fdd8d17d3743108fc84688e767b6cbebb3325264bc3a36f244cb7c3e445607b0

Analysis

max time kernel
193s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

happy-valentine-day-set-of-doodle-valentine-day-ornaments-and-decorative-elements-pink-concept-car-a.jpg
Size

37KB
MD5

7a6c3b005fce7f71e81e4817cf767e16
SHA1

30e54cc1e39ff13d19869a3925b8c5203e9f5436
SHA256

fdd8d17d3743108fc84688e767b6cbebb3325264bc3a36f244cb7c3e445607b0
SHA512

93371e2066ff25a8e5c746679308dde347fffff27bbbff46fb1e8ea782d474a58f60693d2b2d891d3ca2757691a6ec72addd32009c2afcd53d4e02a72f600afb
SSDEEP

768:WPS5YZV9SluzYq9TzH3bMFqdM74bRsby4kca/GzmL8s:p6ZzSlu8qpbMFYR34Y/GY5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3538781373-1545967067-4263767959-1000\{F109DCBA-6944-4C02-98D5-B3E19B4994BC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4280	msedge.exe
4280	msedge.exe
484	msedge.exe
484	msedge.exe
4152	msedge.exe
4152	msedge.exe
3576	msedge.exe
3576	msedge.exe
5472	identity_helper.exe
5472	identity_helper.exe
5336	msedge.exe
5336	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeBackupPrivilege	3880	vssvc.exe
Token: SeRestorePrivilege	3880	vssvc.exe
Token: SeAuditPrivilege	3880	vssvc.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 3380	4604	msedge.exe	100
PID 4604 wrote to memory of 3380	4604	msedge.exe	100
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4456	4604	msedge.exe	101
PID 4604 wrote to memory of 4280	4604	msedge.exe	102
PID 4604 wrote to memory of 4280	4604	msedge.exe	102
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103
PID 4604 wrote to memory of 4336	4604	msedge.exe	103

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\happy-valentine-day-set-of-doodle-valentine-day-ornaments-and-decorative-elements-pink-concept-car-a.jpg
1⤵
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault92068497h4175h47d4h9281h9621713391fb
1⤵
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd5c6646f8,0x7ffd5c664708,0x7ffd5c664718
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12926057432515046635,11451430287212198691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12926057432515046635,11451430287212198691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12926057432515046635,11451430287212198691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3aa80909hfcb2h45e2h8261h79f106eca58b
1⤵
PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c6646f8,0x7ffd5c664708,0x7ffd5c664718
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4456626222654051549,16136172934824868626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4456626222654051549,16136172934824868626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4456626222654051549,16136172934824868626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3924

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb1e9e10dh879ah4adch891dh20c64243b139
1⤵
PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c6646f8,0x7ffd5c664708,0x7ffd5c664718
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,3041170088083292864,5050436667837325679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,3041170088083292864,5050436667837325679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,3041170088083292864,5050436667837325679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5c6646f8,0x7ffd5c664708,0x7ffd5c664718
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7376777304823978501,17215734533932339230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f750e7e49f4f5b3e42638e79841633f5

SHA1
741f274989a08f48dd05a5942f80bddfc9931aff

SHA256
228f1a2404c9f1b54382f0323367fa4a9ff64e46f20e1abe50017a94163426a5

SHA512
3e0cf2343d73f37104a1b4c06b8f38f2b3f92bda728661cb803b793b0c09f62f4a3f48a4c8757c8d4b00280d702820a38dd6d2f30bf82fcf62436520df394607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f45eeb9d5ea7a17f4339d4c7e14684f6

SHA1
f5a214ea74da779d16e14aabe9bb588041dec3e2

SHA256
41a9ae073b0216cd34b173b3d6e363616c8ea04658722ae5d967daa5624286a7

SHA512
13a61d17f4a3d20e08b34e36aa6a39abbcc82ce4c69ebafc393c40f47bb21ddb76c9a19f89f815a4149044597ca2367b1c7e7451504aed997f59f19fdb3d3a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5b0bf4edca2187f7715ddd49777a1b2

SHA1
eb78099013d0894a11c48d496f48973585f0c7c0

SHA256
562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1

SHA512
1039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4db60c9bb06ea5452df26771fa873ac

SHA1
c118183a1315a285606f81da05fc19367a2cdfe1

SHA256
f168242e74bfde18bacb9e18945a39bb447188eba916c7adf0f342ed8d82281e

SHA512
180ed98f9d5a14a22687a099c4a0ba6b586610f7b8b4c8de89f3b91713b07a2ef3726fcd318cb4e270b1745213b898037d29cca4b490d0c91833b797d69ac406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
482fda86417f1e9ed0b4da7b914a44e6

SHA1
7c6780ef13e9b36b5365ede27101b58fd41e5cbf

SHA256
cb54acdc15111877b4186c26eb07e13817a4c325ce6e4c1201f1cdb0c5835de7

SHA512
ae75ae7a8f11bbd1251dca736141901dcb46e179aa1aaa1c8f4fe15c7b788e66fb60532c47bf1186e28bc10a48f842835f9d1dd4580b114b4db85ff98571fc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7d3a1fe2-518c-4bef-9289-fee69d1a4e14.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
48e426957b22185751e3fc290d7e786b

