hxxps://v3rm[.]net/threads/cw-lunar[.]11903/

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://v3rm.net/threads/cw-lunar.11903/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686478856433036"	chrome.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2068	msedge.exe
2068	msedge.exe
2012	msedge.exe
2012	msedge.exe
2672	identity_helper.exe
2672	identity_helper.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
4024	msedge.exe
4024	msedge.exe
716	msedge.exe
716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
716	msedge.exe
716	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe
Token: SeShutdownPrivilege	5028	chrome.exe
Token: SeCreatePagefilePrivilege	5028	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
716	msedge.exe
716	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 4852	2068	msedge.exe	85
PID 2068 wrote to memory of 4852	2068	msedge.exe	85
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2560	2068	msedge.exe	87
PID 2068 wrote to memory of 2216	2068	msedge.exe	88
PID 2068 wrote to memory of 2216	2068	msedge.exe	88
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89
PID 2068 wrote to memory of 3948	2068	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://v3rm.net/threads/cw-lunar.11903/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b75546f8,0x7ff9b7554708,0x7ff9b7554718
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12929171561351679712,12625423932629316892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9a82bcc40,0x7ff9a82bcc4c,0x7ff9a82bcc58
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5168,i,16462517148667807917,4158684872964479069,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9b75546f8,0x7ff9b7554708,0x7ff9b7554718
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4067028252163624265,7743106980687619412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4067028252163624265,7743106980687619412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,4067028252163624265,7743106980687619412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4067028252163624265,7743106980687619412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4067028252163624265,7743106980687619412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2d12b0ae82c1736b9ef8d0342db01091

SHA1
59571dbe2449286891f516b59d7cd2f917708ed8

SHA256
12948c0bf0c2829ad6ec315bd96a6b5dc9800eaaff3194a0e0e3249a0d3413d7

SHA512
9b9ff1fdd1fedaaa1bc17f6f4221aa82ea8551f863bafabd5076339821732a95558427665a43df95ddca5d664dd6fed3ad973513f707da3f3a3004be553dd9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
74c0aaa4eaab8bd704f151bedcfbb7dc

SHA1
45c9044c3ec4aede200413713887b3a7db14a2e2

SHA256
c9b5f9f81a4ba4c8254fde60f4edb9e2f2c6eaf948740e57a89fe9ee971b87da

SHA512
f0c1a3702d409ebd96c998f9d51c0aaffab5c9b39e7d78ac6dfe68b7354f32af8974e7a394354ece4e64284e7a788fe728186dd324d72a16bb6f9e2ecc83d81f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3f6153f9a1ae6ecedce22dd2b2069899

SHA1
13572939e779cb55e60354a4307fce4782fb18f6

SHA256
89c75d0a57dd5e0d1dee12dbb5a452488311f6f186263500e55b1a3f48131a2f

SHA512
31c1d88ae1e2fe8796fed87b5d1d6ad0fc5d35c6eeb168f8899bd9eaf61695f42a953180ab4575e45848edb291acaa2a73b7d0e31fa00937247dec5381f3dc3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0aa6cad5ae4cccb6589c952c51cfb8ea

SHA1
091437a1dfb108a36d3f11f14d002f5c06b25a57

SHA256
55301658daaa7bca0b2c959ce96c9d5522d1725f344b8bdae123b22edd594f81

SHA512
043946354413c8b36fa15376a8760c77a14c0b2143e8a5bc4233eae4d0f2d11cf83ba2c31986ba9b645e58d5daddbb6ee8daf355320903a6dc91239b8ed618ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
2dc677a8b9f75490fb46b844abebdf81

SHA1
d75895be4d5d0e6c5f54eba4a056afd109a7faba

SHA256
0ffa94e99dfc22c46892f827ad3e71ab83958a0c0751fb423be5ef7b14093dc4

SHA512
405937331814964c250938271fa37583cebbeb27ed76126d0fcae59d9d19c11cf55d08a6baf934a92d168f766d63cc5235839cc229cb16c7799dea812b843bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
284c8a460b39e05c3a2c157d3f03ea86

SHA1
c5426be355cb507284837670c1dafb5b4a9cd0d4

SHA256
da24c0448c0fb32ec9bd4f1b0a37ad2005232d1aa3506555f94684abdb35e855

SHA512
11bdf29dff482fd136b923ea0577410c46a87ec0e0f5b12a8fff33ebf6b08526cbc7cfe489e260bcfa743ea7663b7e8aacfc2be85a6056157f1632325246d131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ee69e3425bd03cdfc266df517075109

SHA1
b3f623b2a8ba801650e163723f64f468ba5b1c0d

SHA256
6e969003086bb9a67bef99cb62712974d7c16c73c453ab6b8a87c4e84cd65d98

SHA512
2a9ad19def395d37dceeff5794489097e8b0711c2e5923fd5326614a1cb8ebcbab1cf6865908430ffcaed8afe8adb3bf54c71fd70f5239aac83423a438d04a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
926345416b14279ed554a5a13b00a1aa

SHA1
9cc171bd43ff8b52edbcd26177618eb3cbaa4a1f

SHA256
f96327cb6f0c487e62f110ce5fd5b5f0f3dc7cf9718ca0f92e11eba4f404d443

SHA512
d5f5209c4346102e286c17dfdc3015cd15497f105b83665ab5376b27a7482fb4da53947920e2f30fcdef7b5f91fd916291456803e496bedc94a95bf85fe89b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9eb14d820a73689b756c32925b46300a

SHA1
46922d1ca9587d540c509851897e8e249342f497

SHA256
f1ddcf88bca5f3c2abfd8e487cdff8331cb8773cad07f31ba983cb20cf22ee89

SHA512
e81dccb4abd37c78a4e5c448e3be6e26477a077d472d9147fd41b828d381ce755fd3d3b58987967d8b8d958ce550211620a9c72d243355347c7e0eead93defb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4ffeb8d991952c44483181eae39ae2f2e40bb508\1e9c5823-602f-4635-a01a-dfc07644ec08\index-dir\the-real-index

Filesize
72B

MD5
5c412a924f6f5af4ceaca365b4f90358

SHA1
589a24c8ab95017b837e90a37c4f5fa131fb924b

SHA256
c60ae1d70df76017b200921d8b4e76b451006bf59ca082bf1da3ea86af9ff08b

SHA512
852093e796f94612c71defd362bb8779e2ade6b54286814f8dd7557d1c05de43991a59abb6346fb575f7baac539f0ab6e792a410be36f2706b3b53550c7fcaa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4ffeb8d991952c44483181eae39ae2f2e40bb508\1e9c5823-602f-4635-a01a-dfc07644ec08\index-dir\the-real-index~RFe589815.TMP

Filesize
48B

MD5
8639a568cd36fb212f850bd31ad8798f

SHA1
9ceca15d4b5ea77ceb227799ed4790df5ed5a78b

SHA256
8b5e358cff04849e7303ef7b035100ae5c95c5169407df380675ea3eccb78fac

SHA512
ea38514350d261d97008e903c9681617acc00d362133024eb9217833429f621c97dd872c213b8e18be18e3d0948f620155dc3cfae6fb586c79bd0f45dbc754af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4ffeb8d991952c44483181eae39ae2f2e40bb508\index.txt

Filesize
101B

MD5
894ca9ba0ee256bae4ba908e0e0fe211

SHA1
4cba28acc5d254e131d00119ed37d3b33f89fe42

SHA256
39dce3154f1f21800b08d6a928bf2c5a2cc1f77a7a3afab2c7593e67c8455776

SHA512
96441845d17818198f9ef5353914a335856ee16a1d99d12ea297d5eb33c341722a7c0c164693815dc47b83f8891925ec3a3d33d93c86889c785866bfe5c33f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4ffeb8d991952c44483181eae39ae2f2e40bb508\index.txt~RFe589815.TMP

Filesize
107B

MD5
54d7485698263cad03dba71487957542

SHA1
293400f2f49b31b44e69f1a5d5233af70fdb098f

SHA256
c13b47ecc2a8c4e3bee2014dfc17dfb6339a078b4bfc9633901eb8a3c1546cb4

SHA512
b82011d1a4d88e37ede8846fb2a28fb2d9fb39ac34b4f4aabac5962ce0ec6e5b9a49c4a1b8bef801ecdc94c275013bdbb46fa908ad2b0409fcae05b6deca0c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6790dbf57f2f3c4c8ae9cf63dd4dad09

SHA1
871804b514140758e666c7f5cff3e55d5ca1f5c3

SHA256
af245b1b657c11083a5cd523911e7f45d416e961e028a43f9c5e159e59fa6949

SHA512
8dfd1f2307b642211e9c11c5ec22b9764006074b818183e374bd7bd6dc4cbfa52780107e6c990e9bed6cb0f7bfd0f923106beb6883392ae4c2a0bacfd7129b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
8ea1ed33a4163a51e84e2f849a9e51a7

SHA1
66c71b72bcf861b56e79cb1e2fb5ca80670f2a51

SHA256
3e05cbd41ae55c9dc0cd492221ee65d82332e50277cf2e2ec0e1125d92a22b81

SHA512
282c11ccdb37702a07b925438af03c1e9a07153b5b5fce9b767e13a9f156cef0379bb9de78d89d598df17ab67d28f3ffe994c66c74c2f8c111b44de38026fa6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
163cebeaa1413189e6adb03bbf77aa21

SHA1
956d36f2210d3cfe47ef171018673d03e61b3c71

SHA256
c5769d7117a529dd583b262154044ec418fc8817f0522ecf710ea5c93e62cad8

SHA512
2cc2e5222658fc97e3302ee9ddaf66fda289b0beadd43b43018a3596682a3139545e71c89508ce8bb6923d186e0a862686085247d091587dc3df788148c04d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
2b18562ee9a1d788b0f985b75d71f22c

SHA1
86f36f1b51237e288234bf8b007f3531872a7aed

SHA256
ad40f87a3e00fb6fb2052528bd4cecbf33cb0e97bb3c28f1dedd7c97a5ffdd21

SHA512
2457eaca6491037e59bb2d7d65d2ed613bbb579fe23ad7850a299a0b4842827ce1fcf369d57100c3692d078bbf6dbf4c753115ab0955c0ec7ee02d888b3f5f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e6b08134029c86e46f7511f971fd6fc6

SHA1
1123419b3c9368ad29a2137cd3056a567445f0e2

SHA256
384c9710adf0a455f101050797b05d68c9d4c5b6cb9136e5e4184c0d25e5c71f

SHA512
8d00314adaffde25600b75d0b4ca46b4cd9edfc02c1ce9b142b7fb5114a95768f38ae3656fffcff203a5dc6cea86fb5c5cd8c06bae16729b5f4857ce0ce24770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\917f851a-0590-448f-9b37-e4b0603c9e67.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c06de386c68a13ba6442729486750e40

SHA1
dc4e31e4054f836a31a05fe55d5d0a200dba48fa

SHA256
e5e5ddb79153637b644bac83d77e7dbef7c5a934dd74700337613e60c54d0a75

SHA512
8594dfd260dfea72586fb8aae895917b3e1900de334a752a0f8c870b32ca3595b076d1c78f0b05b02709a5bab47976299476f31b70c599cfcc96146f94ef1e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a90153d38d3aa1aa517e5a83694c95da

SHA1
2c0a8dd7f0aa3b58472f9eb3ef1f095f5364fe90

SHA256
0727c186b6845abdc9a64f2c498c4a0cc48eb986deb06b68c26a421d9b0473c9

SHA512
a04f713fce2d239ea3d2913b343135c1ea03cea711beec0350d6e659212326e4bf7221404c5d00177b61ad2fa6152087405bf860895b08e441d27c8982a572b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
824099735ae0f261e0cd7ce816b8aee7

SHA1
a068a14acf8bcada594b6dd4994382a068cdd7ae

SHA256
98917aa2ce4353937f5a4ab18a89de81fa38540b572d9b548a3b6389084b1aa9

SHA512
4789f6f8dbd1625af34cbaa3f200911512b400b598723a21c7961c675516d76f51c2008dc8d5a5aa94add7f4de10898028683b4e5235b87f822b001ef30054bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a537670c95ab58e1d04bacd185da1f6b

SHA1
7c663695c28484e08bde1e1be41baad77b22537b

SHA256
b0bd3c8bd9bc2b811551e060cbf3837367441176a930f8ea841fc2227cfdae26

SHA512
547f0d32abd1aed6f433652104c26370ee0697cb7a08821f774ef58b881ede7f3d1c5c0e7e25de4e058ba5e457d80057d0119d11b752ca6a0806aa1d05d584bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3c639450ae2908f3974522f8f65861a8

SHA1
5c971efa762bb26a8db8c1b051cb61c912a475f7

SHA256
4b7e686315340fa5759f71863439bd13d37d2a789bd443efec3704caee19fd03

SHA512
3107427a98163a7c5d6a15e3432cd7db3f1f7d004a234a4ceaecf5e656cb34ba38df5f7f6ba5243e4164da873a3b255903766ac5a1b66ba4662a16c24dfd7f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
f8b339d9b44e10b28b6f3a200f7729d1

SHA1
5fa1471c2984c66792fd2bd506e8b57bcb0ab08c

SHA256
ba6bc2b22525e5edcf0e90fcfaae7512e6e2d524e4de944abc824f1c7b5dd48d

SHA512
edae11e53178f94454863ddebdd2a953280dd95c7794e28241e422ae5a0eefae5dcce8973beab7cb1ad2e31b72057a1da3999bacf6b2eb7070ec6f489420984c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
8f94e8485354d1e418422605b76455ed

SHA1
3d092c5f04bb07cadfef907fb4375903df64f0d6

SHA256
a902f04b9917d8e5d20e6c7a52f0184219465d1c9633cdcc073acef5857d7f41

SHA512
1c4a4c2cd4425befaeb02318b986a794031fe8e66d35a5fd33a9358037faa0a7746a6b848ca7022885c5e584ed635a9d09f77aed2150ce478b582c53bd46ff55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
4e6f61ebf9e4f8b9c0432abec9b6e453

SHA1
aa624c17bd379cb97206af129dd394b573f7db6f

SHA256
bf1694506ccb8aac6b2c09ef28ece4cfb29850c14b04e81deba7486623fa77c9

SHA512
4c0f3aecccb7c20c479218e88007fd4cca2be82f56cc785597509026d608ddea1c4a407165fe420835790c148644c71fc0203eba10688d36caf6f8fec7b6c051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
9babc4e655bd15fe4267e854568bd0d1

SHA1
bcba35814e64da3f2d4fe9a28051753daa996632

SHA256
28aa9a6ed85c6d4aa3526ccc5477c66ce09b0f32bd81085bf4348fac802bc25d

SHA512
e817e17033cfab4764412f1b3c16428144090630cec7264020e1614526f86b63ac5ff5ebc53df72ad4b994d72303d53ca1d257ddf8a42eec3f44dac4bb933f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
531B

MD5
658b91417f679f5a107e95415b3a731d

SHA1
da059e2339eb56e79ee0226d7e557a75d4b80211

SHA256
bf88973758b86d89b8e8bfeb9cdca3c59f3478346b6c78c4e65be44b2941c45a

SHA512
7087d4c06a912034a5af907933f3cd1fc4ad5730ed0734c16d03b8a0441e7d6763a29b605c1d9252b8be5bb366307d732c01c4d8a411b8a060d3cc77fc2926ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
fa77e547ebd84f08c8624f8060ce975e

SHA1
9f1182e2f11b862ab32dd906f26ff2c1667f675b

SHA256
4cf2bac25809f75220113a5893f96b03006f2239a2d127062a67673931677d06

SHA512
cbeccfd8e8caf74cb31dddfa2d8ed28689021296d94d158ed9f3d9720bf080253557ebd36a969e07eeafa4758fc0a60887869d28cce0d82416042f19cfb5f0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
297948af1e50ddd201829f88aafec192

SHA1
11c248f813c93058467c37cd531f58c9cd03cc14

SHA256
5f2be02f8b2e5f373e10bd249f4705cd069ad8ead68ab8fcdfbef96930fc08eb

SHA512
b10e01d2ce69a42fe7c9e4e38dfdeca4e0cfa85f7073735cd63aa7e965339932d10b16a9988211c2b091eda80e02df48b191c7e8d5339014480a388f37e95d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
63d2501491916716e74777864da0caa5

SHA1
0822e179c0a60ce779a1a749d213cb5c6d894ed0

SHA256
4f8bebebe850bf6ab3ecbd617f5cfd0d7720d995f3e448ecdd36ce0247afd390

SHA512
d8c0005808e8237b2ce60fd9773100d2aa957f7ad381c39304633a051c188cfd5823fdb758889949aa8d0bbe016390b9ba1776d4589b50e939b99c1fe72a0d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89d140d41591cb12848c063f7b87b2fa

SHA1
091adccc3c8a30bb8cadd2b752c16d11f1abaffa

SHA256
03c08f47c075083694698a30a58f83f972c252c66d00d4359e936615ac97e051

SHA512
fc931d17961128f135a91350a9ed1f747667be7aa03005c20e542f2501f82b5b2a55c5c538581cc51ba933b2f2ee8dca375ce1b2e12989c9c4fb8ba200416313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0239b3867d9f314e86f9e609dfd3291d

SHA1
5060f818e434c3cd0177a607a3b4ac88bf62cddb

SHA256
466587928c4b43c71797e7013a0429508e8037848316be0c49cdf0e5beaf5842

SHA512
5712423d9fbca54052b79e58ed3c55b46d478e49704dbc0a8377464670462e70398f6d1f20fa27299232890960e6e033d5a1013aa1a57569659e5d4c6fb01fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92f308fefeeadf32c198950b89a41aa4

SHA1
4a6ccbe3078a371011360a463c791f8fb7daa63c

SHA256
588f1746f3e6adb3dd8f3cfb9d6c7492565c0b57b0a52b50e72b128dd0023d72

SHA512
598a981c31304c1551c5e8abd99ea9f27f4bfac218dbfd24ac263b88cd8fef444cef1e8c4b980099c324c73a035123c0f72f5587875a2e85017f292f9f38497c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f13faabd5f6a494c819de50fd742bfa

SHA1
67916e45879438b4c5399e1ef2881525317ca3ff

SHA256
0d72e9a741299b4fbb2f8a2a0e4a836adf2015330e6366da4846a6a48df3d28f

SHA512
7f584c0a3cca530a7b42ca6589eb99a6ccf0ee6477d939a02ac6a8fd388ccf3fb2cf740cc02d9057957487927d1c10ba0cf23a98a719f02169a5904406447215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4ffeb8d991952c44483181eae39ae2f2e40bb508\1da25907-6248-4c93-bff7-836528fb2355\index-dir\the-real-index

Filesize
72B

MD5
2898bbd254712c4fec8d64518e2e3752

SHA1
803e9bc082938f3d0bcd117c20bc9b2181d92ba7

SHA256
2856e9ed89b8eccbd2d4c7ec6ff9ffdae2280d3d16ffab00ff85cb5b1a2ccea5

SHA512
afc73e773bacf94a54e64042608164a7fbb923c5d1108aa87352e8bc1449b1ff22e6ad11a2fe0a1504d62202d8aca13cb30724506c4e62ed33c2ffc7321a1ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4ffeb8d991952c44483181eae39ae2f2e40bb508\1da25907-6248-4c93-bff7-836528fb2355\index-dir\the-real-index~RFe57a41f.TMP

