hxxps://t[.]co/xiCbU29iTM

Analysis

max time kernel
305s
max time network
317s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.co/xiCbU29iTM

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
226	discord.com
227	discord.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
119	api.ipify.org
121	api.ipify.org
221	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{41896498-C935-4DC8-B11D-8B0A5A5FC979}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{F82CE463-DDE3-45CC-BFE0-38A64FE26DCE}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1472	msedge.exe
1472	msedge.exe
4372	msedge.exe
4372	msedge.exe
2280	msedge.exe
2280	msedge.exe
1608	msedge.exe
3540	identity_helper.exe
3540	identity_helper.exe
5780	msedge.exe
5780	msedge.exe
5456	msedge.exe
5456	msedge.exe
3856	identity_helper.exe
3856	identity_helper.exe
1544	msedge.exe
1544	msedge.exe
2588	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 4464	4372	msedge.exe	83
PID 4372 wrote to memory of 4464	4372	msedge.exe	83
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 2704	4372	msedge.exe	84
PID 4372 wrote to memory of 1472	4372	msedge.exe	85
PID 4372 wrote to memory of 1472	4372	msedge.exe	85
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86
PID 4372 wrote to memory of 2632	4372	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/xiCbU29iTM
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd7394718
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1857993782464292114,9048842131970455009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd7394718
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,11258734066198540349,11925421359476260056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2186298377c109202a764740d8ae7504

SHA1
b032b2dd2609f55b90039d517bd59d37f402855f

SHA256
107581a09d7c4427192c54ab8fdc19f947e7f3963973526d36f8a825b6425e0b

SHA512
2740d235679bee4bd73b55463f1b99ec15c2d58cbc17b901b355eef9c159191fe9fee5ae24b2f86ec6f135e1ba27f3481ac94738fd1b1b7d921a7d9e813fc9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
518bf170cab71fa11f26edfa6d53a6c7

SHA1
0dd6d37253bc50304c9e398778da1120af9f5046

SHA256
84f6ec6da93d6cadbf58e41e4a0c0235d757aa9d88757570e46ef7ac5ffd7a3b

SHA512
cf6bef3e7305f6a7e24a45b378f94a79f71d5ed858990a7d951717d08f4f6e707aefd5d4c8ce891c6096a495c1ed79056f72ecc20ece96ed8893d3b0e15f3d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
a7196d6f90b69d32e3694e7a4bfd3f05

SHA1
5b496a4f8f46f76355d83bbc3e5385f1bee2d0fd

SHA256
d0343eb29405d20329bc6198300421edf35cfd72b67d8f6d789228e7895361f3

SHA512
0bd65ebe10dd2d0042d2570b9141722a58fe10e5c82fe17cc2e6cdb32a1b47e43629f19e9e08290bbdbc526821f116dcb92be279fc47f98714d573f6c750f9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c9c892e86dff177557fa872219fd653a

SHA1
3fb511ec0ab760f9add526151519a2574b932b7a

SHA256
9a084aff7a6a5e84e531c06c3592fa60468d6e81ede4e4a91fa5e1e55a16b56e

SHA512
c0b37bdac0139c258c9b21cf36ababe8814b294273afe871d74a29bb212015f60b2011862521712153aab4bfe75c5c755f33b2e4da6341f5ddcd7289fd5d090f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
5b6a2b47631b744e0e46f9a2b5c389cc

SHA1
3f9f915817d1e63c4d65940e35dd435dc3c37c1b

SHA256
9f69be755180b8ab437dba7b6268b0da37be9b48625375e3e6a8b3d432c60c3b

SHA512
cb2d1c9ef2db88795aded8d77c4aa4a9659936768158c4e5fe125fce338cc8e3aa5ebef462a3367903e6c6e5e0eda6d5a550e1859bc6d2d72f9b0fb03128387c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
b7f05bc2147e1496a5ade6ee04777355

SHA1
ed222717c902fef7069859407e16c928fec9321b

SHA256
b55d41f4eae67ed0fb82127da334e645238dfb35592935537cbb0d85e8a9dd06

SHA512
2f2938923c060c071c6a89e8bd16e44c5d59524e6d892fb99ee925e5c5b8ba458ff36224e81864fecd206ac07e6049aba8ba8e55f2e9071d9048446fa4c654b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fad4b2dbc0e33c516cc29ab0bd77d53c