SHA1
be3989d036ca9c37c407b778c5f492beb4ad271d

SHA256
93426b7789b22a77adec1d1e2ed5ae798d4b07643388509f84f68e314a3d30f6

SHA512
7338655abb6cd86d83c0ce40c7ff41bdb07c3c6f6eca9a0463141f6175c8cd22a759d007cc9d4b2dcf5af8480e8458df6b448fadced32f8f9e054362f1fd9d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
65c46d08845f8455064d2c48f5097db5

SHA1
61f5745c55db07717c312d1adb7f457a06094e02

SHA256
594531cd49ecebdeef48ee6a95fd0c788999c939da1a4b4261a0cf5dd2cc1bdf

SHA512
30d735337a63869335e1e39bd753f04be2de15d5c5db68dbb1c36df5290f94827ea41362dc7a121f366cb34e38aefd80dfb1a90341f0bae3d64804076449441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
398B

MD5
d4a8f0dc556069456ca450ea0a411494

SHA1
0cc1604efed0355975619e4d808a18229a67cdf2

SHA256
9dd6bf50b290393f77a9f2f77abbe5a956690c89e0cd1d3d5262ed7d773f2596

SHA512
306a83a4fa4b10a39e366e65424531de2986def2990e780ba7b7b66d602eaf424bc477fca53c01aab892de007d4e4eb9f0a1927e5d63ba9bcbd28d4c43fe3d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c84ecaab2629d2c81c844368d0f6288e

SHA1
7dccf05b841928072f0c3f2d5b0c9322a5550ded

SHA256
04119161a2cfde6543dd9394289a4cda54f18d2f2015e064bbbe83bae69b7ec0

SHA512
06aa8a4c3158b26df5327f62257cd158c21f9e655d42282bad2aadb8b8e9b924746c37ecbe8d170ab42e7bfc59e9bd9f2448572551096daba348ba0989c1dfeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6221deb19cb324d1aef2dc055a16183

SHA1
301bd5000d6a75ac3958713ce42ba6c328dcb860

SHA256
65f01f43609a9d271671e396b3986e1dd184203ec87492435f2c1f9b9c55b796

SHA512
e4d73690e17ade3a7b8d9984c455a5372d94ff6fc2b15724216ba6bf16571145ea17ed5e808cce1eff12149f4329d0a2ac133f634397535dd31e9359249be8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a30b444f28a7c1bc5e91b91f2a785d50

SHA1
a6ca6a29e9583170fdcabd6c7c28a489d9fa4780

SHA256
fd99770b7be4237567e43c0b082676dfd9c94f41d1b658d2c6d1a62ec1849669

SHA512
99e1e651c63b64eacb4a744bbf76dfda82225420b985e2cae6b45d1cae5068cdd0bce93b97611c1c3f64406ae95c2c2510251457fc019a6658a9e571d2979292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
afd2cc4134f10a77eb68ce10ef5a2bd4

SHA1
489dbacd27bd998c3ba9af97949f6adaaa73c14e

SHA256
032ef06d9011337f374fcc1e9df4cfc81ec71d5d2744253c9aaa0d005123da9d

SHA512
71860dbc7ed0e41dfb07b54480d4b6e770767a92b679fc1055c2075e06fbe003b7b98cf8261651a44c3179345b2d46c6bd7ecff0bdffed420a7bb82a7ede1094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
613541bb1af832c6a649b3ccc5c55c2a

SHA1
cbabdd2e701996918278fbf9e0c276fecff1f884

SHA256
adc1607b8326a740469f0e6f0a5b28616cc8f0abf09d5aa7fcd7f123fc7b4f3a

SHA512
e760c569b41b028165f1867900c14244928aaea3bacb3357dfea6f249201c1a128146b6a14e8e612bd52ccec1895e15c7a5494f63892145f7ca6516eff53816e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6241838c7320bbb04579d685718a839

SHA1
ad64841e8b893acfaeca476026e89e91d71fabd4

SHA256
57c3609d710fa0df5902725b9e0e5038934bd85aaeca5a6a232798e61edcae0a

SHA512
8fe322a836b83a51f3a0554445be040d9aea70402bba39c9a89f590b012700a1fafe69cee5d57812a6c6c217033461d0de0d45ab4d41e956221c39d7e1f5582f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94ca6d487057edfca7bf365fd4275513

SHA1
f4b3b7bf374da3ca70b903f24eb5e98dac3958d0

SHA256
5b8424fa20183599aec31137fd7b1703e175b1fd739497ea51d4ec842e33e61c

SHA512
ed88a93b4de15c5ea1fe3a7301654595f7d6990f78c2288f4eee0bb46276422558b969881858b1059d08e52da68871e5d0479b6295e0dddaff2cbdd28f81cc7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
557adc5eb2bf4211b7d3c91b3a1c13dc

SHA1
dafd502984ea5a2a0d2a5dbc254c56ed4e342140

SHA256
6f55d761e7ab079db3adcd87c024e3cabc246c947810f6509c62eb884191e598

SHA512
7d2f2a22df5bfe066c9fa0e97668e76ce799cef2a78d31f0e70e9acafe1e647b07c8280d7e06d85bb3eba7425ab822e3d44e7ddab8f19dc9bebcc38dfa163f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b0f220687d438ae72ba5453236cf909f

SHA1
3aad15f0428847951f0986f5025184337d1b4eea

SHA256
8e333b85d77bf2fca0e10882f1ffbf0d081e0bfa054250a66391bdf74a7c9d25

SHA512
0aebc56b51a7fb9020a910c3f23abb231a9f01ec941d35b20a83955a2f9c396175066d409ba3b989a9fabefc5c526b8ac15ade7f071db912077c55f16b9c49be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1b883544f3907e1e78abed5c426b824b

SHA1
aac64e465a3bd44af5971b8d1884d9db6fab7e22

SHA256
1241e37adb262b19d731a9815ee90d16eee08cf693c508ca360355630d7af29b

SHA512
2d036bb4781553c41191224fe437c236d36e37293672633add465153b40dd36050c91c2d03e1f21ef0dafd9212932226393700204953e493cf43b5e62fa30889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a34356185ea8bb2d209dca48ff6acc07

SHA1
f74f1f922a787706b500134a84db8b27e4b38ebf

SHA256
6d7d7991d985f4960934e895ccb922cae92217f5c19422a40cc676f94c0a7198

SHA512
fed90c547ca9a6b4d39840dbd09ef18c7c6fe0ad8b12437405532f48c80288a7c8fdcea8524a2cb282dc0a2ac279e7c36447fd3ae2f0e9794e8cec2086f6b1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6521f27ed841f8f5ea759e6065d1c67f

SHA1
9d99d7b926496be368e7951828a91b191fe7648d

SHA256
c4c517f0b2e709036e8f529f342b301a859a046802f30c8d511d08693cee5d95

SHA512
e6b51a652efa319fb519dc5e5210cebddfc18476f4a393fcdd28e22d335f4e51ee6df5b464af9e9c7786eaa94799b9d3a7fb88004c0b27148775a836ac1f1808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
74c6414a9708f46a938cc350d3ffea0d

SHA1
30718380fcf4774ec6a259f5f597ffe7a01303bb

SHA256
3e66aa38aa4cf7e3462243feb5dd74ed0729e9e9a73fc5ee68b0013637de451a

SHA512
019756a732828c44399442654be37ab2dea5721dc7dabbbce181f249f50053ac726f0d0be53a26a83658bd90fcf7feba09a4061d6e2e1b950ccfed3b24862702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
41de703be13aa504fad285d6cceba144

SHA1
2624331ff09b79649e6cdd1bef022fb5f84e724a

SHA256
c653021c7167e26d7db34f9bb77ea89fcc598a355d102ea606990d50851dc3f6

SHA512
f667c7d398fe5513b6717b93c082febf54724e9845456f63381b03945506e10e0a0a6ef0db8a758934c4c83e0ccaff6d4e0d8ff5d0b5e5e53a1a598aa82a2dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
58c6a9ca474f0fb425a3678d2fe601c0

SHA1
93c3417e63767ba2f5c62ff340fd6e2cef251ee1

SHA256
52d3d1298c33195756ab86fac92c9a7d9ac7245f83a4a2c6757fd4a3b32e607b

SHA512
2c1970d6287bffb5f1fe2741a90f3b1588724af344b7008471cf8de2ebd1b018297a0c5461ebaf6d927c1899a90e31ede7ee7193bc4ad8e208b15708201fd035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
145a3aaf930fa2f96480df183fc9dd52

SHA1
e886ee191dc8466a1164c858f14c4a40b91689a0

SHA256
ac2100d984f37924dabfd37a1158f7b0d7a084042a0c5b1b16e8af51b346850d

SHA512
8710c1112cdd891cde199742eb58806609752d3a587466d9bd63b42422a517fa9c8f84795a9d539b11f087fa934745b80e5634967291987ad615aef18d1bf51a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0504a021dda4ae38bf20446e01d4ce8d

SHA1
d4a12e1820bd43019fdc782ae0ce19f22e0ecb6a

SHA256
7dc5aea1b394a98ee0f83c7d790fae29639f9aef6efd2a3f09f21ec57853713b

SHA512
17650f3fa2cf9b592042f100749ce2eaee87a6707dd43c9b79264114d7b3803b54c87cc5a28c9b367cc21a882bccb63f50219e59318d423b24866d408b4ff924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd3c35466b019868dc2c6b4eb8402ef2

SHA1
d6ee928e1526fcf3cb88255498e17e05df2b94c9

SHA256
df252c2347484dc14364e851a6c5f6d999b5fc92d51dbd0c1f32bf094683ea96

SHA512
b68af5adcef3ee7385427499e31ce5fb9f9c27ff9aa24d2cf2b00be3eaf7e5dc4fc2b0d1dd87a493481d7096d1e96cc114df07da00d53c749d7b5dbf43b3b6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit