3db4e4c528244080a416d9c55d50709ea9813126dcb9b13f0a4473ff13dca2a2

Analysis

max time kernel
200s
max time network
206s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Prestige-Installer.exe
Size

2.1MB
MD5

257bf87087262198f4e1c59868e1ba1b
SHA1

98bf47a3c8b885cdaa9c3fd5acf1cbcf712ed5b9
SHA256

3db4e4c528244080a416d9c55d50709ea9813126dcb9b13f0a4473ff13dca2a2
SHA512

a443008baac184227a78c072ad16e34318cdf81cba966348fa32753a7188a92256352cca488aa3a9d794f242a6205a9b1dd0ce57218e1b4e1f6899dc2b949a71
SSDEEP

24576:ALVY5vsPsVVMYWRi7AspZFELHaBXbs5F9ccw:CjbYW7spzEDcwqc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
244	msedge.exe
244	msedge.exe
2868	msedge.exe
2868	msedge.exe
2840	msedge.exe
2840	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2724	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 3756	996	Prestige-Installer.exe	83
PID 996 wrote to memory of 3756	996	Prestige-Installer.exe	83
PID 244 wrote to memory of 3860	244	msedge.exe	87
PID 244 wrote to memory of 3860	244	msedge.exe	87
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 1012	244	msedge.exe	88
PID 244 wrote to memory of 4700	244	msedge.exe	89
PID 244 wrote to memory of 4700	244	msedge.exe	89
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90
PID 244 wrote to memory of 2468	244	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\Prestige-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Prestige-Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temp/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffae13cb8,0x7ffffae13cc8,0x7ffffae13cd8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7903421450252576875,15798830023076299930,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7903421450252576875,15798830023076299930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7903421450252576875,15798830023076299930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7903421450252576875,15798830023076299930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7903421450252576875,15798830023076299930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7903421450252576875,15798830023076299930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temp/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffae13cb8,0x7ffffae13cc8,0x7ffffae13cd8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3295950147688171755,122741808486401450,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,3295950147688171755,122741808486401450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,3295950147688171755,122741808486401450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3295950147688171755,122741808486401450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3295950147688171755,122741808486401450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2032,3295950147688171755,122741808486401450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2472

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36103a1b7791ad5cbf222765ab27b4c0

SHA1
fcf92e773360d8ddc21d9e17b333d17508d048df

SHA256
a7b3fadee608b905d490e3a0a230c0b26a9e68793c8719d8857dfabe5f90f4bd

SHA512
599054aac0dedd60974509077c948dcb6eedd3c9bde65a61ad2db3df073d44185de48cf892d299541f04a0792f4c00282eb125d9f6cb823571aaf3ee633034a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3ba5125de20bc4d8e0c697a3972ee3a3

SHA1
d5626b7a0d8354f46373bec0243d8aed564182f6

SHA256
acce91fb0fc2a9a9b70bb3ef8789ee18a42b87290cf3f9f733a45a1748b4cd31

SHA512
9b59e4a37a9de4533caa26ab471f853b692eb60907d8cee135aa8740afc5a78de6a94c862470d2ed33d310ce312132d879a84a8dc7603179a88802bfe44c55d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c6e7b6fc5270cc27dec65fe82b418119

SHA1
1c5107761e491f00bcad5f714f4d87a92f0c537d

SHA256
b59c22565738d681d22875084262bc8bcb67f8200e1c300f232814fc6d2c8a56

SHA512
479b092571be404756dc919a6517900c663fb2bfeee409e56f39b0b23d06030586ea27313b2eb6591a7a139ecb21e8532bffabdb0d43f19ee0c77c99b477d436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
3d5be48182028aa41fb1c157c3347a66

SHA1
0bac08b934c5fa9c97d049beeed3fd1e2f0d1a0a

SHA256
f3480cb23f6339b96df628784eee35cb0ea328a921d285a2a23d5f3807a0cff0

SHA512
c2c289b81a127821d810dfde8102324205e656bedb13ac1f434b7df7343cb452d1defe4e92ce13085dae0d2c38d0ef1dd112eb28ac2645ceb08ea7715ee7d004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
41160100abe28b76c7c9c67de35962b1

SHA1
d54d8f73a5ac34cd135d792275d2a1695cc0a4e6

SHA256
8afc03a06b1d163a483b9ec246f919a9da469cc02d69dd9944ac18e5aea1a115

SHA512
54bc4d10728e12207f07efd2de87089440633c164c6eb1bba7b51e30f5f5090e728af1ed73aeafdba71eec19f7688ed6ef531e691c41a3c93326c22c4ed55698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9baeef6337d665c17ef044c7a48ff0d

SHA1
c50f1e81452203022f7449d47be335c8defc628b

SHA256
6d2bd6946520d9e48b521232829bea90f67886401e67827906e962b18e247893

SHA512
ce710f47e9743e1ada9b035989917201afd24b4bb0e2037615166b3bf6b74e73ec289668ff5d43534b31e7d0fb142b556af9219f40c2ba03687521862c28aa17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab36c04e0a8303fa3a94e6cf596d0e6c

SHA1
e0aaaaf7eb79955ab70e150bf6929ad0d72522eb

SHA256
b0d9ee1755152438f0a70e1559dc8b8fd918fdec87209e24ca2710882bcda1f9

SHA512
b8f3e9a2e6e61362535e5ce80bd896def9084cab951799c46b195e2ad010b19767a3f2ab240e711c1ed93f29228079cbf31e338b3a5ca7ce3733e96823f77d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
46bf3cfc98a1cf864f5120b27441191a

SHA1
2477679a16e876d2d2280aa7e78c2615d573bd71

SHA256
1cb1694c89dfb24706d02df00937eda411ba28236fafd7a064deb115775ecc7f

SHA512
2fb7a9e0d299f78c390e2753286d0c1cd7982d209568f3ff076b6c5744f8ec67348fff9bde5fd42c1367dec33b0dc28b65b83127831534a73b2d4581c16ef2ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370011984268824

Filesize
955B

MD5
fbfc27928c8575e4e597f5717917b6f1

SHA1
c766cac14b8aafc5e9bcb5902b5cd1038000fed5

SHA256
fe9164ab2f32d4e92671537e6c5cfa548821fca704f53235f021896c1b6a1f6b

SHA512
b3757bc5f2293651d8cabbe6886f8cb43ce68b288a5930dba6debfb5630db150143ff53befdedbcc054a8ce705d98e037f75677639fe7234696bca3e3dc16114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370011984441824

Filesize
1KB

MD5
f6ea29750d6706f699212effe2514cde

SHA1
d099805e52f7688c7ab714f6bd082575fe1c9c85

SHA256
ebc816fde1b1f4cf5ee7ecb0f72fd1de7b6a02c4320c138285bd4a3e1082619f

SHA512
2b018d1732a4a80e88bd15191b9d64a92ae6faea51d9fc70e7792fbfbc5dbaec939dd8f8b430658bc937bfd919cd371c0c1f3521f20178a695c427fd7f5ed448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
5fb5d1978c900a813e6c441c69475d08

SHA1
b72c5963c5d1c7a503816d4a63d4a3d9015527cf

SHA256
b3367890fef3c88bd543cf5a9eff156dc034ad3ce2acdd7d1d771be2fd73523a

SHA512
b132b9603b4183148be619b89c60664209ea3fc417b9c3b92f8237dc27d554f640f265d7c5eed1a95bad8878a2d2050c566cf1e09ddbf4337b8b5c4dd4a46ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
02478e19b2c61b0d2c8977ef607f0122

SHA1
2fd67f414fb9ee211b8c0b7da06feb538ccf51f4

SHA256
b7ab2ca212ed7c2703717c1ac10d37301cf9fcf4f88fa11549bf3b94bd272928

SHA512
1db84508b656c7977c3c248ce6523f77835f691929cd642c6f3989f374c77d12fde0a27348a2c12f3dcfd482136973564951534eee1410120edae69cb6730d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
ff7b9e402592c0768931d4c0ba6ca40a

SHA1
c89cf3833e04bad08e50ba46c51fdac17109d5b0

SHA256
4dfddd3861e52333a230acda8d028df947d652e7ba4ab70cf3ab37c5d635da41

SHA512
e9933145a0617855431c1604918a07f1aeb0a0bac1d35eb409c026ac7237be658bcd790725ff1508cadb7d5ad62c7a1faa6b30d5777fef26705a1895d27954fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f1f632a1bf3242bfd369079d320147db

SHA1
ef0d4a3c081dcc27b3fb6875df52352cfc0e07a2

SHA256
81af4bffe8d58f60ab02c59373062dfb07ca5498f8067e0498251e790750f6d3

SHA512
cc584c7e5af76f120dea0be0c2a92c487057ea976930af87c48ff64af4a981c90fb8db770181627ed88128c2a6cf77d976f8cf5e67e193402a4d6acf73cd0b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
5aca1538a998b4d41ba7f79adec436f3

