hxxp://pronhub[.]com

Resubmissions

07-01-2025 08:22

250107-j9tyeavjgq 8

07-01-2025 07:27

250107-h9551azres 10

Analysis

max time kernel
972s
max time network
981s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
07-01-2025 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pronhub.com

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 12 IoCs

pid	Process
1668	ChilledWindows.exe
956	CookieClickerHack.exe
4680	CookieClickerHack.exe
2540	CookieClickerHack.exe
1732	CookieClickerHack.exe
4080	CookieClickerHack.exe
1564	CookieClickerHack.exe
5196	CookieClickerHack.exe
1492	CookieClickerHack.exe
5256	CookieClickerHack.exe
5768	CookieClickerHack.exe
4028	CookieClickerHack.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\X:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe
File opened (read-only)	\??\P:	ChilledWindows.exe
File opened (read-only)	\??\S:	ChilledWindows.exe
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\K:	ChilledWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
163	raw.githubusercontent.com
164	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4084745894-3294430273-2212167662-1000\{969DADFA-CA05-4B23-8F65-0054A024725D}	ChilledWindows.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
736	msedge.exe
736	msedge.exe
3424	msedge.exe
3424	msedge.exe
3788	msedge.exe
3788	msedge.exe
6040	identity_helper.exe
6040	identity_helper.exe
5660	msedge.exe
5660	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1668	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	1668	ChilledWindows.exe
Token: 33	4412	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4412	AUDIODG.EXE
Token: SeShutdownPrivilege	1668	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	1668	ChilledWindows.exe
Token: SeShutdownPrivilege	1668	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	1668	ChilledWindows.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
1668	ChilledWindows.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 4560	736	msedge.exe	81
PID 736 wrote to memory of 4560	736	msedge.exe	81
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 3600	736	msedge.exe	82
PID 736 wrote to memory of 1860	736	msedge.exe	83
PID 736 wrote to memory of 1860	736	msedge.exe	83
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84
PID 736 wrote to memory of 3368	736	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://pronhub.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xe8,0x130,0x7ffd772446f8,0x7ffd77244708,0x7ffd77244718
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14760921821042596066,4998839679721316831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14760921821042596066,4998839679721316831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14760921821042596066,4998839679721316831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14760921821042596066,4998839679721316831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14760921821042596066,4998839679721316831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14760921821042596066,4998839679721316831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14760921821042596066,4998839679721316831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd772446f8,0x7ffd77244708,0x7ffd77244718
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3016 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6284 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:5572
- C:\Users\Admin\Downloads\ChilledWindows.exe
  "C:\Users\Admin\Downloads\ChilledWindows.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:2496
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8534476302149974124,4828314267012176632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5720
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:5256
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:5768
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x458
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aee441ff140ecb5de1df316f0a7338cd

SHA1
82f998907a111d858c67644e9f61d3b32b4cd009

SHA256
5944b21c8bdfb7c6cb0da452f8904a164cc951c6a4bb3a306eaebcad2d611d67

SHA512
54a2c1d4c8791ebc6324c1be052b7b73cbd74057d0ea46400cfd8e60f9a884ade60d838777eba7001cf44c924f63cba1a9708a6c71bf966f63f988c49ca70d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2ea5b61033e3ed22eb2e24b1a46367d

SHA1
f7bb6f10eff1cee51ee847197564e9e8179ee77f

SHA256
66e471be11520e6f41d5ce0fed69df262face54968ea0b8db2dc11e8cad200d9

SHA512
27d1a7c805e95e70abb61538b7ba3419f4296da2740024578ec8085d5af3da1aa80ad3db4572505f4e08ea68a43ddbc672d3d035d882079eebb62a230ad1c26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f38b7233c27fa352a23a04814e90c84

SHA1
05b017b909de9072412f680866ca4d522d3f8a16

SHA256
edbfc9f6218033394bebc626be3c64addc8b9720a481cd1c3bfc092055e7fb98

SHA512
26ae84a74c7eb359c41e3e6bab76f8269b608a42676aa7a09510b633833e58659736255a9a6c98a4b134c5c07c521569f583fd5c2f8143bc2cdc7cc467ce4001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
821b1728a915eae981ab4a4a3e4ce0d1

SHA1
8ba13520c913e33462c653614aece1b6e3c660a2

SHA256
36c38bde1e74c5ee75878f275a411e528c00eaa3091e7c4adfa65b8b7d28fb3b

SHA512
b8fd54808711878ed567f474f174db662e2457b6c246f625e148944532c70d94d87e96ef6febfb657895dd0eadc25906c9106fa75c6b2d3bd37ca6786f03a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index

Filesize
256KB

MD5
7d498d0d412a769b3e2a83cf981b9f50

SHA1
7225dbcedaa9932e99a423395c2a8448b3371522

SHA256
d749d4bf4acf13692ad721b3c394b7b55b5d5017c6b65e94b950780bcb4c7e1e

SHA512
e7adab60a10f4f13eba43330d2f144e9f9d9e5a1e8906b569e46a1503367954b8804a9023067b2d5c2363ccc421875fb18963738c7238794d4d6bfdb8ed86b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a538dddd8e80af016865b24c62a3f053

SHA1
c7dcdd7a5c5c6d663a4969c1d25486bf6943e49d

SHA256
b1624fd30855eaef9565eed786185536d98d571f594c0d8c530a7e9c07750bbe

SHA512
add29f013b3fc7b6f8a16accb210e3ec44a5aa86bbd96cad5c6e3921ef956a92832702ad04a468eb57e8e549d11fd753b291839a6ff213be5805060521771346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
970635a6b196677b940f836680ebee79

SHA1
5476543f3af50f9f0d8ed653669159da8ed7a249

SHA256
60d2ea7e2d1880b86612ceefa979a877971dfdc10f238daeec8ebf8525834952

SHA512
a7dda17c2894fcd2476df8c3737b11426d3f9fe5823bca462b69af257e7d0855cea3f2be01257df4fc02b0b24b134c1c59929bf4c7b88910cf1dce6a23d825a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bcffda56c23dbc535376e28aabd55427

SHA1
831015c98a3f11efe26b9ecb9880f94538c4f253

SHA256
1181e2c4e88f9eafd3fef626a98c0009451e95b7acdd67db2d6a316360af81bf

SHA512
38aee24bf1b74a257196ca18fdfde3b1a8c365274c305f50a6b7659f3a6507dc9df6ffd194f1d0085c86161cfdafaa162f5d2aa907ae917a746e16dcf91766f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
b90219519d3a66f4c696f716636e39a8

SHA1
056dc2f7c5caee2f6c5fee7be7db8245de3ef47b

SHA256
e0ad3f14a5024c28a984684204b882bf08216821f2cd26ab22dc90af48404937

SHA512
17e8deb6fda2fcdb73bf54360a1fe1d22df6cb47eab8cb1df71fae4d81054963a4211b9a59ec6f46ddd86ee66a36e296ba2e6f3c6897b0dee094a307babf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
279B

MD5
9adf8e3cee51fdfe5bb76c2987aab69a

SHA1
1046f4e10a8b2ef2a517e7d1e8c85da7fff7632d

SHA256
1e395b01713518d4a8e4c754e61710dd78422b86f492ad3d60a9e2fcafdc0903

SHA512
9138ab6029a839a0237b7a56a99e4335d6370da4ddf9ed905b53847b717eb362462ab04e30a735833291b2d40dcc6451168ea1b3fefb239bffaa6a5c12d03e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
6a99c804cec40731603ef312f0e0e32c

SHA1
cca37c6bbe5f342dd25601e9413d795ed9d6e676

SHA256
d5ab8fdcc31a9abcc3a9b0b78dc879922e9287eb5a641b89dc9f2a5a507d1fbc

SHA512
1373c65c04b5f75001039a17e33689c2cf1ad89aab5ad498fbb899d57256aa191928e61e4976aed1fc9a55adc0c51dbd4fe6d4684d038ab3c538d79e5e3f02fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
64c015588188aa757bba2ec66d720aa2

SHA1
d8db2d41bd253b884d12832054df820e71d19eab

SHA256
aaed68f46a8e46f3e6aaffe283e588bf82eb3d6b6e5cc3b4366aac7432ab9ea3

SHA512
127940b3c049ab064f6420af855a0ca28a9233543b0577ccad37c9b8c07831668a07ac7256b7883a15b13aad8eaa71fb35aa73b79479983daadc402c6ab2f2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
a7b93f1d4e68003695fe8762053b0aa7

SHA1
71d9537f0e1c4ff5b8381715c351b427e84d18b2

SHA256
a69e97a19c3e860c644ef7a621671e8f48da20a93b34cfdf5134586f7e175ef4

SHA512
c9adc343d82c2181cc106efdbadebf10d039350f09f70a666c55feb5d9644e02f02615a7d70b9b29e3b8331ee49180964cfb6d613c135df1d581a23756d1fec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
ac2ac330b11967baa0f91673d4f53fd5

SHA1
450bdde10f1575fb050c0085575325bc0feed030

SHA256
a84253ba41fe05bb089f2afd949dd6f77e39e7b70354ffd64e7f37ec7b3f302b

SHA512
0d2f848ea04654835e3ac7dd94a55d38fb225a15068ec8c291853a5cf741311cdf30f83d4e2143b079755a53b1b61a8bbca7fd907fca92091f59a25a45961216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
101B

MD5
7cd971003443dc7a10589095276055b7

SHA1
dc00eaf0e8d9c45b9e74829f1be01862b79360e6

SHA256
d0164201a832f3e8bc38204e74defe2192b92f69696e5980a0479d63520c4956

SHA512
bc0cbcb450e5b0558f32306b5416163088482fe4ef2e4a93bc5d6bba27b2dd970c16aaaaa821bb70121bf79267dd0f460aa7078a09d45cc89a68d1e293567616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
293B

MD5
e57df2c0ef7bc48f63d93713cbc96f79

SHA1
8e16fb5d1b66ba45ef2f58c2dbcfbc73ac3f3e84

SHA256
a6b30ca6ea8be910673c628fba6657ee7a0e8517196c11958839f1b188ed5941

SHA512
8fa6f48e7dcaba8f3509f40131dac93958ceddd0536ae535984d0bae7f3cfdf9aa7d49c7ba31618e8b31b50c5166912f95ebf9b3391b797296341ac448dd9cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b5b7645eeb4b3ba641d786153b983a67

SHA1
bd89d673c116d65f5f13e9d2c4cb73cc1715272a

SHA256
79ea736d08adda5e17f15d2c564b0e35f0f91550859986127204da505284b0d3

SHA512
9326fe71214880a86f46747e6fa25d4f9c9c3fb1976d3bc900ece29d81d05f9b0a94dc22294f07920fcc71804029cd833abdf714baf8c959d569105af7b33845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b402eddb088460344b10478122cff7a

SHA1
9601e4c2c6d86c1bfaf75c69836092d794c0b85c

SHA256
ebc92b349a0ce8f1be8ef6dd85b4747fa912de872a4464a8d442572ca413a772

SHA512
53da2fd260c77d98c86ad89e527e463279dfceffdb056cabdd7276f959b8be59a03702155b7fb014d2e35a61fd0ddd756f3bb5c550ad53c8c065814198dec5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
afcfeda82ab9e14ee1b30f9167cf4e33

SHA1
9f00a7583bf97b5620e779b1fe35c338c6f8aa62

SHA256
a54467d61739901bbcd2ec4ba4ff4c6876a90f22473ab34d6e2f26c8d4055dab

SHA512
43cbd16d677e270c5114c33cfbeec998de5717a0c4059b07584fbc366bcc6d506b420f496a1b0ed1a22e19dd195d8fc2f4fa903381d2840e34ee579d5c6c9679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc995a0a04505e762850795cd675bdda

SHA1
28e9d05edda8a4c6a2874f45dfe2467d04e26bf8

SHA256
b55ad2c3f588388de8a37f131674277764d58610654ab13fc7e0144aa7ab312d

SHA512
90f283e58d76411c54ff3a6003fcf3171aa8cd41506ee24d91c4784347cf643b7ee20ad7cb3d169173d87f1b3222ae7b5702973d2d78ce9bdbe423bd97d06752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13a4837ae54a1da735543eab34ca0688

SHA1
cf594f0c5674d7a0461c1ea5609453adb1d8f4ea

SHA256
c986e9bf970532c6ab1565ee8590382621151a79f2284dce19dd915369d6395c

SHA512
8e506286d024d4bcb830d9b6e4a737205ca7bb00615197124dd47b2b1d14d11fd19af360792e1d7cea2b37d26bf567a0b3af509705d3feaa9807cff8752ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7562ecebf9ecfbf350431bcd4d88c7d

SHA1
8a3b01437286acb19829594899681da7aa340e34

SHA256
cf2f063499d5fa01ed82888352fb16c4fdea9201a3c3250b854e61e8e4f31a90

SHA512
679e46ca29a3fa6993969769e6394263f67e05cd7526298e6b670fdd432c14f0f6b7ce5504e79a7beaa9e88f5e7db0fa39dd3badb1026a95fad867836e15d7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
562b54360f16e11f34f610a7ea78d502

SHA1
6c45a0e90e2cf2d44152fe7c0172fda4d0d9281c

SHA256
7b5ed004f75120281a73c471878b08ae22a5365b9d4951b48b612e3da3237105

SHA512
73b7757a1fab9999d1d08b341fd4fb4d72bf8627090a402a7675ec1e0f9dd4e35b2414dece93e22788b0a9c0602a6290e9d44747f3339ce6c744ce8e18fd9886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8deeb580404af6b08ba391ca2916ed62

SHA1
d061598738abb8c4f622118ad2349558f0e3f8ba

SHA256
f534f2a0af75cb17e8fa43b53f86e2191016001357a3761b9052978d40f1d51d

SHA512
cb36eedae637a1c7bdbeed86d6739e4dcd9e05b65a6bf556b075d840aa60ab25275fb3a45b3f6f756e091b35014c213461c4fd00e38d444800c698f20a44b575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26e670468ca64305796d0b745da28a64

SHA1
d81f2cb55ec98bd9fd78c9c315177a9ecf0040f1

SHA256
74c9c731cb8f96cb778e67e968f88003b259a2e3158c1d5e7bd1a09260445fe5

SHA512
ffc7640892d3994a0a3a91acbfffd8ae282a0b32c3e41df26cb6618232aef2e02a7d5013067957f008a62b15636713db140085e0a61525c59c4a7e1a4c9a24b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
40054cb73dd68fcf513186a36e7b28b1

SHA1
782f64c46affe72bd6b334c69aae88aa32216b2d

SHA256
136f61f0d620207ec049ca6889378a9e89d998a6ef15fbd2a8095482d8d88118

SHA512
8689097b5b94b64af0be6b51f176041b25f5464bae229b7344df07a29893d5f13498c3f88f6448b956baa7accb460e31f5ffec6eda35f31b0587b5b0a1e63c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
78a049c86f502df9dff4f392a47ae9d5

SHA1
00e13560f0aff8f8ea98807bf738c29069c6e2b2

SHA256
1631cf0116d6e624299e855acfcad683d276efd7fbe152c89c5944e3630b10a9

SHA512
64bd581d4a60d40fb00538e80402e0e986ee239f5e15c7bf1085f5a6b91634d3f8a1257e417c0f2185b87e3cc5f503f2274d014e0ee42efb22711bc34cb234ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
873B

MD5
66de6fe43016fb0642861d031b6bf5f6

SHA1
d9a7ab7917f994a316a8466f8099ba5fdd30c437

SHA256
ae7115acad99e1c8ba51a82e38840dacb929b9753f89ef67dd632963e2cc99e4

SHA512
e95438c9029478412fa2d10caf9a8b2777435c8eeb5d15c9577d0acfda91456fc9bd4e8fff3750ef9ed23a224afc67d5f540f70859f3b543d8c5cd15ee482a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
152e6b2ceec3c90964c42ab684032aa8

SHA1
e638bf7f535c4f71c808476cddee6a249e63c4cc

SHA256
7cc6278ea9a314b1bbbb8daa303cdc747b852dd9b63bee940d508bda06d586da

SHA512
32952dfb6ebf792b6fd99c869b55d66dcb4a974bd6fea7265dca8967c0db11d79adc0bb2ad11dafc5b121282b5d95eb87396032c2a04021e4bdbfcec2d9d63e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8166ea66e65b05c6eaeed49ffd68f943

SHA1
4d4b03a1b4828c0773e7448e6793b292f394e694

SHA256
d2b0f589168b736ec62a64e94d5a400116e9addaed2e81ef6997ca7888220307

SHA512
6c6c332e781b9ca00a4e2f1175fe342d868b81904f6cae3397ec1506230708b19bd38e8d0f65b791623aae6180c68b8a2f4752fe1f6f0e13671e4a7559df4db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe576c75.TMP

Filesize
48B

MD5
b864718f815be3f576a06f985c3158ba

SHA1
27feffbb72b18b39e2e16eed5763123b82c159cd

SHA256
6bee43ee63e3b917e40012f01e6c606b048d773a5f1eaf3cc2deeb668ea5bfb6

SHA512
a92d38e89643b7e5f70c50524f49d47e050705102458bbab83a9ddd33870249ff4d9bb7d15bb063b3f9b8aa2424a94e92f74a4342adb481eda2aea6551733fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
320B

MD5
a56fa9b1ca29fd62c8c5911e43771323

SHA1
fb3bf45e8a0f4cc5236263b6efe6f709aca195d4

SHA256
24948541d4a5f605c98163b97adcb11ab2d8bf82a970faa331b8627cc45ca269

SHA512
975889fa7d2bd919613aafdcd1d703eae547dd2b60833ac581ef53c6062f1f2f4d8e9d70bc14b575516329f4445f60b809b09db32fadd35f318fdbc3a93b0fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
279B

MD5
27c34cd5b1da20e8106aaa92cd6ac9d6

SHA1
0b5efc0a1fd8f57867ada79185b0e32d4f7748a8

SHA256
4eb49fe19a4e32d3374dbeb6fd898d60ed2836a61c2d68519dbf8166e27d713e

SHA512
60f50077da5ced810f91846f19557b52e56e58ed929e7b055150ef500c14e7a5e4eaeca97c81fc89cf4619e86fdc66a814f2e414ef9a0d0cbe83f0282d2e0d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380711770845551

Filesize
8KB

MD5
7739739ede95cd75062d4b7003c3d436

SHA1
bf8e9cfdfd2e44f20c00b4bd13d449675b099a0e

SHA256
b687d7601e9880c3e0f1a163d41a3066bc7b2a0d18b831a6a4cdaed24eca1897

SHA512
7adbd670bb1ca1efe214cce57f37331acc948f3d0daaf9f63365ea5a478ede3e94a130981c12b4b939b2a7aa0432f68a63e3abb784d0f1eb3a225229e17844e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
c6bbee3916231f550445201a117ad5bb

SHA1
c3cf5a1130ce8bfcc4b09e601cea46e6e948a3b4

SHA256
839242c47364a836a1385b2e4e5678755b3f40196e2138f66c5bc9cc1574f02f

SHA512
a23fdb3844c62f528d4cf31ccef8e1d6f22a4dd7ba913f6c952a8af3de7ef5be3011136b2d6136f143c329d044a21b80a33fb467a421325d9b22d7fc57f127cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
7df3f5576bbf43bc26fb91e06dba8d16

SHA1
6a52613a3cd5c20529d0550e1400c673fcaf4165

SHA256
c89d74c5e1048b12c60cae1d354a46e3a985e7e0410ebbcc54de5715e9ea51a2

SHA512
11b27fc0ec74091a160e6f6638023c0d4214aae0443cdf164beff14d6c004facfbfc3ba9e3b1c3ec60458fbde16ac4afa78d3eb0e8e0951415d2082324c16f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0cb574846b9f0266ed3d8f95f9849d05

SHA1
12fc1d3c024291c8d70c6726dfe03e08647a43ef

SHA256
3a04d1e32d3652f71942bb07d7ef02bfd8c2ebd772a2b4fe963d6dfe6641a962

SHA512
b853899cd55b98b59ee64392e517e8488ff876fb1b9a66d110ea02985215a9c0add553d28a5ff76dbd5221dce509568992d41bb5f8135f532d6a365c5b5bbf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35ada92e3330c9bdb78501e24dcf76e2

SHA1
1b2c3227fe651a1fed414733b6f094a2d8b315bf

SHA256
fea2459b0b28b8b14bfb65970e9b2d5d6c7972f22f1169149ff278c47983a3a9

SHA512
18a6980c128b4010c3008b0f61b995f217901dc5e9f5dd88de80e03988a2b9e3ccaaa18c026c796d6a9b13d1d5eb0a237e728a69e2c360a83166c713f91a3982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
8ae49d8008916cbc00d59dc1e968eac3

SHA1
0e309d346a1ec019ed43eef774358a485b027348

SHA256
a4d1f1f17f7bd5e161d92690cf14632aec05c04e528412312b5e598d15749195

SHA512
2d50c021f4975318329b5b7da794b7e04005c2b3653078f8e5dc508e9e9f567158909909b2232671622eb529e6fcb3bf1899cdd414fc3bbb0fd62ccf75d95e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4d48c99e9ce9a36cec075100a43d0ff

SHA1
d98c9a55ec7daa4e3a51e78711c7a30232b688de

SHA256
82d6c0b783a4832413fc8498178aef017b0a0484cd66a36f93e7eb63a42d6aa3

SHA512
c4993d39248844bd8cf89f2224cd1f28bc143554ecceef42d9fceaa9a48df07148af07327a5397304d2a1e383bd0391f31ea58d548669d583754efa9883a7880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f05f85617af4e8337fc3ae8235ce465e

SHA1
1ab39a07cf7546b88b16729bab9d0475e0f9dd9a

SHA256
3206b47d1cb6b67f51e4bad5f062da099f8c78199b5ebd63088e4488e3cf4eec

SHA512
6730293693e03b7fc0d3da3ff30b544b7142eeb64210c3d026d7baf97a05605d6bd90f2a324e54c0b34e54acc523359de416b30de2699bcbec2761643b58f95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
39b574cba4987cf4064d20aa4a0bcdfe

SHA1
6010c6b4386d634fb70d9689648d3514b00018be

SHA256
1ff0d8229478350fc68f0803be4f6d57cb95c94b89f258b2f50a3116f39f2e46

SHA512
905a23c2223970d4b1b40ea0fab56b8ffa06ccd544e728c1a92aad2e886b5df7653c6e4f78ec71673ffaffd9d7b2e298f177bcaf6c72c211e1bef667ab06fc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
60KB

MD5
44a35c5e1cf5121ffab3830aff7f3d59

SHA1
c69c3ea43a562c040735de8025767339a982a9f2

SHA256
c85b68304b6aca19dd62bbde042f8b642a2026c068573ad173b51200ac6c6d1c

SHA512
84c0a31c71926a1ebb0e0e5edaa6c7d9bbe312eeb331e93eef745767522b29c17e9fa8010f340055e59386afad2dd87d49f01248c60446ff054cbbb64f9a3456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
73fd6889d82c013e98ae6e485cbf9e00

SHA1
ec7d5c78db36ad16fd35ff4589248a016daf2f5e

SHA256
32b7e5ad10a66df4c00b23c3bb2fe294bd1edc68369fc3fa337aa9ddca2ac037

SHA512
a3730b7c5191e37e6a46406522f642b72fd5dc3d1870ae2fe3f2360833c7f2d09aab964fb2587dea7b0f7eef0961ac3d4dd3948af0aba5a96d1473db481c5ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
160B

MD5
2e19a9040ed4a0c3ed82996607736b8f

SHA1
5a78ac2b74f385a12b019c420a681fd13e7b6013

SHA256
2eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce

SHA512
86669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
0ad3617198bc89747cc01d50b47f91e7

SHA1
b47cbd6caddf1cd584752ebf49a1dcd1a24d13d2

SHA256
2e93bef6399f223673a57b95d07347d3f884c6bb073c0718816c36c89b7ccd60

SHA512
602e3ec6e2278b0fba0f45aebd633de9d7ac980bd46a1c6dcbbd0a4255af57b2ed49d4a6b373f9f2d81539043c413c2134a14f3d96665f8be3895291d6abf7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c02b4a7c82f28552268ffbfe08823641

SHA1
5a861af1a0e6872af076f3ea31298be64b115653

SHA256
e3129c7a2dc24f6f1ba43e8e0956f05e25e71de6d993959ef6e6b66bead32261

SHA512
e79ee839ee8211681c1870be7c496c89ee2d92e5983c28eda6d336e03828e781002180543bbe672c8ea5782b1667f4e27a8cd11be97e038b81a75ce17479f1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
9bc9f570c11dcdc3fe67e858beb2f770

SHA1
23b58fcc5cfb7ed874f6cb301ecce2cd7c96ad42

SHA256
7a8fba02ebb1330ed409f7bc01277561335f456204f220782bc3175c210f2937

SHA512
d52cfea6acaad96510a29e35fbf7c9c252386fec1fef96d1b37c7c2b6c7577a96a80b57275b0660854428a802fa85b2cc320f2231373376ce7debe702a19abb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ae9f5021b6792eb949e9d947bfdcd93

SHA1
682f51c049653caa27cf63735a4695cb6a4206c2

SHA256
2e030306932ecab43a0fe70730ba0c17288df8dcc37436468f63526a13eaae98

SHA512
53cd3ebe60f7b9207cfc566a58ea7befd7639439768f7ce7dbb548ff23acd30303b503cebadaf0d9d63fa2bc4dcb3ace36dae38658082d4643e80bb483868ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
90b6267312acf7f83d31cc30ccd47ab3

SHA1
7e360ffcf4e731ad5100bfa79f581e007b4091ac

SHA256
ab9ba0266c51275bc655a02f34070d4cd43522eea59354501300f9639c1dc047

SHA512
0895b7e3a959abbe38252125ef069a3f8685748bebbacb7ae411f046fb3bdc526587ac46d818dc4db41b860e6ed3a2751cddbb4385f2067fced31bbbcf6ef65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed1c7b3d57684cbc80b536140c6124d6

SHA1
228e77eff70116ed82240e6226a8ba2ab669fc31

SHA256
c821ba6429ed7a2c536894dcbb91e641887b9c890442c92a02df974cb83a055c

SHA512
75d7a0dd1f38262061028410b342583e9b9623b200ad97eb8f63ee9a43a71cf21d1eeba77dae6c044415e59a8a57b0da6a0209a69081ad73d327d640cea5792f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
a9582cb9912fd847e8bbcba947ce4987

SHA1
c05ee133c580bd97ad8c050b8b3a8f3fbd9b7566

SHA256
9d6d60adb6cbafe9d3e0af91ccfe8bae7f105db861763292ba777c3684056465

SHA512
5cb7dce29e9802d86f78843aec0907da4ed704989d3a1a507e5424c9386ebfc6f27115399cd9d12e8738e647099ab03b4e281065dba98d2e06100aeb34ab35cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 741189.crdownload

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 869542.crdownload

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\Downloads\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
memory/956-1078-0x000000001BE70000-0x000000001BF16000-memory.dmp

Filesize
664KB

Download
memory/956-1079-0x000000001C480000-0x000000001C94E000-memory.dmp

Filesize
4.8MB

Download
memory/956-1080-0x000000001CA00000-0x000000001CA9C000-memory.dmp

Filesize
624KB

Download
memory/956-1081-0x00000000018C0000-0x00000000018C8000-memory.dmp

Filesize
32KB

Download
memory/956-1082-0x000000001CCB0000-0x000000001CCFC000-memory.dmp

Filesize
304KB

Download
memory/1668-935-0x000000001D080000-0x000000001D08E000-memory.dmp

Filesize
56KB

Download
memory/1668-934-0x000000001D530000-0x000000001D568000-memory.dmp

Filesize
224KB

Download
memory/1668-933-0x000000001D020000-0x000000001D028000-memory.dmp

Filesize
32KB

Download
memory/1668-923-0x0000000000D50000-0x00000000011B4000-memory.dmp

Filesize
4.4MB

Download