hxxp://newmagazineroom[.]ru

Analysis

max time kernel
116s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://newmagazineroom.ru

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4560	msedge.exe
4560	msedge.exe
1892	identity_helper.exe
1892	identity_helper.exe
2072	msedge.exe
2072	msedge.exe
1176	msedge.exe
1176	msedge.exe
1948	identity_helper.exe
1948	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 2148	4560	msedge.exe	57
PID 4560 wrote to memory of 2148	4560	msedge.exe	57
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 1704	4560	msedge.exe	91
PID 4560 wrote to memory of 4992	4560	msedge.exe	92
PID 4560 wrote to memory of 4992	4560	msedge.exe	92
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93
PID 4560 wrote to memory of 2056	4560	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://newmagazineroom.ru
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff86fb846f8,0x7ff86fb84708,0x7ff86fb84718
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7208655743596934541,12840600357067976635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff86fb846f8,0x7ff86fb84708,0x7ff86fb84718
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18105158913457703981,15180339272500933668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2430f921ebfb431716d98779707a18a8

SHA1
a4296a634347c0c30b3e101fdd2a10d5a87746ba

SHA256
00f6f17a7fdfde9da965c8236df95a72c6698f36274a632908d22039a2a828d1

SHA512
8ceaae534e5558b6ef3f0db80527d8d79a1aeb369d3bca85d7e92da4ac5c9cad83e604e5f566e957cbf027192b1308c61098f7b493d5232efbc4a15082737a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1b2500b03a9356c9e59d52d2788681dc

SHA1
082a2b0fd0668fe2306a674d7282b1a474b0ddaa

SHA256
e76275606bdc794f959547be5f86aef213baa14d8d4d02008a2266c7e72cc95b

SHA512
e210909aadb4090b76bb89e5e84e95559d2ae9eb6c4614a874c63fa0595649fbcd03d50d7d3c9278c8e81548929d07595a3e77183583369580b7e94702c7e847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
327a154a394a7d61fdf1cc6e1f9366ee

SHA1
9e151c48afc06de4e71f5a2d53ae52aff06db9b7

SHA256
3201fbaff61da9b74a8fbffb8bff9179f05c2cb9f92c97cd654ea424f9fca296

SHA512
db53873fe6a70ab0dd4cad64d361ca6a49b5dff99337a6555ed0bac7b1b70080d8ffce9a41d144afb2e9712d73973d2dbf3834f6032ffb187610afed121f15be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2430f921ebfb431716d98779707a18a8

SHA1
a4296a634347c0c30b3e101fdd2a10d5a87746ba

SHA256
00f6f17a7fdfde9da965c8236df95a72c6698f36274a632908d22039a2a828d1

SHA512
8ceaae534e5558b6ef3f0db80527d8d79a1aeb369d3bca85d7e92da4ac5c9cad83e604e5f566e957cbf027192b1308c61098f7b493d5232efbc4a15082737a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c491236439aa043e69263a3f049a9e27

SHA1
2cfd2cb96d538dc65ad9c2202ef817820709ae78

SHA256
1ae6f91b6281a84cb427543e8e7ab1c30ea96a9514df560371fcccf3a526ee71

SHA512
f41f04d25dfbf3ff3ac605e592d45ee6416681f6c906b36fad9ab451197ceb3113557eaf89d784765adff2860c86fd4852611d3790221cf6c47e68c36edebf60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
7e1746d1c0eb589e2305eee24d3a9961

SHA1
2e0aafa04cfa6f9259dbc9930a9c5f0474cd0a62

SHA256
2c03a7080e12670d0aa25438fa3f648ebbc633b25885fbfd11c2c007ffd41169

SHA512
f81e712b57dba530394d4b4794b268f53dbf1dc574f75ebeed59fe93d1655c52d4d9420ffd5f2d1e2be0f8388edf3f52a50a350b736d3aedd420e10b1a878355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
c35377577fe982ee06415f83a3321a85

SHA1
1ba70a682711c006beeaadaed7aa608cb3d0c98d

SHA256
f405b0813859db02a33f750cfaca290e143da9fd93beaa34813fc02fe9daccee

SHA512
703b6e79a22b93df53110be54eaa80dfc361c71c3fb31f0faa19f226a85ea6c6a95f81250ca84bb398f627d93ac68d1800d0b781a420844b53c30b5ccd18a1ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
87da9d56311565de6c1eeb6e928a4178

SHA1
1833a5d39eb910f48b467c9ad119add979523696

SHA256
0515e2fd15934215699b3384e9526da45fca0be0674a4dbdc70ff46eb996e773

SHA512
79be56e9206ecc807a2053033f0dc9c3cc9665342ee963506d8ecb95484866f5b87e4acef5fde9ea12bb560f701277402cd9c2faa978a08b0e392b7042bd0cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
ce23770f1f3e0a365533d18db4a954d2

SHA1
56bf993ec9ef64e487c95046452eb362e38cb7b9

SHA256
88b34b624470eadb4fa854b73dc0a27c7958d892c9fbdb46ab1800215144ad42

SHA512
2cf6d4e75029edea13ec085af6e408d5473bc16e3b220a4119ed0ee08db0f158d74aea3e7af57cad398e2cf348e68a0e794b3d27958a429f5d9360052263df08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
ce23770f1f3e0a365533d18db4a954d2

SHA1
56bf993ec9ef64e487c95046452eb362e38cb7b9

SHA256
88b34b624470eadb4fa854b73dc0a27c7958d892c9fbdb46ab1800215144ad42

SHA512
2cf6d4e75029edea13ec085af6e408d5473bc16e3b220a4119ed0ee08db0f158d74aea3e7af57cad398e2cf348e68a0e794b3d27958a429f5d9360052263df08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
6027b2eb75342d7980b1cb74b794f456

SHA1
2e39e3f0a8f2752c613d97609dab054a70670862

SHA256
fe73643c59a4d4c020720d38e8f4b9985215d4b35a80c7c15c1be6ddb01a9a57

SHA512
738ed8682eba5274b16b5b325505a3f3c6d2290d8ee8e3b6205d90ad75d95cf78eb5e0b1efe94fb17e0a83df23829c580ff8a98d5c36f356f18f07e8b1882bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
86db33b6d4dec1ef54ab0f07624747aa

SHA1
02d8f45a7858379de47faceb81d37ceb43022a63

SHA256
cb38576ec0f6809580762eb5add48ba6e06d86d4a2fc592056ff91f7a7319302

SHA512
d2d866435a8dbf468131b8a825cde9fe8efa6bad5f161abfcf994ff270fef73618c8cf488991887107f08fb8cfaaef07858847e10f43ee40947650eb45184f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
e78f3fca723d859cc7087a408ca7fcd5

SHA1
153988eb41dcb825301a390125d034b75fb2cee7

SHA256
440bb70037b2dbd8a6f62517311b82fdc153ac47cbd361928a68d2abcffebae2

SHA512
961717dbf8e8b0b0c87e8985dc5c41ba05b91798af6783e838e6956511d5ce374bb0f27031cd6a5e5484f7866a0a4ee7953a9f7c913f8344e7f2cd98223311e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6720659db6449e7648e3af99e3bf718f

SHA1
8c631ea16592ce7ede8a5fb3cf09d2762ab9f88c

SHA256
7eddf2b307cd6a52ecd2075f762ab20d8b5a1341c6499543efb24707fd030d65

SHA512
acc1eb4acc123ec4232bb5ff59eea7cb91e8930c36e7544cdb3d8d03c99e561656f98514f88cdb0d223b940fa70c3532fefdbb908a83f62fbd82677e5ed98f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
90b2c10cacd7ba24142cf94680f2004e

SHA1
cb13afa1ff185c7a49a387156c8e07bbba1b26cd

SHA256
d510f8a75695d71509627e7e7d2f1509243b98c890602766b29cee49fcc44cc6

SHA512
26a3bd850bd139fa4b4efdfe4ba9730b1918e26db2bc555ac7a5dce177d1cce8fdb9b1f8db33bddf213708f289f5f5ad580f5d688b4a4baaaaad68c9cc4a0d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
d80820b218a91b572844a1ce0880590a

SHA1
517ba7e2f8f25a3dc249d13e94942e264a64d35e

SHA256
43d92e958fedfdabe9b8355fea730741ff2ecea698340185a8f94e19515f718d

SHA512
73bc71ac945c66c3cefdd4e3023efce7ec4e8788fe70967d332797aa94760b4d97bdf80ac87ded02903810d84bb3c4d870df2e3b5a34ff28ea1368fba3094b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
133B

MD5
ee9606090923210aee32cabb351daaa6

SHA1
bc53a41ce7f5435e6720bacb39ce10ddbc97a43c

SHA256
ddf605726d5ed9e5c699c8fea03c203b14541fde51d79cb97975b75e3fbfc9c5

SHA512
9803607ac5ce52d087cceb21d0683b1330a4d00e0139ccead59576c3f3b5adfe8d2b8dd074f643c991434519d5a0b525eab99a1732e8bc2e060809dd737fe041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f0efb48b25dcd8aa91dfb64bd9343ab9

SHA1
45ca48f5a2f1d2b9ff7c12c60d80a27b05c407cb

SHA256
9da8a17bde4a34647204a44cc93a93e2adabca45cfb23113ad429632a5dcb5b5

SHA512
2989b8b3a91d13a5954f4e922c3bdac9abf6aa35ee5714f28ea622f11e42190e154b2f90805143d955bf75e82e4c89a84a9e1675e5e9e9671c0f1bfa7a97e8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
616B

MD5
fa86adae7fdf11f4e26b2d07074cbb53

SHA1
d92e6f6e47424c434f1cb492b4cc6fad9166fbd1

SHA256
65b3f18cce3a04a3b97c22145ad972b5772d31d18a9d2027c54d4e260ff484bf

SHA512
3c2975c54bdbf46d8ec192fa4c03766cd1192e60883e10b341c3bad6b0aa593792b7852e801b6272e45bc5c6c67f9fc12302d17d0c9101c68d7d796e8d035d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
616B

MD5
fa86adae7fdf11f4e26b2d07074cbb53

SHA1
d92e6f6e47424c434f1cb492b4cc6fad9166fbd1

SHA256
65b3f18cce3a04a3b97c22145ad972b5772d31d18a9d2027c54d4e260ff484bf

SHA512
3c2975c54bdbf46d8ec192fa4c03766cd1192e60883e10b341c3bad6b0aa593792b7852e801b6272e45bc5c6c67f9fc12302d17d0c9101c68d7d796e8d035d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3e167ea0a6a8c78811844fa781e66ce

SHA1
9ce4f6ba3f3cf3ee1fb6edba23855b05a05450e2

SHA256
5fde2f21c7437a98021cd0290cb4b95d760ef61a09385f8d0715a75b47966e2a

SHA512
81f6781045a61aa255ff2f5ce15762b259df1e171b41b29e86291f02884d610cfb2869efb3e9644c32550a391a48213215363468dec69528e6e040175ec1cb4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ccba35cb13c9c3d825a9beb6b203b3b

SHA1
15ccde707b34b3e13e1bef8c5f821ec86d846516

SHA256
d3e93cd91280e3f32831fcccab3aa8b87e1a8bd775c1f8afd223f1ef9903ce1f

SHA512
306a351a448e5e0ff66d042b3879517b89767e12aacb292343cb67a898117eafe7b2c7d3e520be52afc7cee57ac8a1e39873d13b2a89c2728a680cd19dd602de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
791b26ca656f9b1632fad575f5a80ca2

SHA1
9095f9ad220c2961e560bf2a7ce589cc6a750099

SHA256
27bc4a750478ab1a3f3c3987e4cd4a14eca2bb2d35ba584b4204c7bed74f9f53

SHA512
5fb6f134bb3128b04c2a7a7a9c620aa416905061874d8edfad744a90dc2a92a3cf5f71dbad153c7a480c5f2d320fe9c035b6526cbcc4deaf9c1b454172c9c6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b388a1d72087e04643925942004a7556

SHA1
831828bbd578bf3d87f5ecb298718672850ba77b

SHA256
8624924078950b0f73efc9a845e515b7137d30ae7ebd10eacfbad1b64af01991

SHA512
34d1ef9711488968141a25c44e5046ec73ff0d856ebefe2b07183845d10cc8b9c4808cf0057c8b4ff6ebd7bdd43ab43f616cd4fc0e33db38dcdb743538f51a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b388a1d72087e04643925942004a7556

SHA1
831828bbd578bf3d87f5ecb298718672850ba77b

SHA256
8624924078950b0f73efc9a845e515b7137d30ae7ebd10eacfbad1b64af01991

SHA512
34d1ef9711488968141a25c44e5046ec73ff0d856ebefe2b07183845d10cc8b9c4808cf0057c8b4ff6ebd7bdd43ab43f616cd4fc0e33db38dcdb743538f51a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17033380f244b710da0491f01b0b286e

SHA1
5cf861230d0ab998f9e6184bbd9171e1cc4874c4

SHA256
9b05db717a4c9631f6131bc801f1d173f63ffc3801f2001acf87f3c773fa382f

SHA512
fd0051afa9111504ab279f50559d88c5086f804452afe0dbac79c42e97b56a12046144f59e6a3a8a6c4fe00b927110bdc49967601f31b706f806996cb73eed90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
11843ce180ea4a3abf9b6f1d9ffb613d

SHA1
9459c02007283330068523a9deb4919ce346dd80

SHA256
aa1b1b2c811a3ae56ed6f99e53024c726a334a93f9c266ef03c1083b29d80031

SHA512
1b72dd418fb0c1745ec9e7af57aaad029b1b9821d3fc7d3afe3895bff368f00fa57befcd24596f69b9de4fa55dae571a9c23fb07511a115be5c41cc5b1062f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eebb87276d4d8c8e86399953f1fd5d76

SHA1
2c1b7f15617dad6c5621c1a4dcd4f9e85b50c969

SHA256
67b90d14705ba0d32de1a712d96cee5ff1ba058c11206bc892e11ae77f985bc8

SHA512
9e48898e2dab7bf7b0b23242a2379d04bd717a76c8d2362b413cbae2d29ef2e50ae9cc5c4521a6092e53e12e64a2576bb13afff815574204e722d48cf041dccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4c2a64053800099701710d4b9a50ecf9

SHA1
5835a6a02c12b15ca480362fee4d50bc04690ade

SHA256
c4cc98a6c90388fbfab52638af408e691464c52a9bbafbea18f10c11e70be94c

SHA512
9674be75627b083196d12f4cdd7b8afc3958cb6a0d01cdf598436f94d742ddaeabc3f986fc18a10fa4bf7c595771f60882c5bf384d3ce62755558d479ea121a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
56d14856ed7cb5a3ef5162bd16766ab4

SHA1
b4e65d70b85ffca1b98e7bc9fd8a620325c7722c

SHA256
ca89afe3f077e75fa3b953d4859141acaf334e089e54d6818be739a21a10a4e5

SHA512
9e5f1c86bbd6e7561fcad4925c1a1aa739477d8ca986d8343795023a4e9c280321b61a22872bd819169b8f6526dd4d372e4f95c26fe19d4690ae4423ec3615f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13342532770979587

Filesize
34KB

MD5
ace86010b634230c18bc81e092178d23

SHA1
28d2f55458ecca0217cc61db295c10c2746534a9

SHA256
73f919f9031a63521fca3f541fe9907a0741e09d0bca7e896c3a401aff297b81

SHA512
fbd67053f8b74ff08da1deccbd0565fe35f7d0ad5136769e0ba301e2973cf8f157723a362cadfde5c794b458e7283a85bca8f52ff59b4bb5843b245a121eafc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13342532771432587

Filesize
14KB

MD5
93f6df33f2506623c4f68c7132dd99fa

SHA1
aa5385e8b206acdfb21b67aa7ba4fce0150bccdc

SHA256
96ef286f62d0cc09874938c68f926154233b32e7eb478ed901ca39f064c4209a

SHA512
47db90205b650087783837c753299da4279a50145a62262776718e13f74876c6dd5e317def6fa7c1a74ecfb52f65eaaad2a48e234b239a9d8538b3bbdd25b6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
f6f6599e3065cfce91353cd6c780b1f0

SHA1
86da25aa072ee49e4a81a279b7828e91744e333b

SHA256
aa090e700cb579ba06b45a888fc4f8b55e8a433bf10ce4396b840102daedece4

SHA512
86bef1a170baa538f7191bd02eab1d7f6c7c9702e617e32cdbb5c4fa3a11bf1d9af8f08b8febd044653d78f46ae1b1924a6d73634c540e4c4ef500a195d96820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f07f09916f85bec768e70ec521ef0729

SHA1
235c20793b38dd55886be1edfc146a7fb55fabb2

SHA256
1447a696e18d3fd320168689b57195b0893a806ae83fabda98c5d33105d73111

SHA512
9319ce4595556af546a5e17bb9c6b21126e8660d42b6672fbbcd637cbf6a786d05c92d4926b8e782198a7aac0b44dadce0221f377ea9eeaad13b66254efe0c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
99996f3f229efdf4cce2fc9b7b81e4f1

SHA1
56913219a154ce1f46129450908225cd6e7d047f

SHA256
93fb652fd9f4458cd6b210b4d244280a228a34d6d675438a673e725127ec5a85

SHA512
4ff137fad704be5c9f5e105c330c37dee168fc6dc6549fc009febd6478104b2b282a60c54daab603cba87cefc3d6e50f591a6a4e846b94e951f0ed7c67b49e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
b157c3740115bdd85059ec2ee532f035

SHA1
919c5a956db185dd3d0425366aade957a6621b53

SHA256
fc79cd6a3553984778ab5a7a06e0e50c6eea83b7e2c432daad85c53fdc3fb119

SHA512
9dc4f6a738246a6ce945208dd5c4424d3ff9b18e59080c0c195a38dfb7fc3c67435beac0f849b632b1709a35481b48197961209a49614f44bf250bb73f742098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
70837ab66bc2f361fa11b1b34453dea6

SHA1
d133da97e98b9b795956a0046502acb3908d27ec

SHA256
3963539fcc655b2147aab8bb9bf5d50e7bcff184b0298d61f73e1827f2045bab

SHA512
5d7b1b085a05d2816cce43d4ebb9d278f40a4d1b1850f2f6b86b5ca0a53d1898b0a038923af351589e751d3c4c6514c0ec08268f0d2c7881a6a0d96d16ae910b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
93efeac5baa1199d1ed202a376242af2

SHA1
e5120654a36b3fe64e8e605bc66e3493144b59f1

SHA256
ac489d94c73c3076ef4441f8fdd6592dd9d187456075a4f5d3505d921ff8a955

SHA512
8be000a1a1d16988062c7302c395f7a14a85739397780c703da80841f7a7dda26eda1141baac970afeacb2b16df7c900edb2ad8afa21e4a60d923b2ec3906051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
139B

MD5
5b3b86754b315a988325650f2eb0d10b

SHA1
903a270fd19de27145d110ddebb4e5f9855815f3

SHA256
0859bb15291b7c439f991c6155e5f8b0eea3a67bc9d7f762b6f70d62a7c34489

SHA512
32b236c5121e1831b92f8b91d1654037dfc17dcd8339ad23696dbec9a7a47dced8f7b9e7063bab51daa674ac4044df2e9bafe99a9efc23e241c5d77c940756b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
a087d7ceee221ca47cfe15836fc2e2a2

SHA1
cf6d7234fcfcc21150ffc6bb74b822feb930faf6

SHA256
fbabd2785782e6935576f890527c02c1aca27c94f4217e474e8225faaf90adec

SHA512
abfcc06230edd75e85ec87369e4660a03ab07e63478829839465642d7496333bd90743010bf526db562a4f25412f026f04469a251003d15b0421ca715269c00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
15cdb2a21586c7116fd48b3b87df8ac6

SHA1
e525eb05ccf1c18d00ab989eee8c0b4963950e20

SHA256
c974ac5775b2e0001d1d92771fe8832a8fa3ee95b7feb8ca03f8463a19d3da4e

SHA512
6b8b7460dd2091b50a06cff5bab0cf6044ebc7e92067d3df229f97a487be7fc9c9b342ea897a12cfe50a54f6804d6fda858999a635d35d8a1c00c18c411c6e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
de2126d8b85d9f26b73e944b8f6bab54

SHA1
56074990f3e1c800b007c880eacf3f2bdb1dce17

SHA256
f5e95050cff655e0fd69deaa0058a42b6a7ba21d091af67592db7d080b1fd22c

SHA512
e22a8a986a8d4a25c740c21923aa0ee58f80bef77eca37f4b7099ef2f01d08d6bcb3ec7b8a369d2b08f783edf0d8e191727a57ae3642dc6c1e0c1e70177a63eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b2d6369d20e28781930af96ead5353a1

SHA1
6c8a6e0c9b320f6517915475d8a24318e869368c

SHA256
f07c2665dd85e4e59ab64f9c7e537d0b5d406bfd3de05f5cc79acef33f5ab0ba

SHA512
293a514c354dc67bfbe8944c4d0d24e4c0c6c44dd97d31e04576aaecb60a95e43e3a67d61954301f47f8f2c6667f21c3dd43d0fad401fa6ad5cf204cacc7dc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
2297fd28dce0018caad23a683bd2ba4e

SHA1
352d587d1a50d5afbb8ab580988a2361c5ceca14

SHA256
c7497dc001e9ae3f2ac54aab45e18ac513f4945e078662ee1c1c30077455a72f

SHA512
0d29b58096af8e5edcea174e8bfcb96f30b38db979daa62fedc0d7f509d2c913b020af255d8274c39fdceda25994e8c9e77de073dd6af114ff12775e08e7a323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8940d741986acde63fc2f206738e793e

SHA1
846e7144faf75ff58464ff87fc0c4b7bbe271280

SHA256
6e38c98d66a7dd4370e46d63efa68709561d19b5431ee7d0724db0065ca25856

SHA512
8db02c74baf7fe20fd46c2e4860ea8b03350d20d3fc51bfffdf0b945c14603e32090bf9a73cf9c30ab5e839bc66a2e15ad410c122157e203d4ab3f66f550162e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1eaef911504e133782b18fabf1126201

SHA1
e98fe5b431b55ec4c50054e2a6fea53ce2a016e8

SHA256
0fb0966580470d01ce99ce979b5b77a1f15ab41a87c52c2133772e68d505a8b1

SHA512
a0c87796394297806ee0a2aad5a8c0ffa006a9376365e55acc02edd7876de46a4de33000d74b935135994ae169351bda812e3ea0fbce16b85fbfa7fbbe1805ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
c277dc5cf97658e3dd43ecc8b456ee4f

SHA1
4818e4dad4cdd29fd91444cd38a8208202821cd9

SHA256
a4c5b39f1132751ae4b5868ae6dd237f2bec91934cb0ea10ede4b4e334821781

SHA512
0cd0b8d51d0caf818ae877f45f1d656d9825247ef1428c0547259bee18a71123bec32e54bab56a4d9711b286b8db0b63e039a111e021ff31c5e8476649245b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57f961648df2da7a612a518a0b0157da

SHA1
f6fb52fbad5c18bb9ee2e6c2ce8a098881c34e0c

SHA256
b446075c515fe9edbb39491c8d52f9cdb3457e6262db112750daba7ff3220ec3

SHA512
136ddd006b6bafa565a74a11851e05dc701238369bfd2feddfa9f99ca8d6fe7bf9fa68fd87f6b060d11026132a756f87174ad0e06e4b33bb516c8601bb3f37ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8efef5f9a62dda967f52b9c8289073e5

SHA1
f427144ecc8cc0d25263dddca0ec15fe13bf1e12

SHA256
96c1798d2996d927e054d68762cb1ac41c44c463599d76cf1cc2fd038f503fda

SHA512
26981f85c7f3b1a16fde62ae47a179307778ad8e81970d265c35c1c020092e7f5d98461c975c343e46f7c3b0ed56a1b1806ebe0ef425271597ddefc6ae96ade6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57f961648df2da7a612a518a0b0157da

SHA1
f6fb52fbad5c18bb9ee2e6c2ce8a098881c34e0c

SHA256
b446075c515fe9edbb39491c8d52f9cdb3457e6262db112750daba7ff3220ec3

SHA512
136ddd006b6bafa565a74a11851e05dc701238369bfd2feddfa9f99ca8d6fe7bf9fa68fd87f6b060d11026132a756f87174ad0e06e4b33bb516c8601bb3f37ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fa862106b1600d068bf3cb4f1dcbac11

SHA1
166add3427df47bdde0bb46df25e0ebc6bfa76c3

SHA256
b0dcb9348f7b737ae9d7da29450b0485d51423f060d1fd74a6c0ed0900508359

SHA512
bc4ef6a07d2444fa34f46eab490f55140caca8f029ab4436441e30a12acc68c67bd4b604bdf6c0dbd7f2a7ff95be384f5050e81ae0e398d6d46b5603ae511565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
bc728a8bf0d7a877f7ef560d8f7e1ad4

SHA1
60a1acf6a8346aa1fce0c51e182743d671e98e62

SHA256
e8dc15ab0c22e81b0005673050b3d6b6b05e435517d6782111c94f4001420efb

SHA512
c008015de05abb47f836045d4cad40a0468d5bb3e61b0cbcdde9f6d9ba44d1547bde7955d21b4b8eeae952fc356738b4ac887b95665bb41b93c2dfa2101d6256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
24600541125db848e6e5c01cbf0d27c3

SHA1
a18e1f03f8014a6341c5f1b12204bd38c7e16e55

SHA256
fee978937d89e0254ab562e2b60b34ae4a9154792d6872fefee2aaa0b9e6d699

SHA512
f3e958ff43bf302e67d3529feabe442058f34d137ff10c5dfbdaaaaeee0ab1ace47ffd22c0bd1f298259930f45ba140ed1d0f57a85a80fae7c32d22287f7c177

Download Submit