SHA1
710aa7231a9697434d03a21316dc97a98d5e9933

SHA256
01258a7707ce90e7060c70d3d8e0c700144f925b55ba9ce4df1909cf7fd26dbb

SHA512
ea258816a9b06f7bb7c5cb9d75fa42bcdaa636ae00db92e1eab8138a64e85705b8fcd2057a2274835af383da60847e014f8cf03d4ebd8f8aa1e42232b4bd8aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f27f66d1d50194dab8db912e7aae1f12

SHA1
a41a3a59f75453bc713e4f8561539db1cb275ad0

SHA256
8381b1c07f38e9ef62883ababf750c6678a15a713fa17261b5fdd9d26e759f30

SHA512
ce0d43b7f2855929592c65285da3e312523cd4df707d443c3db2c91416478c835c053328699941a8337114dfdaa383ba00a7a1c4e70e2b86b3ac2a9f08a470ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
80ea88e03ea527db753211e2e9c420b4

SHA1
d8fecccd99d0581c8a31f2db8964a9e38e305a83

SHA256
7c3c81169079bab1196aeb5146b4e523228ed5721adce24aaa9df809124f37a1

SHA512
8b42ff806c8443c5e938e9810ced6caf7f163bc68e5178e09fea37ceabde72b2e9745c3481a035f89b7a5ca48271eaed42520510bcb8f4640f1cd4329a1d62cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e1ca38db2cd9d65293cc9ba1071e5fff

SHA1
881808c420452c587b0e87fe56e0c591cd3c33ef

SHA256
505533564e65b5b74e16776a436d68d321999ccba276dea097c3be88d859a749

SHA512
a341c8a50fd9b603d3fd6f891712ce83bd37b32d16bbba224060f851302992b72f4a72033f96baeeb9f5f86147bb71467c941c0c4e0277c7145d5d0fe5f95697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0dfdd8171b980f202323018f096e7b45

SHA1
264be061ae740365217771b768d87527cc67435d

SHA256
438ee4095a3176a8a6a084455ebe50baba0105f72e00845ed79ff2f4a42eff3b

SHA512
b61234580bf267ed2901765b283081abd7a4ce17924528e4e760f31474927d995ba0ee61ff38d0a1db96b705077a04cca09ffb8ec51d6c6241944483348c9113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
dc70b17f1b9034681289d2dd86f3c3d1

SHA1
322105428a867252a47a493c6fce47cde9d16bff

SHA256
5756da79d2d48fa1c409797f65bd5e4f9f57a6fdaa5ef7d32b5d50b6b2a0e251

SHA512
d5fbc9430857978e1f577387b8e46895f24c32cde11eff51ad7f4f73cb4e8b04603910d85a287ed9b81c6ca9b8310b49a80c2567cf8947c8e0522b7f558309c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d8b88b23a46bb226fe926c091ffe509e

SHA1
43ecbaa98da5a73ebc9e556c1dbd73e2163309bf

SHA256
21bb4319a3d8a3cb28dc8093ac88c7964c73b7357b3e20cb4be91ae418725a21

SHA512
4110f1854089a8438cc6cd512bf675e9d32421b9f877d6741a15ce56919c26a98820879f50a4cdbc8b2620cf54519a70208d19302c2493bd95326bbeed880df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
6ddc68ecd27f88b368b6ef26232d84a0

SHA1
005ea40d7a7ce7583d6e6ca7463f3302d38a6b27

SHA256
ed1a4bc6837bd2b3d98c3dcc1d3fb7c0749d7f75804cdb998601b3c01b57d15f

SHA512
61dfe8f69b5fd07d3b42a87cef6ff4a893b96e2fc9aa5a6533ba25c569f042d0cff3adaf05f26af4ef60e00fb720a20fcdc44cead73f5d33cf1b5556fe64f80d

Download Submit
memory/996-0-0x00007FF676490000-0x00007FF676778000-memory.dmp

Filesize
2.9MB

Download
memory/996-1-0x00007FF676490000-0x00007FF676778000-memory.dmp

Filesize
2.9MB

Download
memory/996-203-0x00007FF676490000-0x00007FF676778000-memory.dmp

Filesize
2.9MB

Download