51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

Resubmissions

06-12-2024 23:33

241206-3j458szmbl 9

06-12-2024 23:30

241206-3g4rpatmev 9

28-11-2024 15:07

241128-shavws1mdx 10

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RippleSpoofer.exe
Size

15.6MB
MD5

76ed914a265f60ff93751afe02cf35a4
SHA1

4f8ea583e5999faaec38be4c66ff4849fcf715c6
SHA256

51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
SHA512

83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
SSDEEP

393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score

9^/10

discovery evasion phishing themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	RippleSpoofer.exe

A potential corporate email address has been identified in the URL: httpswww.youtube.com@ripple9cbrd1
phishing

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	RippleSpoofer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	RippleSpoofer.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/2756-5-0x0000000000860000-0x00000000024E0000-memory.dmp	themida
behavioral2/memory/2756-6-0x0000000000860000-0x00000000024E0000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RippleSpoofer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
55	discord.com
56	discord.com
71	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2756	RippleSpoofer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RippleSpoofer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	RippleSpoofer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	RippleSpoofer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{221AB0B8-7A21-42EF-BA86-C553B8C2643F}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{1868C771-B147-45D3-8820-B16D8C0BA3A1}	RippleSpoofer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{4014A900-F68C-42BC-ACC8-F5993B081878}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2584	msedge.exe
2584	msedge.exe
3868	msedge.exe
3868	msedge.exe
3504	identity_helper.exe
3504	identity_helper.exe
384	msedge.exe
384	msedge.exe
1648	msedge.exe
1648	msedge.exe
2324	msedge.exe
2324	msedge.exe
1744	msedge.exe
1744	msedge.exe
4752	msedge.exe
4752	msedge.exe
4428	identity_helper.exe
4428	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2756	RippleSpoofer.exe
Token: 33	3896	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3896	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2584	2756	RippleSpoofer.exe	93
PID 2756 wrote to memory of 2584	2756	RippleSpoofer.exe	93
PID 2584 wrote to memory of 1560	2584	msedge.exe	94
PID 2584 wrote to memory of 1560	2584	msedge.exe	94
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2708	2584	msedge.exe	95
PID 2584 wrote to memory of 2116	2584	msedge.exe	96
PID 2584 wrote to memory of 2116	2584	msedge.exe	96
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97
PID 2584 wrote to memory of 216	2584	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/Qt5NMSgdzU
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2d8246f8,0x7ffa2d824708,0x7ffa2d824718
    3⤵
    PID:1560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:1648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
    3⤵
    PID:3228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4132 /prefetch:8
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3620 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
    3⤵
    PID:944
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16323713272701145318,13063147799185364253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/gRc4Btue
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2d8246f8,0x7ffa2d824708,0x7ffa2d824718
    3⤵
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4430550730071136748,3725333455497074732,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4430550730071136748,3725333455497074732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4430550730071136748,3725333455497074732,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4430550730071136748,3725333455497074732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4430550730071136748,3725333455497074732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:1300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4430550730071136748,3725333455497074732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
    3⤵
    PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,4430550730071136748,3725333455497074732,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3424 /prefetch:8
    3⤵
    PID:3932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,4430550730071136748,3725333455497074732,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3556 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@ripple9
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2d8246f8,0x7ffa2d824708,0x7ffa2d824718
    3⤵
    PID:3012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
    3⤵
    PID:3108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
    3⤵
    PID:1792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:3060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
    3⤵
    PID:3500
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
    3⤵
    PID:980
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
    3⤵
    PID:2024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,15110798334188773346,3008743403027845690,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 /prefetch:8
    3⤵
    PID:2764

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\313a08ce-64c2-44e7-a1c8-4fa131407c6a.tmp

Filesize
10KB

MD5
9a1ab86891ff25d020be94c913b03438

SHA1
e9c1c6c044eef7d9d1bddcc58f9849b81f12bec8

SHA256
16d980cf55ccd5ae7f889ba1729b3c0e950aa628524a3fc0a963cc959cb31dc9

SHA512
a19792af1caaa82794c699bffb20101286b7cac67b894004e69b1e3ae069001e45385fd1a21ca9d5843678deed919811750afc9fdb566a020153292b5ab63d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b8ef0103f228c9db6d2d0ccde16d963