SHA1
ac91d7168745eb900a89d58910df9921cb0e2c09

SHA256
e5131b974eb727e27f135804133cbeaf6bcde582f35183f26deefd691ac64765

SHA512
8a0a425016f23e363cc0f5c5bf08180670a5d239341af4aca4ceb0045dae4fa3422746dc6c04e8e07de373825bc0f56900edee0bc5ebbae7a7fe5b5da37686bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
29eb2196e05ea106f16f79cf5e6b1bb9

SHA1
d38aa90d87bf0453ef35a1092f07aaaff5f5be64

SHA256
97b528806e040ad5aa5080b5545b183a77b9742276ad3409ba9a540afd00233d

SHA512
c6d3d833d54388b3af2132f1a895defb5dba3ffba0e1ce3e819dc47ec3422df4e849683da86ce039578e6aafa4d614695576f59f6c196230d50c9c6f6a3b49a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
738880aa6c5dae35fdf44ae9db99048a

SHA1
17e305e029c9f1b1e8ebb6f018db72ed4efde32c

SHA256
f9e426feecd6ca5def77d31134541325e4a324ae2d14d8575215ef929f4a0ef5

SHA512
18b269c420e2f4d449ab1be34e219a35857bbfb8c8047526561cc754fafd7cabc13d5ffc78b78078406d6e7c5bc312330a461d4034804ac01dfbd6865f5c72a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
cb656cdabbf10b51130414f32897d088

SHA1
57723a1acd0cf9219411197b1bdd28a21652e00d

SHA256
fc96c1d8abaa05ed5536c1b891dcf29ada0e3a6c73c9fef69cb58faa8e1aa8ea

SHA512
0228273c2ef43259f595840b4621a4642cf76a1b8b1ed2424c0e0020fb2391df159909e9970bad9b3932908f8cbaef2ad7c33d0e42a798479796fc9ae851556b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
327dfdc908cc8b617cded6909494e31e

SHA1
48b8e93b37618305736679acb8d94ab9a1877e28

SHA256
79d53aa7fc924b450c8509ec2c9f98f64a00ccd248066c385df1c5e190c259e8

SHA512
410cbfc317948c6e1ab4617163223cf3e031b87838eee0b832c3ef6fbc09abf8649990ebdec752bd89d2cb937f1e8c834286c452f77fb9ce1032f00bbef9105f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
579dba8e0925d686d86ae72cacaebf3f

SHA1
240590629558b1aa0535d096757f228f1ced673c

SHA256
887610ac1ac462cb881e308c5f39b3d800b4785ead67ca5d93529c596dea9a4a

SHA512
dec46241bc8085d1945d95ef6c14e38f06fe93d2cece6aa81299ae6fe7d7486568fcfa66850d238f66e039e8434c627388465d01e1dcf27bfba56377b70d169f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
11a435333b5cd8011e1857cc43656b20

SHA1
9bd970cd912e17e0e3ca2becd885000f4016af5f

SHA256
e396c29e97c2d584b4c7c69032a983c7778e179b0f44df877dc62228852a1fc1

SHA512
083482057b036e1f64a1bd7fdb7451e329ce3dcc2a2ccbf5c88098d8330bd4b076a5c0e6ffedba67f5f463cb7e785974739c2b6e830c2ec161aa45b6849fcdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
b436f7ba84074414abec49fa7f80c608

SHA1
d42f54ef4ca3daf51dab10bc808cb6a4acd122cd

SHA256
576a00f24f533f47f16f4df5f8fa2842f72fb493ce0cf40bb5684279af1f9d1a

SHA512
d2c72998bc7836c3229c54988c6c1319c9a8b6230918e10da6790f6ba88216a07b582641dc30fa4c87256c0ca56c2974c9304c9f2a0036e89e73355fb8d19095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
00c67c23d78c7c615d104e424fc6fb85

SHA1
350e610e4bda0246b16d12ed9dad9eab4e00a597

SHA256
ce070392609897c899fb136b49f203a791f787476da785ba28922426b01eec05

SHA512
de14699d96e6403599d974ac1d0488feeac7edeeabdb3da83602f46d39ffc7003decba9d5621f0cc8f127e110140cd1254b3d8a563380bc5cbd41698cc371a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
ab33561ecc3ab9089eea3228add23c51

SHA1
070ce60355ea32b597d98568c5aa479df0317043

SHA256
3606a70005ff9c2ffd01a2ffb1aeb28b10220a4ab99983b816451838aac72725

SHA512
b8b8cac8f7a4118f7efce0e21b299e4b76878cb2fd9df98d9fbed8a25fe44b7d99964d962463e651a48a16204e4fd654bfa30f844f70045b610f34b027c7c45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
328B

MD5
16e6364188162f926a77ace8c0cc00c7

SHA1
9a5d79c4db42947d3c32ab9e194da1e9e358efa7

SHA256
6a9ab4e4bea58e94e3dc8b64869e07fd2afba153379c2beac8199beb9731ae7b

SHA512
0183adc0509b38b2bec847c95f1b1cde81fc32e33d3e82ab65398b0aba8a4cdad70f90895a7217fa3d2cfa4a2695b3db47b61c3d9a1e61dbf47e04a46550b9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
90753c754e7838aa8c55e76c2c1dcd3b

SHA1
5e1d9372c4516e062643513733df56ba12d7ff20

SHA256
b8b492ff6a46a2c2ee9e4bca89c8b46b47e2e89b03ed2be75c627ec3122b5fb0

SHA512
c4bfbd71b9e03b787c8eca1b59ffca73869a37dc4417df9510328f1b3071313a4583d86405e35153fe382111155a66b5d79430bb9a970c5d8752374c20ffeadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f2d59353447e5d9f17d9acf7620b0326

SHA1
6923f30db71a4d9053233b1c100f19d0bdcaaf1a

SHA256
c117c9ff919d44303ef49472d2d666853d85b6c1c3736c8ff8f4739ace796798

SHA512
f7fa60430c4fe29461f25434999533684ae9dcd9868c5c8dbf81d1209968ecdc37bda00b31e186dacd447aa118097880b1507338828950d4415adb6f55285523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
956d33ec4cb21b1426e395cb9d1bdbdc

SHA1
8a9db45476c19354bde6b5ef5ba8e79cd3c52f35

SHA256
61493fb80fe6e1097e68073df8d39ef4de344670132bd6ea551d7e28eee144dd

SHA512
cc02c0e58037173b37ac74626bffc785689e498552b3ad0798c30bbbbc9a254da1ec96cab3139c55e91458d9b79461365541c097b336804782e531055e0eec4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
43a7dfa52f41833b39579d9e63b7c30c

SHA1
18e2dd5a81b25326fb0cbcf6412f236a53210994

SHA256
3e17e969c860922f037c7fa4f61a2f772542efa212ae186102e5dc1f3b142eed

SHA512
ea1a03adb77114d9d9541e6c76ecfac5c03b35738d9064964536a8ae7459e60bf08c82b1061741006bf05d1100d9fb80f2ca4e96ad2f67d8d89b817a4ae470f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e16c78e9fffcb4e59d1365b2750b6703

SHA1
263de2909ef425b848b2b76b9e2e0a62a8cd8a2c

SHA256
c7ca980d6f23565f9316787a8baa39626d0279f2971075e67355d24045f10e33

SHA512
7c8c34951fed4ac4b8f947b1ca29e03497f00eb3be65709db3c597012f23a0c7bfce24ea23db03a09f7c93175d04fb6ac886359f897f91cd6cc7338eee6eaa24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e0dadd8b5d4e829ed6d7bb390403e134

SHA1
3efd926d55df840d1310b2de69563dfb5b3819b8

SHA256
1a656a7f84c4d309c2391736c2e63b9b5fc13bc73eb450a346f397cd27e6d9f3

SHA512
0519c5b0192faac5847947b43ea83d014737a709f42f713b5109c7b968d808d9a459c50d6378809a00b1b061e3c0b5b77d4339ac66d383d4961d5b2775c7ca7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
69461388ecfd9978bb9f9adae8661b6d

SHA1
e02635f101c42a21221d4781f22078123ff0c6b1

SHA256
52b3d23b8946636a72fbe33909e1111213952c4c88827ad62d0ddc75b3d712a5

SHA512
8a21e0a374bae70e7b87e8dac65f6232b2720743db5d39f7fdaa347b445cb9909d93ea42230166f89170e6d7070f7b91a79c0e90e0f4a8d67d71aa39c64e20d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
329e2849de9b57b87a21757456e7c9eb

SHA1
99371b990b27f1ef086fe8f6523b5f5d9005153e

SHA256
27b05e9d5aed55c3cf281e827dd031c4886daf73e1016f3279d5d244d0d07285

SHA512
3a36be89a9ec23d190ceb5979eecf782d8845df402334fab3ce7539e240aabea5d3e6c9c181457a4ee165ce86de8dcc770f206b3b98b11c4c2669e59e18fff93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
737ee80f801133013d6e94e45c5a27f9

SHA1
2ce8fa923b5cec7d89130af112cea103e2c26da1

SHA256
ebdf29dc17b6c358d1ce8e68eed768ff460ece653077aa33499a74c180074eeb

SHA512
8a14772ab3750657df0defd3ece7e78e7c3e6ee00277ab498e27fcc0a7086994e06914c4a5e8ebe07f69a36deba96d62c3c7a14ac955a7947f175f52946a2fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
316B

MD5
eca358a0f04ee28654438332de8e9cb2

SHA1
9d3c2a81a1d6a9b4657737b64ff0f260c4a55726

SHA256
c17135bb8c237600e091135abda0eb569fc73a10ef0550a073688881e5f65b87

SHA512
a081cf31ca1f82aa18c9d5741fa101bb913c1947532c81e08a6cdcf574e90db6c801c7860a87058bc7a5daa3a4ff60a4c333739f6c9b205106fc17c5ea305f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13372484380313873

Filesize
8KB

MD5
306e1007bf3bf4a01e936ab44b621353

SHA1
75ff9195196651f1a805604fe6eaa1849553dd32

SHA256
125cfe9e22fc96d755d8cbbadb0bee97e31eec96be2d35caeab9f141faae0c50

SHA512
0c28b6938adc3ad6ea4aff7346faa09f061d13342791125625409f7a509453a40e52d8547ef682106e42bf8d01c640c7bd6d68c80611d3a8a734be3759622e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
100B

MD5
bc752c04bb7be2eddf1e002ba8e2409f

SHA1
a503144b13f736a8e4364ad1cb1761fe14d2b999

SHA256
e0e0e3a208d2ef421006e0813c36ffe5f01d82246568269784e447da31c436e5

SHA512
c3115932e9460df9397d8dad522f24472457cfb90ca2c08df8e61b18b529f32085297a89cbb7f1f4e339aee12764d39e017264447695f170df311e4e8718766c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
dd37abd5342a00ed7312c2e462cc1e95

SHA1
17c108ab302abd5c704284953b1ed4708b4810c3

SHA256
411344f9a71d465e1c4e1c7432127a55bc2b332892727b56329ef32d5adc474d

SHA512
c5a26ba1b6650f8c546b6a56de91e1b8825ec93d2e7707ab0c50175db220023ddcdd5277188c9919c47e932ff4ca84ca16459f0a1772b8aa9e52d41c9962c9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
10f0c3222877af6c83aeb12318731f1a

SHA1
ff35dfe42f04d40afdc0e45da2cf32ea32b7a10e

SHA256
05d99bae6ac8c3c37b20ade3baf55442095680cabd79fa92d892045b0fa5092b

SHA512
beaa9892d82da0443b847c4fcb0ddbe8411d32980694cf90699f261b4095e7f5392e9437aa2677a78aa63a767c1f2d418acbd1fd7cc6658d9eec5ff707535066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f62bfcaeb772b2d97ae05bc5da0f9f62

SHA1
e1b04af80e098120070911aa0ca23a23b8f20989

SHA256
de479a57bd9b2de67d133e57d847bd282d060e8ca19b725406ea8d3f14cb3ae9

SHA512
daa33a51a8efbc623be53e4c1737bafd80f823e5259f3f719d9001acf93e6b8459036e1c0e5b13ef7ff4f774c3797305f0c447f14dd60d619aff51a482fcc0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7d3a4af7adfed16ebb1374a62e72456

SHA1
367188f1513319531b2fe8d0a7b82c1d9db3958c

SHA256
fa7a3c17c2992445734b678835546d9c21eada2275acf98520f3d185b5acd22c

SHA512
aa49c22025affae2434367dd392d510ee98fef4eb156c0faf199435cf06f24c24611d85215a6af894061164c80672c798779d58c5f3b5193e2999df87d1ba66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e2cc7af06411568da0e2148dcdd87d5