Filesize
48B

MD5
0459f79a60f67eacbcd54b4fdd202f4e

SHA1
8b1f866a0cdab55443497d373e6640a660073019

SHA256
dd6d63bd27be7a78fcc044aa66e2c71062d1414345e4b8060c6a40b53947aa85

SHA512
05d08f248b06f8c0bb8f266958382dd1189f09209945c435f55a0f52f170e36cc574fe1b981cbfd8af046d272d71c4f8b0310d5a45807fd5d0cbd44b49726a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4ffeb8d991952c44483181eae39ae2f2e40bb508\index.txt

Filesize
84B

MD5
0ee2d48b878e1dec6a17ee38b4baa2ab

SHA1
4fa3b7fac676db592053e7d9a57b5bbcbc072d4f

SHA256
779899574aa86f3e2822d9e7f1e66f292e88b2dd3c5864b4b343547dcc08e4c3

SHA512
6e33d5287f4bbc660cfd4f552cf3e519ca61984adef018ad5b50abfc17850efc88fcaebb7ee8f5e87c46bbc52aca3ddb8bee613e99f843937a37c41331745dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4ffeb8d991952c44483181eae39ae2f2e40bb508\index.txt

Filesize
78B

MD5
ebb49fc2bd6b85a65325e6026fd70332

SHA1
0b380c8c93c0bb806d18e73f0fcfc6c57b4b9c8f

SHA256
240c90b33d06f6a05def027e16607c171aa3034d708f7092e57ebe1950b1ca3b

SHA512
84a4d02cb53327c48f07c60903f58cffde0da7e0ef9d0c083b63693f8fcd7f8539ce64dc88cff4e9e777c5ef854fe81fda0b5c11e1951565b16d872655018f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
829B

MD5
2892b20ad44679f8232e3041ce3196f5

SHA1
3274c4e2a10aad33f9d04cef11ef7ffe86e4bea7

SHA256
f8a737279b092b4a32c82105eaa0d630169599f6db5dbd910e2f6d5f3932f846

SHA512
cee9e2ca7c812bcccca516404645293559b7e9d3296a21098b533ff86b0b8c310e8020774cbe95ba427f006e82298e610d455e659be9d4c8ec46ce19a638e8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
b02c8156c995f104acc39a0a3de619ca

SHA1
9562bc077172fd875308369f10f1e065631b64e6

SHA256
5f210f5e4e5cbbb531444eb2e5f30e9ed44450b039a74930155aee9e2f90fa77

SHA512
167046de36e38f26365a7e04f6144ed116418d941e0cad737931942bd59fe229bbe09bb4fc8944cae0cba95bf275c39fb65cd1b579d419f30435f00c0264f1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7565ca10623543112042cf7d5746d3c7

SHA1
971a8679f529c5856c125128993ffa28aabc91c7

SHA256
a3109e90abae3a26abde89c7ed9bf77f0b8122fbf484a67aa485e4b6cb221700

SHA512
930263a4e5a4125553025ddca13bf194d064018681036b0aa96ac0fea05c52f6fe517bd938747d5c566b6e388d8c6acd46c1697d428690f32615dd19628f027d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a410.TMP

Filesize
48B

MD5
f59083bc53f837cf6c8c6bc21d9760ae

SHA1
8f1a5f3b1efc86ffc6d3b5a3ce09b9943b5352f5

SHA256
b566d6bed114581ad266759476bc3bf5e3010196e20906a8ebb64f44f02a532a

SHA512
7579d3d790bbfa81d4205b12634d60c7cb86a87b069ef42a537e1943dc7889fb1cc686de52de2ac1745120b7b0560b963261a90a7bd813a046dff8465e13527a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
343B