SHA1
2c5e720e1213d0afcb04b67141bd8dfc72a236ca

SHA256
2fdcb0f33f3a49674cab1ffd8429af5fb1b29bc041fcbdb3aa6b6bd51d4a7d45

SHA512
3b1520fff4aee7e24a9d52df2bd928321080cadfc2fe8dea65cf06094f66de21dd759edf09ecb73f6cb1edcefefa8c5a77da5b5c23be67ba61f5a6e2b7581cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
355f6fc0b87fc1f4b712742c193db600

SHA1
bfe9b8a3f357c325687c038704d12b9735423020

SHA256
4725b22968b6a8d2318840af119c2b3dbaec52a478a2e454e5b8a196cbd59f19

SHA512
a7043378e1a70a5957a384e3e5a217a8c9142fbe23721855b7b610c9c133189a13bf3f70b24a2a586761d6cbe49101259b92d0953a213d5706c5cf44ba53c576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9db17b08bc648245d23e16b1d8b8dd3b

SHA1
daf11fc8f3116fee1e35ff1d9209bdc41e143889

SHA256
741c599b760ba6a8fdda03ddc3e984a260a212e44df9d51b25c821af84c30b8b

SHA512
a6541b7cd5f6210f8dbc741613ea741341b843bd149ae6f557e46bf9e436e78eeff0655a882576e5f0b1636f661f2b52bf17aa6c7959a3556fdd4f18089b77b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
67b1b9c4f5649452ead2bb5e6476b511

SHA1
be7595dc4c112f82cd5244c33c25cd4277bf5e52

SHA256
abb8f0e1343db9939a92856fffe2592da6ae462489a251d5b330950963698cb3

SHA512
63972dd2fa867654a110bd5c26e9cb7c33f81914089c6d7a25b9b8b89726def1a7ec01753649fc2f117266dc654ca1b23516d469fa6967df71d1759434334ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
41ac43435fa5e32b3c6d84250f1574b8

SHA1
69527c9d169bbad9d9b0da07274d0e141d6d1d47

SHA256
befbf066b5a51c275cbf47e3d76f350a339bed28cf36877262d5ad5c701cb739

SHA512
5d7c58749a40bb662c4cdb35835eed6f6f1a16428eb8da76e111f2df489113bdd51026e106f5d7ea10c4e72d112dad73c58b0f172de162e6ac5c4cb22bcb9e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
c342be7b9261b63448fda6726d44a78f

SHA1
5c3b9492b3dea1464ca7b087b1babe6a224c0275

SHA256
43a52f792f52ffbc51a4aef2a1029c67729fdae0446261a32b7d1798cd832ef4

SHA512
5f6685987ebf401598116c15c5d1f3d2ac743250b379172ba072e94616a8ba5dfebf8a75981216e924828fece7d4cdb3de95debb4cfb21ee2aed2db2632fae55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
3d694a9b156290be2be258d535a3b5c0

SHA1
9ef3e54e3a6914ffddcc45fec15adaa421633258

SHA256
f50a8330517b6d663c9c984d121019c264358f7ecc77e65f1f4d99f7c79b4a67

SHA512
2ad7355e0c643da0c4551b656d60a4c782e26900574cdc2f8526c25783742b9d59bb9d78257ee184b3b9d0e30ef3bafe16d7fe3fdde5ccbe550b92cd26e69950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
0e43ede61bfa28c925479bafddc5596d

SHA1
c5017206f53e909d3b7635910320109c4698b496

SHA256
6b1287db8ef41a6183dae48d073fb6f8846b61c50643f049c8e4d0e7be51a10a

SHA512
297ebf8eed05091bff1768c5921b2d8b78f204795870af6095cae2503abbc7de3409d6fc8e62adc16b6cc56e01f2adcae056ba11299d2123f1764559619edc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
90051cf484b18286fb0e038473467228

SHA1
eaa2ff4397ce156b9146c569f4547cec40ded984

SHA256
accd3d1fa02a0022f1035f8a354571442cc07f5ba5e08de0e09d7ea7962cfe12

SHA512
6cb6b6d8d7ae9b5e98531d0ab105abd1a8b4cbce2ecaab4fa39d6729364195cb9cc5f62c3c26caa9c665a7cc882638f91881fd3b1211fa40a0266aee01f53f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
489ca503b6bbe1007bdd53786adcc94c

SHA1
0998b360627878da5debaad4ac750009688f6b48

SHA256
01b7a4593386ac028f9c2203f8533ccaf521a2d10ce76386048de67befb9affc

SHA512
abfd84dbc9b068233991ffc42d0cb30dde9e2aba5b2a4c921d18622bbad700c1b061c64ee3bc155cc85a579cefe5b3d7df117e790cad1125126e8c9d2d46dc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
86af2f5f39e206b52e2f8dff943df2a0

SHA1
3de954025b44cd7929fbfaf976b981314ef74c34

SHA256
a2df17cbb74aaf296f6bc08d5f4e6e57286ef84f1121329faf29ec7b07b6d9bd

SHA512
cbda2738e54d75a30219d7f3c46d10bb3d1e83ee21d6f59da7b4be1806971437335bd22df285feff5a10271ea0a1eb7e3ca99a03ffbebe05100d67b004c4dc9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
490614f0cf4dab4ec5e309af32b3d685

SHA1
b648ed6d0ee77899f33b5e2346cf9304727d7101

SHA256
a568e443ee0a66248456ed99146185a2ef7372c6ff40e6010f12e2e43f4c2146

SHA512
75046d45632f71f170767b7aa8b41ed72bf42df245d0e87bf2b749b9cd6a86c67505f90d32f02633861dd805ba6d4d0fe53481d976e53c5a1b0009ba547cb00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
564B

MD5
b2d150c7598ae69fd4370c036c5a541a

SHA1
13f2cc9fe90674ca65979090a1f6d00e73702b37

SHA256
2d2a4c5f1fe8797cae38bc004f01049b3845c3b92ea14543a7b4d44217dd4f31

SHA512
1b836a4699a8f32d925990600e1e1422579deb1686b88a9ebd00e9bbc81ba501917cb60050bad7c2e170c71fcab39e1914c7cf62aa8628891ec1050345f5024d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
5KB

MD5
6c7f59788c3e119c7868699761cb33b3

SHA1
f584808367c438c7134160dc36ea9837b1396251

SHA256
ac1ee2944ab325f900dd03e18828a9ba927a292fe9b5b2b44bbd20b3bebfa22b

SHA512
bbc7b03a5a8b41006d52666a33e2c354eff37ccc50dc0a5913a2cdb34a9fe576fcc1c50a0288d1401e211f4481a87727757d5f43b6db2804e36da9ed100a3abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
328B

MD5
980a33dd42679d47ea15baeda8576fc5

SHA1
734c3e6e252bb9e238fbea5a65e8fdc10b5ab6cd

SHA256
b5fb7c4ef32c9865803cd8bead2afbe04b8f802dc6dfe923ac16b626e2c3b559

SHA512
7e17ee82776a23dc4876e21485dcb427fc7f972d6a13132d355c3b1e87065bd36f5eb4ec6a591a780997cbfddf4f73edc7977398d10c92cb803aae9f8e2fc041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
536B

MD5
90bcb92f0e909f5f7728441bfab04890

SHA1
a83a041c833e2211c5f04f275be67ebbfd253c3c

SHA256
b0a7cc004f133605ae1494e16f6f94f6d4601333a0e48e0826f6cf2a5032dfd3

SHA512
54da1da85909eb02cfa9b1b4d7629d548083669f1957e20266ca10ba8f6b4cc624a4b70d671e57bdf3524d77ea8d7793e91d253b8646fa4672d7691dd52b8f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
779B

MD5
bdde873630a0500b0ca2a84596f0abff

SHA1
f2550929f09ec9e0c25f943137acc5dffbfb576d

SHA256
48499203c876ead60c9dd73de5cc15b62d66994c073d0048553e512ee3ca7262

SHA512
03c40f4325081b66e20bba9ce0a87fe9de950ee914cc316ccc3301a127563bd006885035c15218efe34a93d63d47803e71a1ba63b7473f5cab704df8f24312ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
479c0123c776094f17160c1e57acbe4c

SHA1
2fdfe5f6b8c4b048c3368c6f8787ca5260ca6c79

SHA256
05cc0de27e00220a79bc4aedece60450020006938c3e4d9e36ad0c8640450c9a

SHA512
3ad3e9b0dfdd86caf62a2eaf97bb4c033119bf7741ab94dcee1e124ed308acdf0afce96f036e4c6251b2ef11bcb5e92ce77c93671ee7328d969cd268faf25f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8dbdbfe0510ce204a226f47a6ee36e77

SHA1
643952eff65f16cf1bac6b6a51d1c560336b8075

SHA256
02df55d2b0f8cd0e246f40a9893df5469a19c75647b6077faa4dbc83df439096

SHA512
f159de6a7205ba2f4f39f4c5fe381912fc8e5df2effc18a08eb55057f0ce67b7f861860fb7e8a4e624b08f7eaf21bf0febbb72c0daefb9f6e6ea685a9b5627c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f3cee13c4c41c02d8c1b51957d0e88d

