hxxps://www[.]mediafire[.]com/file/5m68x2gx8mpqc9k/Wave_Patcher[.]rar/file

Resubmissions

14/03/2025, 18:59

250314-xngmvaxscy 4

27/07/2024, 21:38

240727-1hhvhatcke 10

Analysis

max time kernel
33s
max time network
33s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
14/03/2025, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/5m68x2gx8mpqc9k/Wave_Patcher.rar/file

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{6C0D412C-273F-4411-A35E-5782B0660345}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{6DDE15DA-383D-4767-BAE9-A816897DC323}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 3848	1108	msedge.exe	81
PID 1108 wrote to memory of 3848	1108	msedge.exe	81
PID 1108 wrote to memory of 3560	1108	msedge.exe	82
PID 1108 wrote to memory of 3560	1108	msedge.exe	82
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 2336	1108	msedge.exe	83
PID 1108 wrote to memory of 4892	1108	msedge.exe	84
PID 1108 wrote to memory of 4892	1108	msedge.exe	84
PID 1108 wrote to memory of 4892	1108	msedge.exe	84
PID 1108 wrote to memory of 4892	1108	msedge.exe	84
PID 1108 wrote to memory of 4892	1108	msedge.exe	84
PID 1108 wrote to memory of 4892	1108	msedge.exe	84
PID 1108 wrote to memory of 4892	1108	msedge.exe	84
PID 1108 wrote to memory of 4892	1108	msedge.exe	84
PID 1108 wrote to memory of 4892	1108	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/5m68x2gx8mpqc9k/Wave_Patcher.rar/file
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x220,0x268,0x7ff9907bf208,0x7ff9907bf214,0x7ff9907bf220
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:11
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2144,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2420,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=2508 /prefetch:13
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5024,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5144,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:14
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4988,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:14
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:14
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:14
  2⤵
  PID:872
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1128
    3⤵
    PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:14
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:14
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3724,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6308,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3920,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:14
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3908,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=3796 /prefetch:14
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3896,i,3871383870028374714,10688324457669334676,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:14
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:2224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ff9907bf208,0x7ff9907bf214,0x7ff9907bf220
    3⤵
    PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1796,i,1129942017816083971,14341640924740650349,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:11
    3⤵
    PID:5732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3584,i,1129942017816083971,14341640924740650349,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:2
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2240,i,1129942017816083971,14341640924740650349,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:13
    3⤵
    PID:5536
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4304,i,1129942017816083971,14341640924740650349,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:14
    3⤵
    PID:1172
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4304,i,1129942017816083971,14341640924740650349,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:14
    3⤵
    PID:5776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4476,i,1129942017816083971,14341640924740650349,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:14
    3⤵
    PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
19a88bad99bffbae6102e191cfedd75b

SHA1
df476b325df883b73eda1b2349bab45aa22e808d

SHA256
0d576dfbde1712b7288e4561e3eea75ffdad84dc50a77ceb57a6e9c37d60465a

SHA512
9ec5eb487d8c8fc8e283a94bd43afd740edc4df6a4509d83629416d040586bd42330eb0da6dd41ec1e5550bce9a6643319ff8584f8638a9cde9042fa406825fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d43dac9575ec2fde7d1f5bec04dd0223

SHA1
f4d5e6d09ce2a28420147f2067d513431de211d0

SHA256
bea2b9598823511df9b4291ee354db2801b0d65a7b0b357c545c2188cb41c8ee

SHA512
183c2220f88c3fa5d005d3ba7acefe321471d2786e67de227eb926ff95ed3999077f97b6ba550ee73228199c7038c0620790a96af235d20acc168f6ddcbcd5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
b167018dc17c8dbb8dec3b869b9ff44d

SHA1
47cbdc792bccb51a355de2b57ee86081b2212813

SHA256
e1811059a0c846de25cfb17c69afad8757a2c5d1a89393a392d144926ef035c2

SHA512
358743a8fbcb28ffa03ab31fc1bcc7a8dddce2b7e8c5607d1b35d520ee351e9afbbfb289e64fc00bc3ee73de22a37300793b0c49dfe4cb8af5a85881bee86052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
8e80a51ad08ea1b1404a55ba9910baa7

SHA1
899c602e2c3172223d14da09f74108fad38d7bba

SHA256
ecf6acee3ff723b70520e4bb4defcbdd4078c87875bbc6bdb57170a549cf134e

SHA512
cfe55807c79f1d64713bc66c38f289502051213dfb47b47ebe7ad20891d32f751242adc75856812f3931a97aa5671c0b6deb5772af430e655634ef8abafc1b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
3fcba03313b8fa1c32f6449248d5ddf2

SHA1
2fe7e42f9bcdbacf1fdc7b02886fd2ab5c6e2526

SHA256
181089ad5e354851ff20009dead7d55c7f633a09e7758d7d6598a1427f3a0bc1

SHA512
82673ab9f4f49e6f0ef70044eb608b619d81962e6691c1ebdd46825d74b2c18eb45316844b045256361f32f2ac7e860051e9711e3d00baa8ad4c1b317d6a66d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
33KB

MD5
d989f35706c62ce4a5c561586c55566e

SHA1
d32e7958e5765609bf08dcdefd0b2c2a8714ce34

SHA256
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

SHA512
84b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
149KB

MD5
b0da92d8794f1335c28e0b5030bfba4d

SHA1
50918be39f79438a880491b0ec715001ddb882bc

SHA256
c5e88edc203351054dd56588265789261a2d28bbd20204ef632a95a7309b21e7

SHA512
9f60abb92b2b24babac1e47337a9d3b4a1a1f78cd1787fadd402299c336317f918c03538bf00fdc83a6335dc228214df07fcf29fca800228a4e9a626d1faa0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
25KB

MD5
60e1910d77b2f40536da8a50793f5e8b

SHA1
0bc07c9048d8294f54314269e04f140b020fca67

SHA256
2fcda32a86bea80fe0e301f3faf1fc81a48f05447fbbdafce096449da26745a2

SHA512
739772a6ed143874c32731d149f691f58e5dbb52bf9eb7944748878f4cc43cd32ce334bd53244c13aa3afa518fd0058d8c53c2f8475f216029bb4e9e30391405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
73KB

MD5
23f193789748cb4991254296d5c8212f

SHA1
4b3fa7ead1017636f6f622e8de59f580c1c44b62

SHA256
05168fa37c97cace60be5f3f1366df2d7e73c5348e866bc0c73ae227cfa00fbe

SHA512
836a158df987cfcebdd92597db07bf1db002ecf8135d2b68e34181f35a17bbc19029a1ced468b59b41969055aaf3a5d0cf0c9f0b86d3c1b7ca8f3fe31d19d85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6fbd993a75e2ad171644fb5d141dd532

SHA1
62131274699eed9d9335bd21852f0982515b9852

SHA256
f959f8eda213b18d7d6230d9d456a4e921a2bc454ddda55ed6f14874c866ef49

SHA512
faeae63ab8dd15af40d7452ac18fbf1a8dcc5d5628fae00fa785afd35e7212e30a7deeb8d80db085f8115aac3a9a73508c997f9d1fd3a79354406e5c7bc9c475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57c6ea.TMP

Filesize
3KB

MD5
ca33c8c80006fec55fdbbc056db6a7ea

SHA1
e9e5a98a043530a44cec1867baba15423c4d8900

SHA256
e0d9fce17da7fa86c91dc268edf494fedbed3285937c1c3f7aa3d157a4e11351

SHA512
95c990236c628ce50a7402ee11078e5e04e9ac91a3b2eb755d86a0a420d56003cc970d0b2de8d9f4f2bff2c331e11c3da582d6e0f0bee0d0896ee62d9342cec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
0521d84194bea54c503f81b068a61d9d

SHA1
e6378a207f3c2702faed3518e75d471376b5c20f

SHA256
4840a3c86651fd95d7064a0976dbabb4a541279f7bd8f43350d6a128f5aae322

SHA512
59923a7aa47fae762bbcf6ed4332166f96ff55edad615c66fbf424a83fc0544388cc249c6bb1f7a92c6cd09ace9e8a9f0a0a3db4fade9bbf796283509359f03c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
ac9960d96c5d733e180a99a874d126d8