MD5
c6144a355649d090a19a2480876c9d44

SHA1
f998f3a30fef72c858371067fd731f19ad8563dc

SHA256
0cb0fa48da0c3db0a61e60f55633c0ebad47d116780cc89b157de50223784379

SHA512
4a6cc92f54b7b3c0e381df977d2529e9cea193e2b7ab689f695bcb96430ebc43715ebf5074f00ffe60581a4ec7d90d69001dcbd99184c1d49a58106730eb1878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
388285450236d09ecfb5e1bfe097d1e4

SHA1
ead5031b2bc2d0bfc9aa55bedbcdb681e786592f

SHA256
c14dc218b52d04c147de6b2936c984962ef0e8ead670e32a6514f2f86b035acc

SHA512
7228ea1bf22ba46359f0fc6a28213cccbde93a299fe095c46a302514f234920d59052507cb2ef9d1d28bcaf6ae50765c840e4b2f2e8060fb41bba930afd35e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368647861398202

Filesize
3KB

MD5
c458b63f2f10fccefd64d5ecf803035b

SHA1
56e763179b735380537f0b5405d786345f703d11

SHA256
278a846cce8a2adb6f95cd58e67d339e4784cf1e709600d65037737cf4a18de7

SHA512
e8c9a151e5b372358b6db46ff34d215ed69128b0e236e5a4b589f6af8b4a48de2cd972cecb8f9121e99b061fedb7f515047743c2ff50076467ae4f4177cab192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3af64649b81a4b750158218e223c6a29

SHA1
f663f9c62d8d63cccc1a6af9e353db9ce1a050ca

SHA256
e6354096561a233f2a263d4e0b310eef24b9008c9bbff917b6285e83758d885e

SHA512
edaf57667509734753ae6451af2333cd7da3dffc42a46506480ab31d5cfe91d4848f77f771a1c2ad7fd2e6a082425aac0a8c3c2a1d8467cace1b14566f876c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1245830c16d11eb9667c31a71b11ecba

SHA1
b5ef76e78d2621fc805fa83d081c42bcae7e2f55

SHA256
a018e5fe34b8976bde441f1dd76e6793ed06d6d8fc1d1d53a2e736c45f269124

SHA512
23146c35df1321cec1039ea4fcedc9dcc047b1e27e5d43533117a4542abe74113440015242403e166ea6ae6b3e94ff7f8dcbe64557ec14b94b6ea53077ea18d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
689B

MD5
5bf9818000f695d8421416928a0fdb70

SHA1
099f13b87cd5d26980f22d7eedfed8d272502943

SHA256
18d9888dcca07f460b7ee884dfff7a10c5e405dfc563994db5337c39f7d92df3

SHA512
1826220dfa1b37d698bc6700767accc830b2ca412eb49df34a0b2607b4b8be6d899a526ce7f4d50c9bf270d3fe6c2e93195bcc023882ba841bb3fdbea88bc800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3099d0964a365963ee3e82cce9602f29

SHA1
0d29b6bae72f756b43e2f500ffe76624fce337e6

SHA256
6a9e2659a0f61ffb05c31ad741841b2efaf12a939f037ef18200f67d67ccbbf2

SHA512
f19d9bf0cbbc37aa9080e74588c3c96ebe3f5a200dc98689fa210c3cb9554b4e45377d737193dfefe2476e177294a052a5451d19444d490736560ea33511825f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
b1fe6a1692974f2abc6851454d612097

SHA1
83ff8604ebe2fd28d4f9b3d14c1c988928cb46f2

SHA256
53fd4edbbff8224f5f955ce186dd1f3917711f259992495a88f48b1d41f9586f

SHA512
8e083f507cab6df79ea4d6cc615c0e260ff04209687e8bf07b7d715128104d0a20d6dd2f3b7f86976320c1fe0192dc546a0c4cada02a1a9a3ebf6e9bcf7f90ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
83ec97ca6a0250f800373f1f85d93649

SHA1
aa44153644299a06f249c07e8227a37818caa66c

SHA256
e932b33603181c84967eae97f665d94cbfb97ea1caeee44f778d2425df85e145

SHA512
5ce397d8323251f4611c7a2304677ea242b709212e54c8e23672475750d291003f7e81c9c37b57aa48b7e727bb71c07d1ac45a7a8333f77fd01b863fdb43f098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
53a3995104389015d1fa8a980df017a0

SHA1
1b3f8d48bb410100013a27fded9a96649f504671

SHA256
399bd8f8a2c3e580d41db7c4565754f84452127043bdf951b82a7aeb54751a20

SHA512
4dccb43be2e066aab90e2707ebd4eca62cc371cf9aee71c8aca60ab581e2c8be7418471bc864d42e039223e0d271d0597a5ce3f5cdd62869d9257aa19564abf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
44d85ea65ea4f40b60e9fc32e7f019e5

SHA1
f9d9564750d41a5d382c6eefd623db5342b0025a

SHA256
f7d1475969c140dae5a013999789d0376c8521f5d06fe4bed806a6fd0a77b87a

SHA512
07979766e33ca96ea54058dc37926f126666cded745b454f42719feace61a2e1e5e5d79a7434372b92ac5d2c1b4403809910ad9d6d56adcf5f7d2f682dbfa9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
0c41775238d2242535184e873cbcca74

SHA1
154e90d520c79ab8bf8ea1743e4d5b1411b35d2c

SHA256
7dd2217a32dd7f7d49f1e885b5fb2b73016ced15b008d32c4ea2d187ec1e2750

SHA512
492b92debdd70f7fda71f1e51502f6f0e423a0ff707b4b88e72727837bdcd242e1053b0631bd16be1750a09c912458974c3aac2896accd59bf6640c8245f0726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
7194dc060479c1abec114eb5b767df52

SHA1
c2061b3dd2d592a5e994d42962a2aceac7608c85

SHA256
4b24caa99aeca6f8b2079106465b00b360a11af0db715931c2328abe8b8f2e74

SHA512
d1184c209521259f017cbf45de927994b1b015f4b116c4efa64d9afdc0e816b7f0ca635e7c6e6f66ba8fc1eb3eb8cd46f4bc2026610cbf58803c57546f595f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
24cf1d435225fc636fc5552ee4092628

SHA1
fb841cf17e874882e75848c19006b2a06d3d60c0

SHA256
6f752b3e689b5440440c54b7645e1dfc3a1bb6141655d7e3311adee4fe6a465c

SHA512
9ef2550e3390d3e8fc59810cfc71be7d12f6d2f15179fa5f435b2761deda6f4efaa3f4378985f6b25ffaf17b7dbbeac3b3a9d5f6f5cae13b1494b7f4af04b4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
846a4701f5fdb5a1a30116d163282474

SHA1
4f92eeb63b9c1f40fd95c28d928d7a797231a60c

SHA256
b3ad593b465ca4e6e16a3d5c1fedffd0b314b1281ca0f427ebc6856f4e16eafc

SHA512
bf0a2436ff25a6c13af6b194e81874c76793782c65f3e9123349f27361c2b6f7c78143cd43407a89ee4d165269b84a68efc906a8a06a854627a0bf633a2269a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd8898e9bbd04f220e61f3e9a62bc6de

SHA1
d56e0cf517b47ab6dba165a761171ea81fb5cafa

SHA256
96bec7003d9241430baf12d61ed34f83ee053f5cf9410481fedbc1cfe28150ba

SHA512
4836e38af9d0b46ac111c95740f979a023304a765a070c26cacf4d35891724f0c1ba722a96e7fb248d08519f0280ed231ade22151bfeb572c647d19c23de1db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
5ab1e1f0510e9d96e2e638e6220a2edf

SHA1
a049ceccf249aa95606e558a132677d3b1051c60

SHA256
c21ac28b834b323dc3b90c970d17fb889c57826f15689d30ff82062846c48ba9

SHA512
7120378570aa5ffd920b930da31257498f890a71a90073adcddf326331c109a3b125c8521fb65f570badbe94ed0c2b95454711d486943255f427fc82b6c293b2

Download Submit