SHA1
c53c613c67e5c96fc19f44265858d324bb131a80

SHA256
c3f3941ef290be6e9754db76bc0da71ea87d297e43b71d3205a50fbb690b2a4c

SHA512
b5b6129e093c5498f176777071e7050acda546ea85fd63af4d42c95aaddf084e2fb72455f3d99ae342ff7ef0a17d139579b393323d88c23854b4fcf429e6c971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584ff0.TMP

Filesize
871B

MD5
72dacbf3b4f8402095399279d592f6c1

SHA1
d0c01a3a6359f5889c27ba88a5bba57ada979813

SHA256
54e3a699b9bb26dc8bd255223047cdbb8321a0ffa27dafad197e94b6e48dbd4b

SHA512
cea4ac6ec5ce9b71d1d871e94d7ef4dc99fbaba564da2e4194d56fb65f37493a0d3ceb43ab0659f9b2476e8d9918c4aad1298df581447ec1f32f21555fffd920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
878415e70357000e19377f9bb1567a16

SHA1
88b2d824465d02d5a0bb39a100f5bd263c5ff617

SHA256
a972c5856c64bd6fb7f6601a73bf7527dfe0e54a1f534d7194f69962a052f8ce

SHA512
dad3a0f17b66d692d977734de0addb7fa86e17a4879e7ff85711804c88e6104b54a3d44d70c61542e79a8295ded3c3e4fab780eed41b143b16c94fd1cc79b40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.6MB

MD5
261bd708a1b59d50e8f6db332adf99a9

SHA1
f44373b60ade84b186338ec9a685f541431546fd

SHA256
c5a0200ae707f95934e3f78f8c1ff506231d2b8bde86325b5f2554d5641625cc

SHA512
8aa98ec6e5ae27f937d21236dbe5f922bd44c79791a5018d725cd913f6f75106aef3b200bcfd23cf915191f2eef107e1707b722a37a1b68ff7fc7775f043b84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
28e5195ba7042786dc5443c4ab503184

SHA1
45c63b9cf8c89ea50a9b77b50cfe2cb8ba5c7bcd

SHA256
448db55765e9373427ce9d98109de3921868d887d81546cc320eaffe32b619b4

SHA512
35050b59e5112f57db4efaf717bcce0c7a4d56e5028aab0787492c4a9920df5342a9acb441c0d1d65fdd731c3276a7568f9ebcadc71631280a45197afa424bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
46a47a887bf388eaae26ba5c80b913a5

SHA1
99b136d65a7a861d04409e0339d163aadad10758

SHA256
3933a5dbd7fab1088e7c7ea121f05bd46b2b9c390ac0013d08f9f64d013e76fe

SHA512
90e8a1e4aae319a32401f7a01d356e321473416071c2baeb7fc4b1fcb0b1f5e0d509de1719b4662d946222113b0a071ad3a50c2d8ff62e855825b1ee8297514e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
817fef8d28968a36dc2cfbdedc94f3a0

SHA1
97a698ba796574d32ef1144c119429f3f4fd1d64

SHA256
01548a95593f9083348257b3faaec223626f608bdc780831758b83015d18fa1c

SHA512
b3fb5bdba3c124ff5ee40f3e94efd074d2d34add33826cae16fdf6c630f80abe749a97500963c49581c3adbea1b25c9cbea11bb531917137bf2db7e0cd58f885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
17f606cd3189cacb888c3728a2810e93

SHA1
8a4ab3e5e015db93a190b8e26b4c76b827601354

SHA256
881e3df0b9e327315927c11497b042c384f28f63aef44e37fffbbc8e7eaf4084

SHA512
277441b6e1dd5b3ad06e1bf55d3fb0178276edc4462913d417721fb5fbf199fe22b51b20912f42613cdb22cfc6cad5a508d45b6e9fa41826d92b6a41ff506c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8c709d8972ea1d11c1e189b9cb0ddd8b

SHA1
9ab8fa7c1454130102c23051e7cb214ea66b8f6f

SHA256
cb3b01de2ce94c25dd600908ece61824f5db2ec5dd67e41f0692583f3dd7d724

SHA512
e90ced25b75bd56c0a323ca6c4a7edefa8d3c295397736a5b100105f75106cf1df09a84f2eab42bed066e7b9831c7ebfb7d3119310c6cd3a039d291d562f7dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fa6bb336bfc602a7889d3ffbac8e66a9

SHA1
e9a1c9e38cd49cc735a07ff8bfc6542b9fce206c

SHA256
343d781260b850bd491890801e83edfd3e14956ec95c42b73fbedda19ea2df23

SHA512
74efbb51b7bd2df1a81eee457712ea838e64df0b66b7d2e76eb91fd0168783302c640641176f41b3f8d3bd9bbaae498e335306a76c0f07b460d6b1eb315bc95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
39d497a5225716265ea6071f57073d40

SHA1
19cc354d246c5bb2cae25612db9a9275a013d3a5

SHA256
f750ab447a234bf44470b0fbcbc2d221cd833a4287a0092c93e5fe81d000c0c0

SHA512
da570dca50676de01fecf10af0c816ce2a3b0dc5d195d2ff57bbbf42eb37304a27b9883dc94432849a8bc47439f069dbc68817ef5bcc809fd5fcbec3abc73806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
19KB

MD5
ead1a7f8f2e3c3ad24f6501f69abdacc

SHA1
c8d1537377c146530a19cd75ab8b8d7fbf7d3661

SHA256
78804aaeb56a602c6f55b2c14e84884d6c3804c0b56c5ebc8bd2ab426b046ec3

SHA512
70c6a6019c5a5e0725ed2e295ad9e5d628f8a8179fa84650d99a0b51eeaa51f34df74bdc8c362222e2fce70526f0f4cc20af2293b7799d5a6f6cc021522c6dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
16KB

MD5
4517391bc8c55acdbe1f4c2f0d1c1fc8

SHA1
ac51fcf3271333d222e4cb526431817f48345a43

SHA256
3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d

SHA512
e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
462ab40d28f493c87f3b6bfb9e740c27

SHA1
bad0b62c423afc4497e27b159f34014214acf1a8

SHA256
efd6f41682976a1226047b08b2994266d33ab8d032eed669844f008161c3fe3e

SHA512
737938bb86f94966ed417d7ba99215096d27ba6bcbd59db5978f826dd876edbfdc3ac005fdb5f6f06296ecd6cb97a51a40d35f7bff10b0e3e33aef76d23496df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b8067c28c416f99a61d97faf5845602c

SHA1
7b018828178a712b55dbe07981798b4c24dd1549

SHA256
8a7e173ceea0e3b4b922761815f1212644ded1713722484d33dac3272e6e892a

SHA512
cb6ef18a00735757ed3f3faf06f466b2c027429dc2569ba6f3925ca6fb6e9aee167ea39a7928d26e63b294ec00b1e424a5378c3d3a2e75314767f30076ff14f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d35ebc59be079dd606353f3f00ca5d83

SHA1
40655ba2f74b057f8b62504482636d4cfcd3b703

SHA256
3ee20bfcce87075379ef5d696275b0b69244326b7fd69e7ec15bbfd31ee9a2d2

SHA512
a841bea43527c0a4050b2e6179a45d0dbbf641e0dbab69ad6b8315cf2ead8f63ef6b2bb46283508cb0386a5abf9b1e60d40447e53b2dae153ffc834eadac5931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
63f9b7865b6ddca43846e7b59777656f

SHA1
7ea152a0d0a5725d04569e0a0932794fc7f58cef

SHA256
571950134ae555f61117db4cb31396db371bc82c5acef2bbb190d15d669f3477

SHA512
8ef9876b158e6f65f21c8398f78991254790fe55441a28cb3cbdd54803f87ebc0705e64920819b682eb9ba84312cd1b4907984dc79bebc0a9d01cdc4f00a1769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
ac0a05a3215feba48d6294ddb12196ac

SHA1
d46396a5d128eea8955b870e35b7358d430e7bb5

SHA256
0a54805fd042b300fd8d716323acfa818493499166b9feb306ec060004cf7537

SHA512
178265bb00a7a15c2953aba4a7aa70ae291a2105790c426cc0624a7e22b98cacdb6377ff96aaf6de2c0341ff6f0577f0346bc9d12eb28ce71df8f10b048d1711

Download Submit