hxxp://d2x5jgoc0qb89[.]cloudfront[.]net

Analysis

max time kernel
47s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://d2x5jgoc0qb89.cloudfront.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4304	msedge.exe
4304	msedge.exe
1604	identity_helper.exe
1604	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3780	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 3264	4304	msedge.exe	84
PID 4304 wrote to memory of 3264	4304	msedge.exe	84
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4020	4304	msedge.exe	86
PID 4304 wrote to memory of 4800	4304	msedge.exe	85
PID 4304 wrote to memory of 4800	4304	msedge.exe	85
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87
PID 4304 wrote to memory of 3696	4304	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://d2x5jgoc0qb89.cloudfront.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff882ba46f8,0x7ff882ba4708,0x7ff882ba4718
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10225540692895750719,6644903394217846161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x118,0x120,0x124,0x110,0x128,0x7ff872f59758,0x7ff872f59768,0x7ff872f59778
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1868 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3988 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1944,i,18131479024717325874,11525330626571278834,131072 /prefetch:8
  2⤵
  PID:5132

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff882ba46f8,0x7ff882ba4708,0x7ff882ba4718
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,17630956567989302043,3994908155851597073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,17630956567989302043,3994908155851597073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,17630956567989302043,3994908155851597073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,17630956567989302043,3994908155851597073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,17630956567989302043,3994908155851597073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:5912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
29c60fb503ce6224935bda3381fd9bd1

SHA1
82e8c912afeaea4393e8fff4ff93a377243ad9bc

SHA256
462ace644eb661779db1a519fc326da627686ca15939634b7bc0d8a6ab5de3ba

SHA512
27c9b08cc0da42b2d4e491dae2d422a6ba692ab0229179fdc2ae89a13b0876df8beff0e4753df67fb30a7f6b3f141964272eb6ff6a4dae1e3d3a034f9b19f4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c9d87fb55f5e7235fbede3d01263b6aa

SHA1
69784f2cf1e6ec90716f261d53655ad70ed66c57

SHA256
7902ff9f4e212a9da46335a0e6d127b263adc21cbb1174c53bcd31bf9fdc6da3

SHA512
96182cab83200d0a09b62b855232f92a12cbb6faa633b815f66874b6c18d47e38a313525fd508b2714dd4cbee38730ef9d78e3943beaaa23c4842543ded767f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
7114cbdfb8fc0f932e19591e56387b53

SHA1
69c8d1b33fde04cc9fcfe8715df127193e5ae3f7

SHA256
5a48d92f3b3852122f1735489cbfdbc7db4879f4fcb86bb69d57d33cec0fd28c

SHA512
7f748f245ddceda4c2893fb71fe735ecf67198acb6a04c15bff8a585903aac4b33a40b328ce5d375df20cd13423a91ae0db3c2561cb28f1385051a826b1b3ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9457fb6611f3421676cc46ed3d302baf

SHA1
dcd2943ea7473013c19f558039595bb6d2dc8332

SHA256
2660a49e73f0c76d48baa8ee53be6cd4bff2ff551954eeb591df76c1f84461ab

SHA512
f682ef53204ab8394dd487d84ad88cc3b5640441afc742a34cb304fbb9267fe24ca04e4fdc23c0f5237c31d33dcb0642df14786703753600f25f0ef4166a76c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ba80de02347fa27715dee68d0a46223

SHA1
f4c0d12156c08fffa0cb6899e58acd7c710bfe9c

SHA256
8463a3314b6c1e7a7137c28ff8b8b5f71c81478f1214d02533fbc46969567e89

SHA512
05dd59fbe1e7fca3654919aef37081786579bc44eab773b3ce9708502fe1fbadf2b4e9b2743d1314effe78e095cd38c9429872c0402e0bfcd8ec89024f0886af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\697c3b34-c342-4aaa-b0f1-5596bcd6bb11.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
38bb9d28b83cd7b23b29d9fe2b6f3cf4

SHA1
d85e042a7e095a990c93dd8a9a09939d749c9b09

SHA256
6240ef822b27bbaa8fb08c8da1f26b20c86816e80af630a5c60f0f61d99a70b9

SHA512
46b18e0fb711106d9400809d677c535937fc580366019282fd53b27b9dfacd803b75cdcfa0a947e5040388a102a37c5710ecce9199f820e2c7c0906765cc1d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0b118408abbce16457b4841f8953a952

SHA1
bfe9e320b4db0b210ce9a8c5dedd28139930021c

SHA256
a6b159df1eb871a5d3dee9ea76d99582e9ffcd853931b4dcae4ae89101238aff

SHA512
9e914dc42471c593051132a29fb453647cd660cfd915dc6e98035debf36d7935e973773e4ea6cf43667a3331a7fb90ff0b158d5c36c24fb73d04e99624f50ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9ad1312952754508429ce85eaf80bc83

SHA1
b0a0579a5437f3f97017be5d24ab06c8cd417b7b

SHA256
1a5dfa3866df5f92940fa52201dedb578764a0c5380e2c436e5db8cf2141fedf

SHA512
14e22ca2936d971ca8bd4fe3f332cbe7cc7403b9be20f677cbe581fc4a402e7e1d13ec952c9bcb66c62327fe6b1eb9063e6adb9dea4300ee0ef52905fdad08d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
494be120d730e342fec5a0dbd30c3441

SHA1
8274e7c26870d95ff2e6dc4e683a7ed80611b421

SHA256
ea58bd107faf0da27763c50d4745f5e3ef742dd1cbcf0dd9b36a0d382b406f18

SHA512
2cb65e57f254f6b7d77dce5c0e439b8ac70356987caef4ccb5ae9854b52dabb371a2c108d9ab9f979c55134941643f9ee478bc57170aa9c5fd9ca865e3e345ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2c4624ac0606651423976680a98cfcfd

SHA1
f595aee92a4e83119e7e117ac03600caac325639

SHA256
b4ff4fc990f8dd74880f8900e90c14fe1326d34aab14d5a0078e1ab332b348b2

SHA512
7af45ebfebff0445e709fc6f03bf1176e43274d436cfb33a487a36ac011af1da10594f3a9f85052a5efb9aabea000659c5b2ab19d32b68fafcdf79de3a47a6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2c4624ac0606651423976680a98cfcfd

SHA1
f595aee92a4e83119e7e117ac03600caac325639

SHA256
b4ff4fc990f8dd74880f8900e90c14fe1326d34aab14d5a0078e1ab332b348b2

SHA512
7af45ebfebff0445e709fc6f03bf1176e43274d436cfb33a487a36ac011af1da10594f3a9f85052a5efb9aabea000659c5b2ab19d32b68fafcdf79de3a47a6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
f257ea3838f2f84a430a4948d6893735

SHA1
ecc3eaaf2248df1f3db659788d04a70c2a95ca28

SHA256
f74022619391670fb4a5d17397da43122ff90cd907844101f23363f8f7a36166

SHA512
648d6628d7341c47782dc849b344e9bac3b30fdc5fb10e49d1874a1f3f9b47becf1c8058432d1a9705c107973494f2ff064975aaeeee35ba00d0841e86f8ce1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8a86a5b6ad3f33165b145850c1413609

SHA1
e30fd4678179e3656b45a9c1a55951f483c8feea

SHA256
f77c90a0d26d2c23ad5c2dcf12a467f13828010b039fffdd237ff8bd029b1488

SHA512
0b9dc5313bfd1fe8da8b772926ca705007d4d38e8d4285636c001752e8dccc0da0222f236924d47b87af378629dd1db010dc1a56df7e07fbf496feef5c8abc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d2bcac0a095b51b9d743ad43a39936b2

SHA1
f59bca1a23a99d90d52fb2c1c18abd5536c0b86a

SHA256
bc2dbc5028ad12d2373100c09791f8f9abb8ee83860eff25b6c554ec08b004ce

SHA512
6a33a4999901faa07f5f4b72dc85eee5f6b490312fb4d21592bd428273e11b7be4c7ba0aaccec5789a284adbcb6dd73df71fa6b0a15501470a2c66bf8ae07e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
70904fb2f063485d7f067a64f59de734

SHA1
a7c5498c462f2b707abda24040afa6a6fd310639

SHA256
d71376d5640a1860fd99251c096f0dbdffbb49e582434ea29447966dc51ed1e8

SHA512
1e61bf235acb0eeb24ca56385f75c7297c6acb273e63566f7ee9791ee9473600089b6e56aa1154b515bf0849ed40a8d2633be29b1ade4db828be23781197e30a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
abed62230fc104abd279c978014135b6

SHA1
62829f81f645a585870c9efab77dfd59da9f671e

SHA256
f0c7a4d02d834ee23346a68785f05c0e2b3b5b74b6514d53660649d16c835ddf

SHA512
21f85fc34075d1c0734cc809f30d754c870b73202b8b9aad152a313edb8a1772428e5204a80aa66411a117fa95cdce1d329e5db743fc62822c12407a4624193f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
e7b6ccea310acc44fec071617fe54375

SHA1
8b453976c04c0413a6a35132981c2aadc7788913

SHA256
215c59751bcc030248b8905bd1169e3ddf8c4d575403348cd1637ea586017dc2

SHA512
fd8b357cde0582f6c2611f33b94e7846b480f630a5f8995f77d82bd9f77ddb34fe829dbca2cac06aeb0d25d2a1a86a0d4725749848cc84838f824d927833331c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
e7b6ccea310acc44fec071617fe54375

SHA1
8b453976c04c0413a6a35132981c2aadc7788913

SHA256
215c59751bcc030248b8905bd1169e3ddf8c4d575403348cd1637ea586017dc2

SHA512
fd8b357cde0582f6c2611f33b94e7846b480f630a5f8995f77d82bd9f77ddb34fe829dbca2cac06aeb0d25d2a1a86a0d4725749848cc84838f824d927833331c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
120323e607b9066bf8d589047bf447ee

SHA1
2cfc27b605730bdfd5bbedf4a3ab0f65f6dd46af

SHA256
c0ec757bb18af55a81c6cd8598c070422762c6922544238117e595589cdf1af1

SHA512
a5127289542350a39b64cc652c6290bb36164b38c143a5cc1ef224656dcd17b0420e9297a7da3eba6484e5aa5a48c74b155619fc9218d8db6abd2194a4bd57f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a72362d058f55edf13a1e54272c00f5f

SHA1
b3396ab5c5572b33967dfd161dfde96c724a544b

SHA256
b88f592d338e53cd42fdd8e8a3b88cfd4829a3a9689aae866a5a9b4a83f34183

SHA512
380978bd44a42152e39673f14deab9c839f9a3d7b6afc2ffa2f619fb84b290b111b7606858a8f0632e2359dcd162722e7deb04617ce9dca723cb99b80d30db30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75ce242f95109e19eb991fa6f3cdeffe

SHA1
09c27fa7e69f652971cf224efb853933428e71ff

SHA256
810e0b967d1d86f948f961b0207d7782f8200d68da6d1bbea06cd52a3946cac0

SHA512
f42ae0e3a87e7cf1fbb76f1e2d13d487297f9932a49e63d50394bb466c3849151d90a059166f2e8b7bfe82f8cd8e271dfdfe216e28fb4a9c1a1f8be0d67eeba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5072f4cf74963c84911dad8d42e72742

SHA1
a64cfabceb99f52a97250a42e24159b609b17156

SHA256
41825028dafcce3294bd6ee4ed56d14399a5f576b83c5ad5ed83c3b394f124d2

SHA512
d391c78fb8f4cde50f2c3270fb142e822c774d31b3ef46f1a3dc43dcd1615bf530c759d6ce6bd3db4ae940dc7cfcc2965c06a529b964322b297907e836af8f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9440c22b83125df165315fdda1c1f727

SHA1
f20955830a8474f96b16b316efa6f3fda40e8069

SHA256
75ef9c7cfba5ec72e44d85b2f50db0ccade0302b20dcb2ada102b37e654612bd

SHA512
e78b6b00357b12f2f861de5e4b11094e84bea81f5055bdee6aa2e2a68494478f9b10aa2cf06dd28af23e017c288d796fbdc981d6c9516a5eb4f6836b15f600d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9440c22b83125df165315fdda1c1f727

SHA1
f20955830a8474f96b16b316efa6f3fda40e8069

SHA256
75ef9c7cfba5ec72e44d85b2f50db0ccade0302b20dcb2ada102b37e654612bd

SHA512
e78b6b00357b12f2f861de5e4b11094e84bea81f5055bdee6aa2e2a68494478f9b10aa2cf06dd28af23e017c288d796fbdc981d6c9516a5eb4f6836b15f600d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e866af9ca6d43709e5876ce675d55c5c

SHA1
d032ce290d01c0f493ab4a190f3b2156a4965a38

SHA256
0d14796048c5447312559db29ca6f6331689e4042be1ecddb2d4c80c22f756ac

SHA512
c7b60d505448617ce0dd6f5fcad8997d1b6e4b39e96946d65f8a2ab53dee9831e7e12792bb7c4be5548abedd24ca99138211e9819b4844b5bb54199ebd8c64df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
eb5176819f70e27b80393e8167bd97fe

SHA1
894bcf599ff45512fe856e878e163ba6c59ecce9

SHA256
f187d9f8a38c01d8d6d1ca22563f8dd12061c24a62345597584a20ce77110a78

SHA512
acae6fc79644cd75e07d101cb11641d0300cd40072db383cba05b7b748971b8cf8aa72ee32896550b5e0a0ed01b2bb205cedc372f2e76a0d2d66b5c0950b3531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13344731763956324

Filesize
1KB

MD5
1f5366d6e5dc235e7b148a926786211a

SHA1
d7e5fa19449f73c945f9a4cff56a8477e517eaa6

SHA256
1a193e7cb3a0a71a55f6cbbc76e48ef709cbb27bf8eb5dfbb5326a8dc6a410f1

SHA512
8d5219f1ec78daa112c3b5484519e2974104f1e06d2d1dc19650ba62a0c165632375fcb37cc4d62df720bd87757312a4673c2aaf7e415aa46f7bf2f8bb1240b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13344731764527324

Filesize
2KB

MD5
45a95b493e2fa7f5597a55fbcd91a164

SHA1
7210845d193a2cbe0a47ae20418972289574d24d

SHA256
f4d5b03f202ba94741bfa6fbc3303f1928617ff8aad6374e1cdf7ac67f2fb0aa

SHA512
222797f9b9b809a9ec6e86178131e9955c387c590df78ff7cb348c3405d1d5da202cca1b901205d94f892f99f8c565ea816752af68a35496e5eea53225de1709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
07076d9cd89321303659cee0a0533c3c

SHA1
ba2f17bdf1cc41e2002c58ce3d95ea002b31fba9

SHA256
c635a39d278921a373ee1e9e27d63648063acbdd4b6498644245dd07dab23137

SHA512
607e81f1b8c022cba01e18f2919c38a0cce98f94da63a3d3f47694ea819924d5664bdd059ea157419397f3de9e6cfc08d899ab8ca34572513b3af649b6cba55d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
635b2ef158755b3b56dd4622951c80c5

SHA1
03453110f6d69bc3507543f3a5deb4a449ff1b1b

SHA256
4c295d90c84e279f5796e67d55fb891cd0b1cf03c14663aa966021ca13012d8d

SHA512
35ed7237a9bce6f4be3ae0f68d1c65cbdda579d11ba685a322f2708e14daa0d75f1d6eca1fda39e72c2e1d5c8818eb56e47a2e623bbcdf52f648688455f16138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7b2087ea42ce99ac608a23bfc9edfe53

SHA1
2a2547d7fdc04a52b9ae0e69460c80a90c174fb1

SHA256
ee70d3d5effd102181bafc2393313f754fce68f4c6ec34d6ef8aecb88d174bc3

SHA512
180e1543e21a126a453aa360249bfb69407fcbe26825bb9577a6201de359206892a5d071fc1b6fe57debeccf0c674eb0dc8133d025b80f566a58a3251a16c2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
26ddd8e3a5909586571e354843021c58

SHA1
42cdf1f9c8d656b6006286ccb02a553a8d41d300

SHA256
7768968c8effe1c5635f72b43e22a4a3f2d83f9075c127458a70fcf7a4205378

SHA512
8598af15e57cb8d16475ef6de1b59177dbf5122fda3c5b53e5ccdbcfb2f01d099eb5beddb0cdf1004c2be35ab3f177dc7fe03c5fed4b89a1b841408ffcf8ef77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
bfa326206dce209d68bd5e3d98398625

SHA1
81a470fbe52612f6d2983738fba264a01ed7e1e9

SHA256
719d383dfd48a4c8ef96da7ca8b850fb6551f37ba224b6548d52ea8e2417f2f9

SHA512
3f2cd55dfee01689e32d26c94af93b1575e6269386e0e43260f96d2f5f6bfbcb60a0cb9a5f7fe59f20fe0623d86236d961d3e6e6c03f2cd0fd1eddb45a413e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
108d016effdc9352738fd87d6819334e

SHA1
d1ee48709ab7fbc8b60f642f6ef666c3ab6f080c

SHA256
8d604bbfecfea9bffcef56233c4706ddd30f14c487c5acb27a99785c972e6f29

SHA512
2c4ea60cd46b8681e5828bb8e7fecf8dd3b0d272284c4e34426fd6737486cb18186658c4b16e9ff08de541cc71dda944a15d84b0a412515cfa980cdffce749ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
82062936c88c2f341bd37f8fb01038c8

SHA1
10486244dbf6b20634cdb92a088d57a4ba774dc6

SHA256
ed9014f4b0f86265c86ab461507f1a68e6a026f74eaf668eff8fcdda3ac52905

SHA512
3056ca844dc46186d7839a71c0637c8090d77003b517af36cfa258958c9040224c8b5e1d4d8f68bf773f6d0946e6ce711a7cb601b6f13ab6b41a79747fdefacb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
fd4c68d9719bd3eb9515d657fe913de8

SHA1
5818ee16ccf3c3b38e6831695fd8b52c330f8b2e

SHA256
9917ab135e6e24530727cb14a4bce997190910704b2d03335762f093efa8d5d5

SHA512
25b150f561cd78b547dfb8a3dc80105e9108a80e7de34af0c6bcc86800a3642a931e899c13d3581835b8515e58e7624c27e255e6fbdbadcdaabb481f987d1b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
28dfa52349fa5cd238fccbc897c34e4d

SHA1
66c65a0f09c29c4f76dd1c05bff0f5ba79524b57

SHA256
c6398153af83d51234f6be20ce5408e21ed6355422b96df74432ea44077d5179

SHA512
5ab22880c61977dcb9c39ef41cada8631a1757f575ea2c0327dc91e0eda00f0bab74ecc5fef66eee41433e86893a5687bc517866e317c98ff6931b181646857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a3d5258b7eb5f86fb4203a2c8b47ecf9

SHA1
56c788305751ca602fbf0479787366e91a3479a3

SHA256
20eedae4fd5c896b0d41ac5337c2d03ccdc84bd87149732660de892a24ee5cb3

SHA512
29d39d7faeccff08b4a6a0889c6ec45b34312bad59db48925fddbe8cb12f4fc52fd8e952c54daef2f15ada8b8734f5d8baea25e056a6664aa59fc8bce9e8c050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
dc7509c3cdbb80c95ae3ad4e39bdf42d

SHA1
56f318946ab78cb03126eb51707847079f979f14

SHA256
9e26d376d121752f19ae43ab390f0d00bf1bd95b85b4474d2305421bfbbd1a82

SHA512
964acc87436a00730505c8d93a718809dd5b96110cbe8a5368efc198716748efbdf7d93c15f6691a46e3389712c013cd1e01b074af79536bd725f5af69f114db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
3.9MB

MD5
09e3895dd103c980af3ade756b60a6c1

SHA1
9eef3da7744b48c4c99701b5ee45dbc49eddbbca

SHA256
350549a398cc5c788fd075ddf24b3ba262a2fa1283e3d534844413fbcff550b2

SHA512
06b4ef1194e2768980974b400443f2ce495bd31ebe35de88df9bfb37730a3bce69a2956e6db3ae3da06b1106c31c84cc9393c9c263220182d393cc1b87c997e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
23115ca6d12a89afa27354fcfb6fa0bf

SHA1
2260a99e85a17fb951fd2a4614271350efc7b811

SHA256
ec246253b0743c769baa6cd05e0a118c7ab9adf708420c1dc2b0e435d5c4d2e7

SHA512
b0509076e1e1d3d74169083973cedbaff538b2f8bc40ca60ac4f36e737487ccddbfc342e80b910c707e7daeb7b5fda09d7d39d04a52d0912d53a09efb23fdc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
23115ca6d12a89afa27354fcfb6fa0bf

SHA1
2260a99e85a17fb951fd2a4614271350efc7b811

SHA256
ec246253b0743c769baa6cd05e0a118c7ab9adf708420c1dc2b0e435d5c4d2e7

SHA512
b0509076e1e1d3d74169083973cedbaff538b2f8bc40ca60ac4f36e737487ccddbfc342e80b910c707e7daeb7b5fda09d7d39d04a52d0912d53a09efb23fdc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d659587e35cc8036d9f26005a08da40

SHA1
d69dc25eaeca322dfa768e56a126262808aa54d1

SHA256
26779c94975433424f7829b28f49f311b23bb996113db9dacd0a16a5509e79c4

SHA512
ea42dae11ffd5280c3a3c305143152b9b2497b3420a594eaa07af0eee0bd841d1ee3e78279629e2cea7d4b4a9177f13ebe88678eda152f04446017f57bf19780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
341ecb07b39bc170cb99ed8c7c96c074

SHA1
b8d8ad9ad2c5a38563e246c58eb93af518a66208

SHA256
e0bb4c4ac235d8071eeac9a82780ce6107f6a7d12f1dd5a54d0253666367786c

SHA512
d6df0e539fddda999614e1cf40de9ea66e4b072ce39acbdc84b417c3d8fba2692b617457bae448c66fa1fd4c2bdbf642a51b1c65d8f7f1e56ea1c7000311799e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
b67c065afb44b9aea0b38f153b97bae5

SHA1
422a665670493cfc064eee8f1ce4261c63836c2e

SHA256
99db6099a20d736eeb438c7df339123aa1ab5030a958a1a5bffe5a31859e6a43

SHA512
045fd7b9cc0bdfd845c9545d5fe21c5115c8e51d0d6ab403be5c3585fa6c46fffd939ccd3d2f76cb842301cb0ed46211480ea5f9ced6054ce83582e834c11e72

Download Submit