SHA1
3d3a395219bf0bd9346fd21ae19369be7e09d4fc

SHA256
25028410483a4d8a3e10013ec2025af32d41b700c8263fa9cea71f6405052a36

SHA512
c09ea9f59c25bf6026310d658b87307754f88e4ded22d09ad9d9c41c1f85b051d85e891ad10d0d3f8012e26864b30d7d8dc838add308587b7afd0e9411a09248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a20f5376af2bdce33bc3107b2d3efe27

SHA1
31cbf140688c04311ffb5f5173211394244d7986

SHA256
b0157102bba63f4c100c79f804054fba6db572bb9b4762ed23a4b8e7e183b7a8

SHA512
64f57e6ede54f04ce15a5cb0f5caa4f9f1acb137154f3d6aaf18836af029fdb0867b0759a837adbdfe4db7f53ca338ad79ae60450bb1d1d80b3047887a09b15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d97c5d930771adc64079af3d6b48e2d3

SHA1
97d0005b88dc22a2941ce628d07b6dde3ed55749

SHA256
da55695b2860ffd2b7c065993d400a06a4ac6c8065a98547271869b2cf986ad5

SHA512
674e6a84152d18a5a45a5d3d054e823d0b34d469ca2674568293b6f3e3d9b02779764a69b6c8e526a9a19a3e28984fd40bbef6c4349c272697bb78ce57bbccd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
15dde2eb7d61dd245c7b1cc8af0b3856

SHA1
346772274e64a7b5626f298d55cdf9c8151cb09c

SHA256
96bfd77fff0343674b2a6b15402b09880be35f90500f4b0ce7625fdd7ff3f2c4

SHA512
7d73748ae2692b3d05571fab0d05e4bacd251ab23baeb25b9a72e00d0e67568b19fe4d80a2f9e311c33015a788f4b76016e058bca8da45b4aa40804145eedc07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
383b37e8b225748f8a97a7f547498f8a

SHA1
c75a0a893bc9d8d351336600a1a925d14450057e

SHA256
2ff9be26c0ad01bbf01312bce8b5ddd4ea3705e20b6ae9a779d767038c021a20

SHA512
f67b959b466e0df91d64794c951f6c22a937d99f19a896c58b3d481dc22716ba598dcb2cad973bd91ee40b85ec93cfa03cc1c10aa26f7a3add6230db289703cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
2432d234913dc428672c181e95eeeac0

SHA1
2b7297ff6a5e3ecf8269f9864556748843e5fd47

SHA256
d9b9d42096627b2e2f264e91e1fcf8e62b08838dc112112d9e76b0dc2571ea7a

SHA512
d5472c4899698aa04dd6e268ac42d731e72e88bbd077408325941513c06b09e65855ef6c093c0a61e9ad38598f309fe45a6e7e7a3f835cff9af53e77731b254a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
501B

MD5
98973513941cf0e9b7011af3f9bd68e8

SHA1
051f987781a837b969d759f429a05b7365c76cd2

SHA256
9894ca0d5f828c4ddc32e337ec17f8b7c630db4a1a7860828414620dfa2594f4

SHA512
92a93654412927e7d28ff9903535f7aa8ce2109267ac8e5f800972a365a73af189417fedeab5766dfe23349b1d402ccb2882120b32f1ef890f8187fe90d28ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
27a172c24b0ca8d89e6735626b030c41

SHA1
13e14f665cdc3623130e71ac4089c0708709921a

SHA256
bb8556f2e386a8e7beae4059936cf501fa4a64cb97951f206463127e85aa00c0

SHA512
6d1701c7cb2849482e5f216f9eef9abde56c99cd6ecbe19955fa8c4d56707235fb7c8f2a1ae3c748a20b79c6abaf7395a32750f296c762efc10542a8074982f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378001535908298

Filesize
2KB

MD5
2b04776237d9dd3f8635bafb5117ae47

SHA1
931f25a2eca62d3a3c8cfe698b656f1b7be135a4

SHA256
b735f39d1b60f56707073460aaeeb836be98a0fdaa2849fabceeecbc7e1fdcf5

SHA512
3990e5b417588d76d9f6c20f4f373147ae611d7429a2b4d864a9e54bff402ea7fa0adab9ddbcd66f1df59c8a45022326d5c232e460a6ea73e18b6767d1e0ee0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
630eb5d77df4927c5d543f8382c79474

SHA1
5d4257c85401d3ed1252d335d56782e41e8e2edb

SHA256
c9fe7fafa2abc8bafb5bac7b3faf8165d359e0e0e7190ba1dc1209085414cd9f

SHA512
af51a4d748b752d3b165314c0a6a51a451c01fb6bf4137b028e96a9597a9b189c5d21415fe3e7df85ec2d950c9f07efd428faa054cff031e6eb151a8910ba7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ca7ea352f83a9f1fdd6877c3b1d37e92

SHA1
97d815144b6f19df5afa938e2d57746054e60a6c

SHA256
a7ca8afddbc1da588905e037a3b82f551bfbe1c5ba073acaaf613540e6463393

SHA512
96d70cbc08ca0ff2be9d5efe5ff008bdf68e435fa51e2f196b32405dd09b25db880ebde65492270ec889b8be844eff41f68030bb77d57253573e5751fa0b4cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d7861a562e79b927d6b99235f524cb4c

SHA1
0f2ede892a0f0ec8fbf536bd1e73524ec1c18253

SHA256
5065b3941e61f4a22a67cb994a024f165bf873845cb17a69dfaf7fbdbad7203d

SHA512
df1f4bfa2ade6a5555c14a7c4ddac65539d8a579c215a23b3f86c1934c2ddf5ad99ba699cfee349f1db8b74149631f5a496a004d086df1f82f8ed507cac4ace1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
45f1f20e288301b76fe444204d65fbf8

SHA1
7f5928912fd75a79085fce7e8be8ad761143fa46

SHA256
f2b511f766b6d190e34cf415fa306096b20c0f612bb63a75419fc06ea00b79e4

SHA512
8bb5d0a583754f738b3ad694515b6194fa2ca01bbbd5ee27791b9b2651d0205b87933b1ea07a42b824ebab529bca54457bdfb82f179d7c7f7ab4a5148b92ca78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
65b4fdc3506e2a4a0bf997cc865634ce

SHA1
53091ea3e9c3d80c9825635145d4a156d6cf1cc9

SHA256
2e33d6565a4907c68a3afcc4ee134fb4b4f587ff914e7ab48062d750f6e69468

SHA512
b504d8dbb24b7cfde28f7d21db31cf84c49b2a6702446fb5395d9ef3fb23edf23dabf10de54547a4f55eb9af898fd91ff1a4aa6685786c497860327cd03c469a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f85c273c-cf0c-44a9-ae19-6ab52801667d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
cd1da6fd85b33370742628630ebd6808

SHA1
3e7ac7789637514077e9247c5538615dc3db55bd

SHA256
b3ab96517ea234ae231646a83513f897295f94f9415a8a7dc887e21b4cb29856

SHA512
ab360d2426be3fa677e9012098f6d9059bd43812ab84e5b333dd260ede31b57489a309b77d5204cd541e54c2d99a75f95a4116b3e282817d206872aa7a334e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
9906c158a3bc612772bdd0b44081397e

SHA1
a8c9d63f6baba4f45a9da860a19201322811f3ce

SHA256
3923b9d9b9c70c4f990d1876ea2ae0f0e03fa8f08acd6910503d406664854d07

SHA512
e4558254b958578328fa3a51a43c9185a3dc37c63900191491c54522928c137180c2cb3b65f78fe872f744f01f7577b3128a5a43417567389e354cff05888d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e43a32b1b06e6a52073eb781372a37c6

SHA1
9d7a99f3ce0067918277f2702d9167ec5a24b182

SHA256
c715c3734ac173d86dd87fa68d7a7735d66b38f8ec48ae9fdbe2ded157a19206

SHA512
8b1d0e4b1290c023128e9304743cbc214320da23d016307202d772ca1b3f4cfb506f36c10d3a96723031ffaa1bf3590534926a6812c82789b43c1836eeac7ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5706ab74a4bd9f2f8bc1ab882ca7a7e2

SHA1
6ad98d9095ff1efc426757960f0fc033c3ff72dc

SHA256
c445b6b0a0d9ce7d6dc76fe20d5a0f355567871989d4cbccf38ae8bd1b556aae

SHA512
620997972d63d1f527143be452bf7b0182d4f030f0ac146c9f512723714f4cebe088590acdbe1d3ad1d3ad86fa23c88d4d4f610b311707df7339615b89a917e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
de4ee79b2ed18df0c8361d1c2bf81c1e

SHA1
1d8b5f5d85d13170ae189744084c306e272d3661

SHA256
e6b7385d1831f226c56a1e6672899618cb19349bf156fb8011aedb9a87295e4f

SHA512
f36508b3778b31fe978374722d59fda4439a610eed0530c6ba0e6b04ee42c0fed7847d214dc030da23e9e099bdeb188306d82aac97d0e29f0c8cfcc718e71091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5cd3791aa84d8c4c2b094dc56f830a31

SHA1
8b5b0c229f2b60a4d4958d3be55697c9a46ce5ad

SHA256
f278f3294d5cc5cec764f11676f0451455a0d7b9b5438136b9ccdd1d3f729b24

SHA512
b1f75b9cdb22b2b01858e7a474dff7398a86296c780dc13f19a28c19c8197e075588c45d90445c617ed4f2f5772b6284e824d52c18773baacd6d1d37db3732b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
18KB

MD5
b9935768bbf9ea7aa82d695154bb54b5

SHA1
0174f4890ededf665dc03ff77d0a035c027343f5

SHA256
0a51ae9ce946c48a3801add47513fa1363ab880e2d12d740ef2289addd3e6166

SHA512
627b2d42c02e9d9b2c38dafb1c578cbd4c5ccc879d129da00f71c4826b5f1bc853bb12efb7b40d007d9a286d85039c3a65fd2a4d33f9adee9f2b760c4e43a3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
09815f061ab43c21c52b8d1a808ed5d4

SHA1
b67bff335f7e35e3d669b9c73d0c7e0fad84bbc5

SHA256
e84aeb5d20e526501ed9a3b417de98187c1c712c6fca7ace6f856312ffba5cef

SHA512
69970f047714c446c7f8e9be0681f22d335328418bd6109dc979ad35f85583c7086692d3d209352bf0743d0514db62b65b4648ee2c5d259fca7feedaccf8e35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
17KB

MD5
ed78c6e72fa2e36afacce977e1e7af2e

SHA1
55b558fed29d02a3c92a40e9212f38901219a07b

SHA256
8d7a76208e0dad3a0af54a16422eea49a369fbc04c98cb7d4d645aa026855bc1

SHA512
19356d2d8b93f8d84040b32d709547ac1395be20360119e0c47fca1050088f2cf5378526c9607f925bd51a444c857b475b0510bd5966ceb8c5a73c1a9c894592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
21KB

MD5
0fcc7e6341a0ab30c5f720ac73fea7a2

SHA1
1a381a7daa29c58bd5abf60c8ee33dcf6ac4fce5

SHA256
e18057644b78b32ef9d4e1f034bd144a4cfc8728ec9390192d5eadfca749b4c8

SHA512
cae450f3acfd3699ba28a8fd7e9f3ad0ddcf92ca84b494d23d417ced04629b2c24d63b2d173d2bdf3a0dd05a1642818c7f0268f90046bc6fb4e033e13dc13be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
21KB

MD5
2f1836d6cd0940fe34eecaab43267238

SHA1
c529fb7cfb68e5b6e14f9630eb9beb3e1e7e31eb

SHA256
9b6995d63af64d4b4b6d822ee10abdb919dbc665ea3d8d0e256f3b1218798ab8

SHA512
889f0c4fc43f9576966cd47d6c84edfb702746afff1fd8cfdaf57483b3c3030341feb3c29f7db24c4f5db155f3d81065ba00f7f4ddf3e827cc0af9ce4ab098aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
17KB

MD5
814ef91d260a01b64320418d73b58e4a

SHA1
e9bd687a68d4e3c41532568399be9e165e1fcf20

SHA256
6a386e4a42c789eb0a136826e6c1babe03736c05ff3f5503894611fd7f8c00d8

SHA512
bde2466256bb5741fa23bc05746533ac45dbb9398ed4653133994134b5c445bf632b7acec5db58a671b9713286e2e7d9f5299143f8ef8d0e6f3e66298245616a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Filesize
23KB

MD5
7905d2880e34ca9374ee3399d24222fc

SHA1
d7a0c63a1deb47b92a9960205941c308449da9f8

SHA256
73126a6fe8619888f41d5030a556fe19777a6025541505ea6a79167e6c1c2199

SHA512
c02992277f92f925bd7ddb4eed47d4026d7e63a9bd407c87fce7e2ecf8e4c8edde4dc55336240dbfd8710ed06b5aa42fa6e01d30c6fc15a59b2b37d848277346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a

Filesize
16KB

MD5
744b883cef35ac452b27e29cd695c295

SHA1
4b93e744b67678362c1692cb31dcce5f25f7a4ad

SHA256
2b7be61e9dfa867719759bedd4facc12fc76bff43f72e8bbe43dcdc2c40178ba

SHA512
792f7010d60f3b4ab88501f272bf91879d88285af9067dc32f807b9766ac67a258eddb59fb278186ef79a01b3d8cc3d6859d47dd7d6c0d4285d196344a96a6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b

Filesize
24KB

MD5
bec5da811318a330f6079187e50e4cf9

SHA1
25a536ec5af7c266d9b013617657ee8c5cbe4fb7

SHA256
f0ef18e7dafb2cd16e044313d07402e1334ef8158ec5e3d3a81630df892e0330

SHA512
cb900827c142b06919c48cfbf0dc115830e083bf1b53a9b41fc98a28292a0c63439d24d0923d27e1915cec0642d78f7196f1f09cc3d52b7dc4c11dca140bd26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c

Filesize
18KB

MD5
aba0c643aa297eafd100f54d53797590

SHA1
6d9ffdc9f9926c8bc50ba28039f4c8a70cbf1bc9

SHA256
8a6e5427aafcf96583485e64fbacf92829c17e89526a504e1a86bd4a477af987

SHA512
0a05a0985808ac89fc78bac0d9988a3e14c6c0d98c9f63432001fd1ab3bde76b4ccf276519e63e0ecf8adaf83e3a898ac87773f1fbe724c1b1b087d46be54b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000d

Filesize
17KB

MD5
9548854eecf5dae8a2966643145a8e6d

SHA1
8d8313816a0584ac762ca2e7f1e1737306da3798

SHA256
54eeca0dffbcccb488b055dd02ea169b16e7c421ea809a8d476ad5c3d00c264f

SHA512
cde609b619258b5999325e6a2b00c22b2081995f95edbcf4a074b6b4ec1a3b20910a26e50d35544ffba3185c0b5d7ced22ae694dc523f6aee2a4686399f92f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000e

Filesize
16KB

MD5
808684f521065888d8a375f8bff90a17

SHA1
eca380de3eafa04bbb2e44dae8ab549e5930db0d

SHA256
a22ba754f580ddbbad7babb3e2d70d6f0ec85a9813252bf001ac9b33868c8b4e

SHA512
eb8df479a923880214ad2298fa49cc67d2c48d4fb0b821d016a0bf94f4730a6e5e279f8216db9b580ca89394680af9d5acc87911cceed6e04b35d484214f503c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000f

Filesize
20KB

MD5
1b9e493ea6e6f254abe2fe4bb27a13e5

SHA1
eb38f0a0c112cd919d7c36cefa0e24c291397e9f

SHA256
1653ab113f5f161edb1e149b208b6af6a4efa7ba380acd4bd79fbe4a04bd1ac3

SHA512
a2e80ebea938a76069adf24b98dcfbbbb0009e19346b3953eb5b20ed4999239af5534d1716c19d41957bfe58c8b67c43b62fedc137b16e136f719781ea1c0370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000010

Filesize
16KB

MD5
8dfc735c1346063140116b08c847c113

SHA1
bc962423b3338b20d36d2715cec5a41aaf856f66

SHA256
cbdfd737983e9e128e7fdbeb815f69bd94c338de2535adfc3c2e0f40d4d70f10

SHA512
68918e970c317ade1ef532913602ed87bf5132a83ebe445ec9e838139920b22aaa8bdc0db8f3bcb5b9a127b779ce50199a5ce1c606ce06a23c4f05a0b63db43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000011

Filesize
17KB

MD5
a2a8d4620524be9eca7f61eac3fb3c52

SHA1
68caf758966594d7c2de8ae9430a6b21d76eb82a

SHA256
39f3ff198c8f282157f3c4fa3e41ac5fca9954a9780c2b4cbac94e69aafbad3a

SHA512
682efab9a1c9709d6d66bd86c73624160108df4eb9cad89fac62e2371ce3078cf4f7303c9b2dbf37705f4e0ed5fca1cf2a8be8fb504d685ad2b10dc7d9dad59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000012

Filesize
17KB

MD5
517bfad588ec7851568b098f07f91b91

SHA1
8c1568e6549e0d544e9e6f4bf8aa0d33141171ac

SHA256
0a592ef27e1181262cd2edbe7ba33463105425d0517f52884a162144c63edb1f

SHA512
981e768c6900964635571a0ad2f12b10687ed215d7ad608f61a58ac294f59224e1f74c58e2c3779fe79a2f146cbe6d2f61560ec054b3de84c1dcf11636be932f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000013

Filesize
17KB

MD5
9d94395346f6683bb6b116c66d2b643f

SHA1
62e3103ae9b8d5eca5b64a2feb18d77ce925c864

SHA256
8eca00f18dc0287afaf00f6404d330652a4b1a810f7dae73c774bb9b01dbd982

SHA512
7eef3ff363f58c948a44a88a648be00a788d9fde4e133a5bb136856972243fcb287c32bbb12288c20c2621a19570dc5fef994ec6f761fe7b41337b3e1ae36349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000014

Filesize
17KB

MD5
f0d08439cd47e39ffcf4db8e4ec35688

SHA1
2475257b6eb81c4e2b3c50097f485c7d5db6cf5d

SHA256
661793d32c8907806879a1ec589738d80015e9d41faa5eba109e7d2534c6fe3a

SHA512
616a1a805d914e49b140980e588cdcfdd645f4a3630ecf52ca3c73706bef6cbc0fa6c35d9f24444b73db1b97a3294e35e47014ba7aaf2f0171ee85d3b59ba655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000015

Filesize
19KB

MD5
a23cdd3c23881bc62921984b149d44f4

SHA1
022409d277b33739657826ffccc741c16309401a

SHA256
d67ca9845f60702efbbc4478ad7737a872869237921e805dec7806211baf2b05

SHA512
d7a1264274d1ba59b725c8844a55d0c12a5b4d91018b68a52e9ac9830319c0102793582f9449881f076e3038fed25a2421280f696497b4e762f422ed50cb0bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13c9074e48b598acd65eb8deb593f3ba

SHA1
3b4c12adce6dc36a8df1f75fef613f6a19226841

SHA256
b408756c7db4041d2f8feabd3bdf96f29a41c6e8a50fc296ccef83f9b533c2f1

SHA512
319f11a9fb6305667fe7efbb57c1d0f204b4ec89b849c7b9458b38caa1e27faf8eb2f87bfaaf9bb1722e68d90c06cf36def8f2f883519e4137ab90f0c8bf6a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/2756-25-0x00007FFA4B860000-0x00007FFA4B91E000-memory.dmp

Filesize
760KB

Download
memory/2756-18-0x0000020AB6730000-0x0000020AB6738000-memory.dmp

Filesize
32KB

Download
memory/2756-39-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-37-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-2-0x00007FFA4B860000-0x00007FFA4B91E000-memory.dmp

Filesize
760KB

Download
memory/2756-43-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-45-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-35-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-33-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-31-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-29-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-27-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-47-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-24-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-21-0x0000020AB6770000-0x0000020AB67A2000-memory.dmp

Filesize
200KB

Download
memory/2756-41-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-19-0x0000020AB6740000-0x0000020AB6754000-memory.dmp

Filesize
80KB

Download
memory/2756-17-0x0000020AB6750000-0x0000020AB676A000-memory.dmp

Filesize
104KB

Download
memory/2756-277-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-16-0x0000020AB6700000-0x0000020AB6734000-memory.dmp

Filesize
208KB

Download
memory/2756-13-0x00007FFA4B860000-0x00007FFA4B91E000-memory.dmp

Filesize
760KB

Download
memory/2756-12-0x0000020AB5A30000-0x0000020AB5C44000-memory.dmp

Filesize
2.1MB

Download
memory/2756-11-0x0000020AB59C0000-0x0000020AB59E2000-memory.dmp

Filesize
136KB

Download
memory/2756-10-0x0000020AB5780000-0x0000020AB5832000-memory.dmp

Filesize
712KB

Download
memory/2756-477-0x0000020AB29D0000-0x0000020AB2B79000-memory.dmp

Filesize
1.7MB

Download
memory/2756-9-0x0000020A99E40000-0x0000020A99E41000-memory.dmp

Filesize
4KB

Download
memory/2756-7-0x0000000000860000-0x00000000024E0000-memory.dmp

Filesize
28.5MB

Download
memory/2756-6-0x0000000000860000-0x00000000024E0000-memory.dmp

Filesize
28.5MB

Download
memory/2756-5-0x0000000000860000-0x00000000024E0000-memory.dmp

Filesize
28.5MB

Download
memory/2756-3-0x00007FFA4B860000-0x00007FFA4B91E000-memory.dmp

Filesize
760KB

Download
memory/2756-1-0x00007FFA4B87B000-0x00007FFA4B87C000-memory.dmp

Filesize
4KB

Download
memory/2756-0-0x0000000000860000-0x00000000024E0000-memory.dmp

Filesize
28.5MB

Download