SHA1
a88a2c19a06af4f2090595cdf29ceebdb2593859

SHA256
c1100e49cad4e0e946cc4d5a81f7a23fefe98eec03e18e6418b7bb64ae05984b

SHA512
7fa154e46fd13b28e9b939a5c8afe1c7af1855a2dfaef25805ba7bbbc637a81901d5220217dfc156376409bc4ee35b283fd3b6fa3ae8a79f61f93a3f52298aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
fd6d2ce7e27d0b8d241f8de14ee5be80

SHA1
6ede423207330b4b98db4d753e75f4be42d02664

SHA256
7eee8da51b3d1fc51283cb359d34b90d60f13e4f0706697d6299119f32ddcf2b

SHA512
a7e91fd9f70bed561250e1bbe4e3a6bf8a85dd15bb543fbc520a2da134e7af73101780d69026c49206f3ee45e021a05f16b92347eb53b59d66828c7b49d4eb67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
d12e6b72583edb535fc139bde45d2267

SHA1
d9b7456a2681b8da3ed90c0ab3ac3909159e06f1

SHA256
70ebe7056fee2b0b243ce8fd5aed9be94965d20288f70cedb7fb7b0e5944b8ab

SHA512
20c84810cc2f9d98bb6c29cbbd0b73a85bdaceddf85432964bae9d0cf6b08677132c0ec7b0863cfa26815980249d3306eac061738cfebbe29ca3d5ca558bc182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
58cb1537b7d3cda0a4ca650363796907

SHA1
ed0ba00020b5e42035a886b058a1c5370002a972

SHA256
253c05c0b1e22a5a6c1d43b16fe72281194b313a27f445a7023d48f9e47426c5

SHA512
9ef4ce4c91431b7aa280b02fb12db82820d007b8fe2025e2133db78175cb4941c609154d4e6ef261e1800b13b8a99e1db06b5f2e4458abe254e7f12bb250cd44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
b3e658127ea0c3bb391af5ee43126d5a

SHA1
3b3f1ffdf12d13d4393378b715e3d716ac2cdcf1

SHA256
38b72fe89cc73c5a45cb57d485234e9ab6b2b3909bda62662cd8781e3308ee3d

SHA512
ee91aefe0232e10cebb422c96135f14c4408e46fb7539927996c674b73609e02428656e230d48e06a43202d9c4c6b58e81b255e30626c82dd059e348d01e2772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a1831294267c4c3d289fc25e68e5eb1d

SHA1
48895bc9cddb3c3eeb7194119efc6e4bb176edcc

SHA256
c1feab53d56070409c8687c66e95488cfafe5fd15304471465f5de4dc53c56ac

SHA512
fd7680cf8e73ab1309e58834e9390f80b697bc00fb9a5a153fe62b0d7d89d574bf73ec6cedacea7c3f4ea85121a2c4e5378e6543ed6c2dbc851cc407d3432270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
2aeb85d8dd43f361914626fb0477070c

SHA1
5a3eaf44e625bacd907025db4518dea6e92f885e

SHA256
3645d352ed6cc9c33658ae53cd569b6b47fec90e2a4fdbfa9f1e2bb13045d871

SHA512
9b780291caf14706a22c9fdb87dfa769a4359037978c0e882dd4deec2cb9b6f61569c2f511f14fe624364987dc745495d4aefd091d8984e08ff1bda5355a8da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
189B

MD5
f454aaf76c51d7f5efb4d7c6756a824c

SHA1
6ae162abe89d6337498f589c0d2bd3f078f95160

SHA256
14f9631efaf27fddc79991963ec4fb2f379ef06d486923f6652a87180fd6a10d

SHA512
500007c6ec78db1b040ddeec7adbe7bdcbd5499a65815df28f7e80580382603ad75fa0bc120b78c297aa320ee4640c711b0952248df76dd5527a774951e349b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
3a47eea3de0ff96514476ec3daa966de

SHA1
a8e95f19933e8d64901e1fc1adbe5c5e460aafdd

SHA256
6d8e6e01c83ab69550a3e57970ab5e48bf30db3f979481c0b7a149bc07f44a94

SHA512
81973be5b896d2b49b7556e138b023f4ef40d942398ac690a4b33f438fbbd200072d9b9873a727a76d629a1c52b32e5b8c66d9f8413d2dbb45ddc81778169adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
e30200700f7a5c4fedb3dae8c224baa5

SHA1
749beee2a0deaaed6d8525e96132d456b9f8dff5

SHA256
5c7c75656dec9a2e0926df9ae2e646e9d7a0715bad132e92285c169fe1336564

SHA512
4149a171ac11deb94b3544faea13184f4ae76b8e0105465c9b2e0f0c79288e2894a1632b8f95a39fde013fe59ed4684599260d2c49d58a8816e1471fd55b2e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
72d1793c8b032bb035cb60b659ed2b9d

SHA1
4c2603e9bb571f49eeff8a0505d2cf542f9ace26

SHA256
da574f7337b270dd241e04a9d83cec25730a592a6abc8216b7c05d51fd6759bf

SHA512
46e14283d1880809293fde66fe7772775ea12dd4cfc4b16795b1ef0d7b8cab0e8ba790011a9d98f81b2c8c851fbb7c338f4049ff170113a5ea9fcd7660c49099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
c086849de30e2e7e1b4f34e03ce87fb6

SHA1
b3e9faa67085c8bbaf13c2235bf9977707b29f67

SHA256
8808fabeabc749c5603c1ad750520317066bd4f892036c63afec2302213c7703

SHA512
c919bac1a94f33dac5241e48fd4e6d7edfadf357080046ca492f5bad59c3346c75eef938bcb515076d95690c6da208a55c639a2ff3bec222e5324bf5c236646e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
9a6b796d7807ab348368c019c645a9a6

SHA1
8978c98c87015e462afeaac35ae6d442f3b04490

SHA256
b28bce362644303098b99d5990c4f9cdc67f6d6022a5a98d2f624e93f7603321

SHA512
ec698691e8f82e59d9d5e317c32cc96f9a20e9c60f2d5ec0918d6f964bb4f3a12f9017221a7bf3a2b9200b11c5fc8f6ba852c3cf8873beb2fa4ed2855ffa8114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e834b122758387bbea15da0c030fe0f7

SHA1
1f29509bd4ab12e1abd1d08b248e4d009144000b

SHA256
4354c4dca0255dda680f3be5edffa18ff2f8a081bec658e891537c1ca359174e

SHA512
e3c32598a6c8f4c64e6924bfb8964c615925ef31b8b231445927d797231d50ca052bd4f778cf0aef882fa62d4a2c6166ed9a3c64c48a1785fef50be6d4b794b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
5fc54bc06ddb37c91ca9fd4615099b53

SHA1
b8592fd72afb873db133e9592ef6832ea698d75e

SHA256
a98ad220a5f063f11a5167b63a2a492652de25e883ed2033a77bbce115eb858e

SHA512
ee88a57b857957a8b86384e5ce596894092484ecf3aaafcbc56a490b27f69a7057952b2511029905ab82f02d5231c1cb615feb11cd6e51945ece3bf7bd5bb175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
a6fba55c2a6ed536011fe5530f289d29

SHA1
19676e41b7272ea7f0c38d3134b3c04503d96941

SHA256
527111725d79d3f8daca9a9b8c8311b56c99289b3d74f81154c2533859e85fe0

SHA512
b61a908926b2abc5d28f1064cb5d04dba94f5afae1ae14114a494115fbe1ab8e879481d1add1b6a8c91a4309051e9b28d4393d959fc03c7d1e8653d16f7a4128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
be122235da7258f34bf8d920400d93ac

SHA1
82e9398ec22f2e8dd20ee0c31507afdb894e9bde

SHA256
627128cba3743f4f613d079f31fbbfe6310d6990ad8a5c58ff4997d77a0afeb3

SHA512
0fe203ea9b2bca7b90b90f75a676ac29477539904c0277d7ad9993c48973168c210a219d705e02cd60dda82d9c1ea3d25175fcc11edf332c7d8f807a3ea80254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
cca5d7c82b7062281dba0244980b699c

SHA1
0195d93fb5d5e8b5e7851f65945d868b4ca001f1

SHA256
1b0373099ecc31f0929bda24ab80f2b325ef5bef9a4c139f7f8db8e141145346

SHA512
e6a108059d49dd23c7a49dd42c7b4b291311b257d4c3e5acb9f2d80960784303fd7c4caf9e59025986544fc50da75c86d7aabc9b6fafb6897ef0a64b9381b878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
e326ea90060cc66902e81f3578f9e842

SHA1
f3c7b77d60a730022f1a56264006b160ce297c54

SHA256
0e81745f71cdab2554cbf2380c4573815b6542a195a9d44ab4ad158f2de26d27

SHA512
3b16f1d22c74d59e912028a52726bb734798f6d3261bf8ad16123d2691499ed77b93b07e1c460f62da17cbfc7b6a6cfc58368415cb93621581bc9078ea3ce16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
395542cbf994b417c9a54dc0284da3cf

SHA1
499f8d29039e71f18e3f51c521d2f62158d8e47d

SHA256
4df2d45048dc304fbcb04aa48ee6c89e0f961effa3dd7c3272ec18ff35a51fcd

SHA512
6a5f22448eb6d1c336b377a81d5f58310234e40962499bbc7836137c321a067fd0a5d6261a93928c065be4d5e43eafb00319aaeba3f3f73e3ff4ce5d3ad6174a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
55ddf677a7001f14ebbe06c2cd0de114

SHA1
ef83a80f20641ca29f3e99713ff00df2f826c257

SHA256
0cd671d0db974416ad9ba4d13c0e64e6deda848edfcfbef124e220852de42cc1

SHA512
720316551215985800f9cdfc0f249a522c1fe2908435ddaacc79158ee49c15651cb10cf1c3146bccaab091bf088dbc07665d8c9822c83835f01313dbb6deff7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
37ace7ef22aa1bed3f24ed5e4f143c03

SHA1
6a127d03558dffd857b1dcbf5e58a1ed05c3417b

SHA256
37237a3d2504952dd058f754e7ab0cfc4f594be71bbddac443d86680a0903baa

SHA512
53fc379e483d024d61eeabc5466dce36857c80122cfeeab0039948b3ba24d1b48340cb8e7f09966220e6966c9feda85e277ebf007affe7d2b83c626dace860b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
340989c7ad2ec8ca565ffb2394c98663

SHA1
8ff41c50a6717fc2fc00a54e115846cb3ad81167

SHA256
2478f77f8569c389afd45065112706920b14ed3c278fcf8ab2ed624b7ae567ca

SHA512
bf12564dead3f4e9345d417329637a0a6ae00771cde801c9176d406eda7405e9c8001b6e31702fa4f3897ad157a1a3ef70b2a3a5a34679c24e834dc1326ec3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
9e2d2521eead4f5caed33f3ce7f82fd7

SHA1
a4146347be21904f43dd70ef89944ace7669a07c

SHA256
394df9135f2698b326c81015f496aae6aa343232f68aa69d5da48a1050ae9b6a

SHA512
f872e84372afd410cf75ff06a69a30e48ee525718ded6d1eb177cdc84b0f958e582bae5e98105dc54db0995812aca3eb46b3f2d6ae0f307b84e9a5077023d8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
70c900d0537ab1c1ef1defe0878cb98f

SHA1
7215448aa88c0e998fd76ed5cc92a26ac4a808fe

SHA256
5384c6c22e7c54cc14dfe95eac9c80044dc2ec78e732e7526b5ebc0476cffc39

SHA512
4a963cccd667b49af88046ce39eec916d95411c4a92bb20c4486625a1d4d70dde8df6d424ff12eab31149bf190d0c0d58f1db5726d1c21cfda86e7de97c05611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\f_00000c

Filesize
17KB

MD5
ae1d16cdc19a8fcb7bfde500d90e630c

SHA1
88079ac5f1cb6d92ab59bbd2e79adb5f483377bc

SHA256
881c089e226879d1af0e292fa53b6b5044921bc98be71803e7befb68419f978f

SHA512
3c1eaab58c7b176c86c7536a64d0d3dc884c36111e44231c6f15d95d06bbd78ea8120cb45cf73e12f8c6de90d82b6ab20a98c88ddaf99947682ae0b4d6187a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\f_00000d

Filesize
17KB

MD5
d3ae1fc444747dc2333ae6646b74abca

SHA1
b486025ef9e452bf2e7ece0c28d686388d368eb8

SHA256
98fffa7720c611e8c212cccb37d5eee4b67a0228b9db3f892c052594cdcf9106

SHA512
53dd9fc55eab2aacbb4438cdb7347282d40741615cb218a327c47542305f960a28c655f0f15ec82d31901b30fde46af5a9f81b1c180855e94279902712f13c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
e2d470a6e54010f1612eea6b3862e146

SHA1
a06577742de2810998213c0b3d4f0fa121f93d14

SHA256
a563a7eadeb74df8c50d04d318b38c34d9ecea99d9efcaf7145346bffffae460

SHA512
14c1f422f56e030f59d9afaca0204ae50ec5ce4f126e0b5909bf52ae7e0d31d78b5b1099839b3a7637b02feaea795ffd9ba811f8c180387e7ef82c8ef9c68d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
97701eebe9e4be07d2eae8d2ac7167fd

SHA1
64238c227adba59b34ef25562fcdd41b0a4b6693

SHA256
0d9f46ee41667b5a5285dc953e933ea80adf9d94bd1a5775f75a4e627080df9f

SHA512
151aebbcbe6f121a26e2c26539889b98ae14d46a4c3735badc9fe9b15b3493d013ad998baa9d1933a4a1639f5f000039e68f5b711ba3ad92bedc5a7d73464b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
07e98f4efc4aae8855d1b46a309f9742

SHA1
c9e4f16edcdf27b972dfaab61d937c836edc7b23

SHA256
b95bce6a4c93ccd5a74a436aaa4af7b9076d91f2d3389dd86edb9bc868adb133

SHA512
1179398092122b3aaf61a9cec2e2cba55f487206ca72b6404542a666336364cc19991aa3e6205848d31ce180b6b36826c603d0c2f38cf123b8741caffc1636f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
1ffed83068aae3dfeab92ae7e65f192b

SHA1
2f562b764b2325361c7aebc4186d044b0500499e

SHA256
12fe92952519a7430bd5c588f7c9b1e592660d10449b9f21d25ffcb2ed168217

SHA512
9220e186a63be7e0f0f222344b1b8b92ac4e1008d8d67d09fe4ea61bef281a1c6491ebac6558f7a9a632bd1583bee4395fddb21f2d69e8e6865c210bbe83706a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
ac66649ae85a048467b9619b4f22dabb

SHA1
4e9d45fbdfb854cd82a4ab9dbaea53ce87ee02ee

SHA256
cbfbde06cc293db66d223b81fba2b2ee84e15a535ae990a59ae026fb83c87541

SHA512
ec4d6745a0124d553d3a7ba8dd808254293615161ca7911c5d4ffae2d112d6b6459748739204f398bd20d0afb4b4147abee8f48af27f8ad03d147befd0fb8b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
07a0976075c012dd0df62713fa3d10c8

SHA1
5da6405ab0d17e5c96ac7f2d684ed3887d553988

SHA256
9837c5f43f100598dfea850d1af8ac0d1d898a2880cf037e53312d8ddd4e5df0

SHA512
40120e476550ba52058b22b70ea4d54c05106706edaf9b49c85a8b122bf57b9efe2e24c0356f642ba849419b1a1f4ed4303e18add5154e934fe8bad14045a08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
10632af4a3a857cf8b5a9030f70ec76e

SHA1
ea75451a2d55f38298225df203ad1df3ea0cead3

SHA256
210c178c6637e5d4dab27ed02aaf60e6b65d02188eecac918dfee53a6483d3c4

SHA512
1d62dc6aa965fca9415266d19b84e0b6a6a364d5ea565bfb2147fabcd47f42d982f6502c14a4c7e597a16508386dc8576ccc704a0845b3e0ee6d5d204b2a1d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit