598959308399a249c33e9249cd7511fa9c0c23df00b56ac1d71a7b9743bab1af

Resubmissions

07-11-2024 17:46

241107-wb98ysyrbr 10

07-11-2024 17:39

07-11-2024 17:38

07-11-2024 17:38

07-11-2024 17:32

14-10-2024 22:45

Analysis

max time kernel
1698s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mxbikes.exe
Size

3.6MB
MD5

49ffb1b624e1746698c05aa962353768
SHA1

94f4083ddbfa537e08aa1f0de55a56146a8c6351
SHA256

598959308399a249c33e9249cd7511fa9c0c23df00b56ac1d71a7b9743bab1af
SHA512

8dab9e208003d37993b978a9e2e6cf1c5354c4e3300db97a4d1850227a438af28796b7f902f7c05b9251ea604fbb1557f6bdbb25c4bb4ba43f3dc009e5842862
SSDEEP

49152:eJRTFGeek0zge76irmN0v4Ck1HpDDCwo40mjwrvX6OpePuboh0DW6NnCn0hFToSJ:duupCHlmoSDW6NnC0h68b

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
147	raw.githubusercontent.com
148	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 245366.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 194914.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 719360.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1028	chrome.exe
1028	chrome.exe
756	msedge.exe
756	msedge.exe
1660	msedge.exe
1660	msedge.exe
1408	msedge.exe
1408	msedge.exe
5168	msedge.exe
5168	msedge.exe
4944	identity_helper.exe
4944	identity_helper.exe
948	msedge.exe
948	msedge.exe
2376	msedge.exe
2376	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1028	chrome.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 696	1028	chrome.exe	94
PID 1028 wrote to memory of 696	1028	chrome.exe	94
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4180	1028	chrome.exe	95
PID 1028 wrote to memory of 4436	1028	chrome.exe	96
PID 1028 wrote to memory of 4436	1028	chrome.exe	96
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97
PID 1028 wrote to memory of 4272	1028	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\mxbikes.exe
"C:\Users\Admin\AppData\Local\Temp\mxbikes.exe"
1⤵
PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff973acc40,0x7fff973acc4c,0x7fff973acc58
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,7607819446907833437,11681785557056957746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,7607819446907833437,11681785557056957746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,7607819446907833437,11681785557056957746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,7607819446907833437,11681785557056957746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3436,i,7607819446907833437,11681785557056957746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3756,i,7607819446907833437,11681785557056957746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4408,i,7607819446907833437,11681785557056957746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,7607819446907833437,11681785557056957746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:1124

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff937946f8,0x7fff93794708,0x7fff93794718
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12409894372743082308,1560361997570022182,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12409894372743082308,1560361997570022182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12409894372743082308,1560361997570022182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12409894372743082308,1560361997570022182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12409894372743082308,1560361997570022182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12409894372743082308,1560361997570022182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12409894372743082308,1560361997570022182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff937946f8,0x7fff93794708,0x7fff93794718
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3032 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6484 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7020 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,8571623471166829459,16153398941269419468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fcacbfb74414f8810b79cde84bd94448

SHA1
24fa5e8ba128c4eb96f2374d03c51a6b16920eaa

SHA256
aedbafae048fda288c6ea12b514058e73372e74acadd0767cb07d41e8e21cc21

SHA512
d1c6b11be654250f60c9a9f483fcbbf4254515e6cd9950ac919704b688bad68cb5a03e1ec83d7105ddc2f1a4f2cf276a31ee3cf6abfb30354f457165700eab9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9bad73e3b39072f8e3483e77e920cd0e

SHA1
7a4f638d4d34e24738de680a1b0474d32aa61ee6

SHA256
88b61e2aced90c2241ef0c82f5d5fdd1243ffb62ed6bc728a6df680ed8026e3d

SHA512
e8c511522a126ee72da65391b8537582e34492a1e8b58c11bca236c603b18d0b779200d60e2f22bb5fdd4842720ae7f2740280a79c5f15f972908f4827d7a460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
357f0b16eda6eb254fd44f8202505866

SHA1
c7f64a615f4b4f1e88272f3e23eb27013b6cc736

SHA256
21d5fcb9432dfb28f35eaec047d970c16b629dd7ca537cf1447b0d24c975ea73

SHA512
84c93356f8d2ade78bb5c0e378a2af9ee846559a6e3ee1e9f00a65b0669f78e57ceceb7214dc5975d972da439cc5a2719d5d58fa13ef294c1ebca890e3a79acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e985a7ed60fe103d75256b3e44ec1b62

SHA1
ecc56d2ed65b49d38b6e70bcb3fa62fda7502ac8

SHA256
af9abd5cde3d10bba5d8ac6ab8df139fb3c0b1c50642c4809f9799205177798c

SHA512
82f0a61f64fe7287eefb93e5f9d6f7fde35efa43d8ce2a64cf7feee371b0d43fad7c90c2c106061ab03edfe7012dbf4fbcea1b2cf95180794d4670441ef1edc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1041b17fe76b2683ed91e32230a8a8a3

SHA1
3846a20b43edbced681ffa6d64883bce38615682

SHA256
73e546d36485636ad0791fb4eba0871499e09348de3d8d0d3bd8c0ea8140a705

SHA512
0c6437afdb1244f69976f7030c8d293cbe0b4c7a9baa2b3da1255019e1e29996534dac0b1a8f6819e6e979b9e365e387081495b96ad0eff794bd24970d00d211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
115277819d277d50eedbb6885c3ea329

SHA1
5289a784ed1407718b337425a7ee8f2244ada377

SHA256
fb435a00b429037d6b293b2c197e45fb9d679cf583e484015eb66e14f268bdf1

SHA512
9e4c4568182b5b5d3cb2c444c0dc2dbc735c84830912aa759fcb2f908afef1bacb62ac0765d54fdadb1783e04c1546f2aa35a5254a1189af2e102136ec761e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\799f4b3f-b988-4f6a-9c27-d13b5f3795a0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
57fd976c87515f981f0655e13c1c383f

SHA1
dd08c851f82112ff6e1dacc2ceb1f8e711dfb84b

SHA256
61aeca2d292318e0bef0e21d0fac02cccb89365039c8a1e4109458f147017d41

SHA512
f8378295ecc1fc7cbe16f65cd797485464bd033de4615ebd085cf2bede5ac8517b0b9927d838a20ff21f43e389771620bf67abdb421bef48ce3cb899a2382265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
6fb869cd95ebfc32463ca598a54800c9

SHA1
114250c1ba223ab8165cd5bc23a66c1f075e9f94

SHA256
56794d6aef2c7b79f5ef87039cab8b2d182c86a10b399a07249e2ee18e21c780

SHA512
4150625bf4aa8294cbb14084b32d0307bb4e495702421322f95cd7f38588e34c03d06f2150337df2fd421a218b1107de8612b0fa6b7d2ce21e944387b65a31de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0dc9d024727f613e9cbf4a464ef976e5

SHA1
1e07428e96310900ed823b4c3acc94729decf4cd

SHA256
b369ae6fc2e80a63bb32ba8d31364e318b7ff738ff3fc193292d18705e2bc8d6

SHA512
5fef8096a4223be003c1470fdc41ccc9a7197bbfebaabe518291b6c6e61b807b66da5706e961b43251c92dea9556a42d21862d355b7537b44a696fe2e3be1392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
6ecd76944acf9e56ad76946b88c32474

SHA1
c56913ee9cad1588e51e6adff63f44988ae1bff8

SHA256
4876f3249d0eaf0f467cd594263cf658cb5534eab2d3ac990e32944eeb4b923a

SHA512
cda990e68471b74178bc059cc2bbfb916260d9c24a8a209702836a651eb922adcea01e1228c4d8bd3bbca3645a6b00171ed88b60f1ab29fc38636d274ec8fc3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
e2fb966f5f5591241242fff1e103d8cb

SHA1
fd979212ada58596899be8febbfda4d10b5a1057

SHA256
e0520a08509cd1da9e52b278a7e19578110b9eb2072d44e762cced519f4d2dff

SHA512
2704245b50806ef52e195186d5667ab61839639c961dded00b1057e7449019db810e0e47a67e1cb75806c2fa64f087a4acb6d7264997124e9e0caddc471c5d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a405933299484817429a85398256dea2

SHA1
e32ef50f7a0dc172b0b9eafe1d0ad424834d93dc

SHA256
c14c28cb7b57ee6af47a0fc8b649b159d3bfafc48974d8e98f6078d0c6954b8e

SHA512
5618ee90494a5fb0bbcb603c5d930edf309a5eef5161a889e491fb94c381ba37855f425f0458cc819872b5da3056b2e02c558b1bbeedf95905e2411117058bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7327a92097d8e27e00acd649578cb6b2

SHA1
0614eaf7bece778639371add30c389af2c01a7c4

SHA256
0b6cfd92abc0517ab0d71d6f4f93001bb4786336b521ed54bd64c58d3743f2ab

SHA512
01439ee0b7d70340939a4280009aa07b07fa61aabdd4257fb0a792b26cf5d61d552ac7b44099785297c353779d5825e42cfa79d7ccc6a6e26a0a200bc2f5fa7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0c77020702ae31f00d4315cf7910885

SHA1
3d48724037eb71b7ca4471c627beb0a708f6f179

SHA256
1228b425439464123fcf2b21791ddbd80ed513e0826df92400514ef07d23ae7e

SHA512
3a49d48035143802b853fe5185e2e8687f5b2eafabafcba6960c70cfde0ca7c957e6f7a02406ef0fa1594e319d7248913c2fa4f690888f7bbd93e476650ce1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9cb7b161a69c2133a755abde73197717

SHA1
83db70ec7c202789441893047669a8d7707bfc5a

SHA256
adb0822acc2edf253840aca83722743b4aa94eb3f5e2f9e58df4c63665e45f59

SHA512
39dc12fe40302eb25dd39f9c85f373d3aecba5479ef10084bea088753c49d525b86df8ea8c5510d41bbafeaf5d6687435b7b4c405c680193d6e8d212e8c68834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4abb8b7992564252cd89e0cb1a6434bc

SHA1
1bfc746abe13e7d169bba93c8787fd07c189c4dc

SHA256
3ca8feed555fa0aac98d9271e130bb90c2734ee4603d788426ad1770e3a04a31

SHA512
6c95660a38fcf14bc253d7559007ddbcd1d2cbc49e7f208560b0d195d265d465f0f9d1bc6baa6dbc2ce49b61e31ebbad99e589fc36fe8b6a12f63cba642aa07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fd959c8d2924e184341a893951be690c

SHA1
505bcda466c8af1a6225c35d626047022991d59b

SHA256
4847b533ca7cce517da707c2d240b1832b5ce707bbc9cc1652a077cfa96510f6

SHA512
b82c39d3bd07079a7d056495bafa6fca6b7df7dd09a23e53ca13ac69e60e6fb44e22470c4e3681fd311fd9bb6a64a4854024f348d408ef05aaa2462babb8a1d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07f8daad3c710d982ceb8a164784a3ae

SHA1
307b1dd470fbe2386547873eacbec0a1dfff30b8

SHA256
9178db35d765f4265114438a5df65fc3130b18a26cab27282ab4ebe2445ebcb6

SHA512
2c8c3f8d8ae73fab1b0297b0f3a480b5f33d992695e28c02d9aac839c649c6c1b356a123d8214fdfb8ad19bb6557a63f6f1ed0bbb805e28acf27fce74d2b4c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
271c93192241484ef06d58810e81851c

SHA1
bf1b15103994a4cdc7bb59b83f47a40e1dd9afd2

SHA256
b7b9eb2831de50f92824b1323d324ee0ae8236442c008cac23cf3b1da48bc258

SHA512
5d9521ee6e7fc11906e19b87747e690d1223da7bab4528c263937ced27be27ae8463a266c005fafa0f7daab88c6c3d56f1aadffb76f5b04627971d27b153237b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d04355cd792f00838eac7357c47ff92

SHA1
e81b7ff0244fcbec88c6b313dc70aaa37d9fa9de

SHA256
830b8362324ae09b8ddb74c25cf7a33e22ee331458519dc7a6a72e768e165f96

SHA512
35c6cb1bc70e8a15808cbe4c7c1179b30cc3745ed4644bbad5115e17c952ef3bc1ed021efafe4b06de54605470f805f43265881a36d7dc04307995f8fc74a286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a65317c44cd7fa54791be72b176299f6

SHA1
d03773e9291ecb533a295b335321e81b669b0204

SHA256
23944a0c01f8b1956121d726c190766e05a8ffe02262deaffde157215fbe7949

SHA512
00ee96122b6c538fceab23ab0c9c088cc7b400a8abe3706b24e44acd032ac17504fd478dee94a0b1a743880b1b9a0b8ddfc808a30053609519ceeaff81525809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375475191753199

Filesize
1KB

MD5
fca8c832509308e0987ede5302dfc56d

SHA1
5bce8756da5d2389c2e05be201b0e923f21acba4

SHA256
e45bc2043d3fc76dcf58e3c36dfa9c3a7f70a5e826298250b110d4d58cb83cb0

SHA512
d10320076cf22fded3b42ded2dd27db131042d91a7db0dfbd29fcb626971bb4ed0101643e517ceaeed86bf02ee03bca43bb7bd8ebb789ec6a8ce509a5be01f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375475192007199

Filesize
1KB

MD5
406e11a007727d3d6bfee15757600d96

SHA1
ca844426424e18a30d0eb19ad988e4fd729977dc

SHA256
fee9f0fd2629fc9021f9858f529417ee8201230e1b51338b3443e3c72bfab58b

SHA512
d6a01a61dc888dea3ff7ae1b5b4f7a46ea698e320d5a8a12f5b8c846cefcbd373a81212361b212282cceb6afd5feeef17fe56aa753e54cae8b5d68439ee7266d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
079d8b9656dd502fc5152d611481a1fe

SHA1
edb69de9d439be3aed682a6b578ad15deffc3878

SHA256
a97557cb5f881f6ba63a1bb0563fb84f35797bd9a625e28982bda449a6a75e09

SHA512
1178317fa0655608316595caf46b20b30edfe603114d470884d74551b95974f58b5ed4bc848255976c5cfcdae1057348107c8c8cee02af232e90ced587ddca91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
5eea0f954efc987c8f71129d2966b47f

SHA1
e6078e76beee47f32e49e16ec33f1d1de9da6c7e

SHA256
2148f134a8894320d4e8433f5338f7255546c343aa23c25cf001bed600106507

SHA512
4ead9fe6aa4b9beafc86f774bd2cf86750a424414f9dc285970cd279b7d85dae2922d1503acfaf938bcf3b653129300a5f99325f44006e54d4f80e8c42f3cf02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3572505adb95e6214bab93a42a0f860b

SHA1
0317f53e1dfc4ba136e601fad6a5f131b0042338

SHA256
d899a2af8a3cbca0f05bb51b59f8fb36295aa4c5fc5f958f6539b5a9d9ab0e75

SHA512
e696bdb4998a75ae245b4e6ad6c53cfff484238d68b4628104595d9ff7c77ea34217dc348421bc740868d28deb9def2ee5c9afd81fbed16c9ef6dc4b508c7555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fdf3f72f34023cde2e96f35090dc5fd

SHA1
4def42d98827fdc4c46c9f06af78f4869a8d4bf6

SHA256
50809ebce09c7355fa6edc452d56b61a41b4c04219e8f1fedae44c9864ef251a

SHA512
9492ac26a69ca221a53c29c19c2ff43bb4113248a1572ccf709378d2cc7f6c37bdd22415e65ba16f59bfcc0eafe8f403cf19ff4128221ca31e08ddf40b97a32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6593af694d18b14cb823e4fd15867237

SHA1
e7ebfb40512484781b1f1f59af2f842d6032af95

SHA256
95dbf59582f128d049d2ba0ba3bb84afd1910bf6aa126551368139705592812c

SHA512
10d8cd200fa5087538a08169230b9063b70dfd4bb3327b5ab6df137d7fc07b6374f4cf3fda9f39c855b49145db3515b65efaa8dfd269a9d916e2b79b00b1b06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8d87bf4605948bb2b3a9c2d0d8abf10

SHA1
91c45f3bb6858cf54f3ecaeea28248d6db85a8f9

SHA256
dff163d6589f5a6f88c5c712050cac2660479e31d31b8a86a3ccdd4fbf69e33a

SHA512
b5899b46091982419e2c126f846ac9117a324dda84bef4c1db01b4c6e2d3ba45a075eb11752edb68e46d0787bcbf0239248a0a1c27c2573fa894cb2f617dfc2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2222029ac73326ab519431eb87d91968

SHA1
80d14837aeafe86331617b5f3e006032da5b810f

SHA256
98cdfeb0dce524d6ecc76b7fe33bb5a888766c9f2a99b97b099850a457c0a56f

SHA512
709e1e468caa9af459e0a14b704c0f100c0451cb908810ddf6bae569d1a97f5532f5d3901cb30fc8ffe4e03a29656559d724b067f1cb87069d7557b736a7c25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
914904a505c0baccc653642fb3ac77fc

SHA1
f828bd449c64d6112a0601001e145d597698912d

SHA256
72f25f831a260e0f533ce5b35144c3e1ef467aa88387665dd3a38a9e0bdf1a8d

SHA512
b5f0879dccb321e31f4c5266a15fba08eb8e07d738c6a59279e63e0b94e2b9bf4ab57355fc4d688aa6b172a8462f485ced96d9a8d4be5a200c7a99a50d155dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5859d3.TMP

Filesize
538B

MD5
8046521e7da0b2b94a3dabfd8c6e752c

SHA1
e5b324475c05651cb7567cf46e872154b1455208

SHA256
515cc976255001ba78581f256401708008be6fcd1ab868eb5258f02865736392

SHA512
4d0f6c77589fed1c9e2e6ca8f0085c4b57efa938539f0ed61d1fcd069ce817105e2fddf965a5d2c670ca510fdd8b959efce2ac604e9ab0ade8f643bd63e72caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
544df4922779750bb47f2ec2a2f7d633

SHA1
ce0ff2a27642b882a0ff7399d861337b6762edaa

SHA256
d28fa2e53023d6cb630d1658c9223e73c70f770eeb2c85e9ea9b2b2063e2e40b

SHA512
9e723d3513872761540ef7b2f28a41f5aa9d9502370400642f5a202e265e47b3a88d28ef001fddd06796d1b7ed4aee390e119b44806779738abaf56734d9d190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
73acc9bdb8c601ae5c83f2e935821de1

SHA1
1c1d88bffe50cfc02e6ce7870b5bd1276582d796

SHA256
5c3711357436c36c1de4a65d74445bb96757c9d5a5f21173e9c53c4496725a5d

SHA512
23545799d6057cf5c836e9dbbf10df3a1bc14686ef90295e9be3f84a680d5d2f145e089ba1378116021bc58cdd0695bd39e4c3bfa31e795027fa3aa97177e576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
075879e22ff325318d865aaa5790349b

SHA1
213bdb9fa31ce6953d28d79eebfd9cf6fc9e08c1

SHA256
c2ec9f3f646aad6bb80827c35474238b66cb83df58e3d92c5527336313c816e2

SHA512
f12544e0ee1f08a5030212e6947ba198f269ed4d8084e100b8b9ba5ad6b416b85d294dde4d83b5f66aa9bacf9bbe0db0fd678c4814129a90d96a46df691f23de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a1643f42a0c707082cbc9262e8cae846

SHA1
0144ee6c7877adb28cc63ed55c23f53c70c23aad

SHA256
b195c4be063dd4c613c355913f2b40e87b4dfcdc7afe033265eb39076dcbbbbb

SHA512
e7088e8cf6e2ab2f021849207c721b5f27e487d84d2a31bf21b3d3e93c1154810059663c0f3d5ad33ebd9c14803d77e614881b05b3363ed59da7309427669667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
273901ec89a65c864e51a0319fe130bd

SHA1
984d14b410785433b7d996c2e7fc4109ea752474

SHA256
43e3bd38a13dcef7a8d4624a88837171e23f1d2464b7b3b6929f7c700616ccb3

SHA512
397ed42e113effffe3bb57839e984f1f64a9432202775c062a8e9bee44b4a8a939e238af043b1133f36ed2694623f4c7c9a9c72968e56041fa80d9037b03d5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
a3254dbd57f370b96208d18d390b51eb

SHA1
0351a38f7b8cda6fb275a046c682da1324143877

SHA256
4d4da8cb23e5949c3a0c6724e3b2239378fec2dd51a2c4b198d0b0e83da8ee18

SHA512
6a379dfba1fb9f5c28ebb0e5a34afcb802e1b6aff26918bffa349b34b0cfb8900438676550f9a9d22c2645ae1ed7bd520131e03ebe6d9ff3510d67060d50508f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ad2221d412f055d1df17644d05435924

SHA1
40c0b6d8d1b754f2f7c65aa103e1afb0753f8e33

SHA256
aa6faf761a002a9e7a2ff769cf780a5613ca789424504317a11340b7b2ac5c0f

SHA512
dbf456ec36327374c6408ffb1ae17684e042769be6a2bd068f2ada9701e202214434c46cca88605713e8cacbeaef851c2e075fe13f5e3e50668742d0815d059a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
64d64d19885eb65071d55a42196567df

SHA1
ff98c76aa4ccf235589a99450b5b43dfd69d0ffd

SHA256
73dd4002801c54d6b494daacd52692b8efa7ab16effc19ecb8e14c0774c875b5

SHA512
54e5d9183de21f47f5bdfd5246cd7c43248506d033faa8118e15a7de7701d3c8b8e21c187ccd507519dd756bb1598a1da73ff29c841a94904f12e70d01c2818d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
883075407f556d17c47db06526d25d8e

SHA1
414fb9fbbc24cef9c42ac9e1f4aae9c144acbd07

SHA256
17d67c66a2c44930ed052b1a6ed6825b68ec4039e73723636e861e0c7eaddc63

SHA512
455a6d472d855a4320715d660f32e31133b7db9382c1bf7df7c0710bc4476633ab9f495d0b244a2b1163c70440c8387a47cf1c1f768a018e12b63f249d8c6b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a4afd21959b0301e6bbdff4ec3eeacc

SHA1
1eb0760d655a25e413d5172f8eab9055ceb4c11c

SHA256
8efc4821ce2c37ef14c2795282b1da7f1ee7df0f1f6d762ca1313496718ab9ca

SHA512
3201a2e54c8ef75f38c73b7b276a835e5a7dbf077101ce9282cd2f2111638499b45ad0ba9bf41c4b25e1f080b2ca18099cb6791ea9620cc2e8e86f106adbd796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b2bc945bbd31fd7bb2dcee48912851cd

SHA1
acc2363b7f6c0c190e9ec1c8c0950a61eccbcbc2

SHA256
c8b8c74818303113a9cda058fd3e5121f0f8a83765be6259aebb4a49ecbd8ef1

SHA512
8cc8e87a83a588207e498e6f0afee9d000d8521cfe5bf193b5eb00f06c41ab8e7355476a63c5e5a11c16ef7ef536ded36afc26e475db7d527048a1006f9408d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
d9bd42488097eef3f26c7ae2a4b1ba30

SHA1
a00315884e368332987740b209c7f4934890ef96

SHA256
041e5704fe90f2f897fdad6c7d46637c360bcda6b259267fbec90b2e170f389d

SHA512
db403bf1866fd4f264f611f39f175a5fde56f972c156a4d93e982b410a721bf05f10c3f5fa03d56f9bee9412871a24c3f89a5ed4646e7af5dcc81f264a6ec6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
fbdbd6196acf71430aab4e8273f9000f

SHA1
975165c66957534f0cbb1a067c73f5e6864a2645

SHA256
7d8dcac9d20fc23dc5b04cc0b7ae0e494646479a9f93ffdfe6f132b1e6bee58f

SHA512
069622ae8368e6622658137d42383fde556fb0c6c51f1b2f60d273732e124880c46f66c47d8ea9ab81e18a90debc3a57b77155c99bfbe5f1ec0458aeea2b45dc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 194914.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 245366.crdownload

Filesize
286KB

MD5
3081fcc0b7374d05468b8f8f971fb07c

SHA1
f8003905444d2f556c22ffb82e2db3669b58a37c

SHA256
5398a69b6fb0e723124ef34ab537b73a196cacb3a48dcf86004afb0ff6d8dade

SHA512
21048069fc04d85b0a7e42f4dbb8aa4252ebc78a2bb673a4bfe2d04e892052760b91db1f731b3d41cb13985055d897ae63d279168ec1ac6fa85c82a64373a9a8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 719360.crdownload

Filesize
4KB

MD5
93ceffafe7bb69ec3f9b4a90908ece46

SHA1
14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

SHA256
b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

SHA512
c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

Download Submit