925df2ccaefe328ad578d

SHA1
7cd14e171625ff3318ed35bb1ae508726f1a36af

SHA256
df3f996eaaf4703b5f06f6b2b20736090c3ed08102937cdc087078e89d23d36e

SHA512
d6b28b5cf7d0e42ca0a4e414865a0a7e3d0015fae0b95a204a9ad3081196c75beec5cc81fac8010daf3855a15355c1a4d811ea5c5f3921b7574d9f93fbf35133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593c34.TMP

Filesize
536B

MD5
ea806fa932eadc1ba62776a5d230ab7d

SHA1
bd0b837d760e22fd9095c6feb952580fa96ce77b

SHA256
965aa08847393f412001863fbded0a37690d5419dfa70a7a77dedda0be2fec53

SHA512
dc319670612ff25cdfa6bc5178e78b9d7198a93d9ab24f9220b3fb61940038290e3b0fc530ca2837d54b94d60574b49161fbf63c28ac64d998917ba69aec988f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b617265802bf367bb50bf0b17efd7fed

SHA1
05fcc8cf55f39a73529ef4aee4e602a056545ce5

SHA256
2bef630b7a9b61d0c023cfb0aacb0f55c2d47ad1bc843dd6dd5a1f7e9b21bb68

SHA512
072270d2a35181b3a7db1cbe0cdfb33a11bf387b03a65c91ab0b699877c61c51ebf67f82a721a986c1c78d4505f7429716165200fb1157bbf26f404d1f069cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
c3ae36f0f917771ee3b959fda8e2468c

SHA1
e8ae656d40449a9e5519dbdd2678ddd441754a63

SHA256
3bbcab3dd9ac9aac103ef887f82a2ee14f9147e99e099efadc96c64ec5f49d2a

SHA512
0972d76fbd838f1e3be9a6978f5d7fce931771fb983c165203f844ad6641d67fdc7faf78ca51a93324537cdc53bcc1cdb84a614d354d31bcc93bdf24a2d7b970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c609daf6-e203-4859-9c1c-8146bc04364e.tmp

Filesize
6KB

MD5
b9071b917d4a22715b1dc4d14ff078e0

SHA1
038ec62b026d7f8fbeaf21e4f6b075247a03b0a0

SHA256
da33bcd406da967aaabc797cd353859f7d1ef8cf5be6f4e33fbd6bbdac0b9d25

SHA512
664ea8e2bc2edbbc28d3aeacaff76aa1806e44e5990b78cc78048f30564449f2f594337ec95af66bfd3c8394536bbd9abb97a7a18ff3f47f2876e92fb0c98bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
845dbb8cf18e4e0cdef53816365f0ef9

SHA1
a9d359822b00648ddbc5d9209c3e644f081fadb1

SHA256
7438c5781306f7ae3df8e17ea295df56640b480be87f35b1db4bdf4dc69345d5

SHA512
e4637e40648f71105dd3cc4d76336a5849c26e9482ffc9a19d116f265bed2b4d811e3a9b848208410aad8feb96c541b1c31a00a6677003ae1d35936142b06bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
dc47c806c9f11cffd566d5ddfd8d3547

SHA1
43369656aa092700be85f2b8b9bdff1c0f14c119

SHA256
942ffe73ffd61cd75220ff4b1a8c96b62ddaca64c11d6abf7e48a123348e796e

SHA512
28f32a20db1f8ed0bb9996238d714d20925561afe1ccee3a778981ffa4873b4846c11a9bd312a8859a4650d99ead686993c587e30beefa3fe5c1dea2c6339d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
19c86614fd9932ee191b55ccd8fc1844

SHA1
edde02d20402a64faff6d4766c2fd33586ad4d6f

SHA256
4b2f232bedb814b43d9f8ed901ef2be82d82764cf2c5e65186ff9e019bc5167c

SHA512
c46f10ed34bae15c6c487af0316671185d19c46d02b158d6c200621233d002247f5a6efb599ff21f7914c701a8b880ac07151a8cca7bd87646e27fdc6752ea2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b8c7648a94c6bb3823c9f0df3217e82b

SHA1
dcde5d894c5167b4a144028f6cfe15a9d6e0c4cb

SHA256
1f96a1519551775ee71d0b151f05c01585eb3677f3d2ded648a2099e236cf656

SHA512
ca5e9efe3fa03ab931a81a2c093bd2317ac87e8341d59bf740ae20f2a954374986d971bd5662e475492c20bce5fac9fc1499dcb3634d2faa761c5afb4ec6c868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f20e6e18f318ff415df8707ed7c3bfe7

SHA1
410940da3e2253a038511c3d5ed17618305d9f2a

SHA256
b07543ad759b073f289182695442987a9cf6f62191aef1098d4c3100976724ac

SHA512
1cd393f1240e8cad852cbc652079e3b8d4a1a2252d6f82f4d22c3026ddddfc86727433ef2aac461fba33ec443d90acd7f0f5b6ec76f35fcbc0abdf6b604c6d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a247fe53cdcafb90a99a63696e7340aa

SHA1
f3acec05f6bdbc1c40f207858e449530403269f4

SHA256
898beb75266623237b95408d7f882f88ef46d3e3750621e1f3a0263e59221d9f

SHA512
e8269fb7636b8020a276a06b4a635632372e389d39851a45123d89397bb21e101f5de92598a5e2fbceb8efa4f1f14883802386ac7e618ea0549deb775a663e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9159d08d8c317f8bc2974fc7f997cd4f

SHA1
0cbf84cd6ca6ee4308c1d9dcfc2ddfd2b475b533

SHA256
9d2085b92b30af7289f5ac7099727c69c49cd719928da1f48abd71fcec67571b

SHA512
b04ac9499cce84142102ff49f304228ed55f4f4dfd5591383b7549e2b664b6aed2c4cf77c5634d452528d00c53fbb86c76816f0a03c83213bfa951b571cdb301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b41d25392ad18f63759a54817e15019a

SHA1
938d4adf2f19dde60c9ffb3de16a51cff8f8eb9c

SHA256
31f62dafd681c5363763313a7bed5096dda26b29c678d9d9e315d530c444134d

SHA512
67a27418a3f4a50195b5d76ca2fdc561f41bbcd2e5045ef6126b8ac7b8ed90d55176edd368fdda6a8b5c56ccd4e1a4169d0903f362ee81f8890266439136dcb6

Download Submit