hxxps://envs[.]sh/hEK

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://envs.sh/hEK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
1244	msedge.exe
1244	msedge.exe
2888	msedge.exe
2888	msedge.exe
1160	identity_helper.exe
1160	identity_helper.exe
1236	msedge.exe
1236	msedge.exe
2980	msedge.exe
2980	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of FindShellTrayWindow 45 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

Processes:

msedge.exe

pid	process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2888 wrote to memory of 3756	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 3756	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 4052	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1244	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1244	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe
PID 2888 wrote to memory of 1956	2888	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://envs.sh/hEK
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb27ed46f8,0x7ffb27ed4708,0x7ffb27ed4718
2⤵
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:2660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
2⤵
PID:2896

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,3424034445598861466,13395231113526860986,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb27ed46f8,0x7ffb27ed4708,0x7ffb27ed4718
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
2⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
2⤵
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
2⤵
PID:2764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
2⤵
PID:3792

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
2⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14597394816319175060,11709604894038274471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
79925d7e65ef04f4c048e1f495918339

SHA1
6cf9400937403197eb387ff2a53ca84028a7211f

SHA256
9fa7601432118379a9fbf44bc3035ae2aa473c385dd7498757d0d0d574e1b49e

SHA512
a2b58867870b46b50cc8ade35d78ce4c42efb21db3484bddbc388e0465d3a824da0d03267737e9e111ef0daa53414b9943d20180fa707cbf3043df9d15c5cbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
68326d97bc813b347a87685651967f1f

SHA1
b304a2a51c5d89fe0b6543b0cdcd2fc257794c93

SHA256
9c80201f9533fed040c088a2231a1caa2300b897322ebd9fd1a7ee25d39f71d5

SHA512
4ca4aa5ae4168875fb30eaf6c67016219bd99e824c4c435d3f341d9d7f148f615f8f7084758a198ac40b2c57b4d9eba05d4b223a4503b8cb43fc7402c20a4f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
cc04a3cdf5f73747d743bea024319a76

SHA1
07b1ab5758ca605dcf029b67b698c09835c3f2f1

SHA256
a53583eddbbd946e1eecb469aee77dae280296c91ab93e3c9c490ba6ddd81d3b

SHA512
b5305e177d4f448095e05fb233b869fd3ce793154c2b58d9f77bc9f87b6207cd23c86b8180238552cb21a7d15d0a4561b247f361726a86cd104aab4cafa591c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
9e44ebafa2fd385b3980bc719874d047

SHA1
6b7bbee8ff23662768f633d5de54a8a16582a3b8

SHA256
8d8968d341faa39e1740908f9239f1aa52cc0d814d8780136ea291ee1552f531

SHA512
0c18555ddde485a5a6d0c202c9e164e0218b9008024382d4383f4146daecfae8e40077da10b4a19280104fade8c7fcd46cec1abbb7a9214047653f774bcc8b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
7f2250600ec5383fe66c1b955e857048

SHA1
1cc4f0686765cf915e3d290d679727cb46bf9d80

SHA256
9aa5477685b1ad36497e3b14401bbfde9904168617b68e023e80ca5148545887

SHA512
fc3601f302e60a615c40cd9b892beda502b2729a02abb65134e7df9407b1a8ba2f4de4e33677511a1662fd566c77eec74f6abdd8a07e606d4a9cfd4d33515b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
3336933b007621bc7b196d3aae2034d8

SHA1
d324c0388476774240dc3a43787ce9e5de304b2e

SHA256
b6fe5679841c08b4d951bb219ca813bbd145c1e5ec625ded8be8954483d3fb34

SHA512
7d8033c9e08e3bd9c87e82b82616e4de1ce0dc438fd6c601c9a2d036fba306bc31e5e4b6295694cc0bc96428218a49adfc5618124dd7f58a61720f5058ad021d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
9dd4383135ac8edbab60ddd50302cde4

SHA1
ff9e36b2edbf05eac12f6d332261beab9533226f

SHA256
9eef0707bb244587082cac6f90d6415700bea21a08868ee90772c318228c318d

SHA512
f23688c4c7b6ba2b5afc7db238c0c6e7909bcb48ea8697a7af6754845ccbdc00d0dc49e4a3fadf6b59695820d31c90b6390bd0f3ec8297d6432a7b7655e31f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
322B

MD5
2a686d750bac37663d46bd94a40b9dca

SHA1
b89e5b551ffbd4701ebfc68c6545a69d0d415c0e

SHA256
13bf4b4ae1ce170a9e498539caed03ec2fc41d646e2289de1b6313e88c211f4e

SHA512
9090b0d4517d27eeb41548c600cfaa1144157d6a16a26c290940eb037d252a34c9a4121de8415cb78fb689219e54b65289d63592b3e6bbaefcdd407dfc3acda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
456b1941c5ff1699ab01f13d480ca8e5

SHA1
14a4725af253ca7264d3e72140fb21ac462aef18

SHA256
6c1815c20d84e934a6bb5a33b58b3252dd0ba15175129c54c2fb8b19ceac85bd

SHA512
7a817fc037dea87c7f4c65c9e3ee0c97e75ecbb6ff71ef2e8a2b7497c9340e0ccfff0d0d00c61c989cf572563a9e0fb4a126c3b8a02de73dd3d3810cd690205c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
1bdb589fecd4e50041c07dcb9b9a8fe8

SHA1
95f334e312f229b0d45f3a55fc2f2113b5fcebae

SHA256
7a972c538bb2d442c792f24d369431c5da7ff43fdfc3d253c76215c5c6f7d05d

SHA512
9348f1ebd30683f89f16c2bd2573679252abc14827650a4cb3b6c8e6cf834c07285f113c39086d511f38046b7bec3a1b1596ad118f8a1ca3b19cbba5b7a536b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
806B

MD5
c32e7175e48a5a4474d9ba29799b73af

SHA1
57b02f17e3f62308bb9aba9c584b5acaa62812c9

SHA256
0ada452eef2419dba0b3f0f793810b19364bd1a6500951ecef28b94a25d950a9

SHA512
3300427459d0389bcd2b087ef82e98721f16f8f493e986b08ae6e35e68fa5f4f622db7092d79959f5b98a6bf0252a1067d596e3c061a98e8094fa23b116dc6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
446B

MD5
e636354e8e7e7606117adc25ed622477

SHA1
883fa4645684dacefa926e9ab0ed21399968ca3b

SHA256
394d7a987c09be67935b470a90cf747c59f693c65eb92313743ca8a3cac90f6e

SHA512
743eb7bfdb10de8ee0920d0c25cdfcd2ca5bd363ac86e515b85dfd9e52fd9c62cd2417726aaa787e3dd28e97a423eafb4e1ee65fce487829105b7c2ce1cc5a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
70ff0a81bc8bd65a5b8d35bbbaba2133

SHA1
221f57dd84bf7bf451884d42e0cf7a79f9d0b545

SHA256
762d069ea0d38d34d8caad5a4f36fe35e4b0b72af25dc88d298832676ab297ed

SHA512
5fb0baa10fda2b075209ea587af370b5e36b91adc83cb9e021832db20aa2dd15a8e14d56d5a79722f1b581ba270614060fcc05d52b899efb926f1327b358ae10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
856B

MD5
6729082fa284cffeaf92bb0109f126b4

SHA1
0354fcccb81b9c8a69efaf62412d0d2e0aa92d7f

SHA256
a2f6c8e3b49161c20a0fc2a147cca266e4b9a69d0e437d7b6037e2c81cb80a81

SHA512
84a939a7bfe69bc247f7657f41f25e816c84a02c0455b7cfa51028c1968bf472f3b5de443dd823f75537c6db23c0930af21552e10f530040ae11670ce2a01161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
856B

MD5
a4f407a4cc0759608f9ea6fec7f12a0a

SHA1
8a4ed585ff3679243ef3a2aa15e4d8437ffb5265

SHA256
a557850b9448a80af9e3f43d3c98ef21d6d646ea423f48064ed18da5cb021057

SHA512
68c9859b78a8c83c99eb303edac14581ef25ef14b7fdac8b91a87ec6763add8fd7f48d657c07a2cea7d62aea72e9f46be86da45ba2f8784b56f0662f5a5ecedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
bdb8bbaa131412b79457989d55284669

SHA1
c24b67124de4fcdd95ffb35354d663532f7a1c17

SHA256
4ddfb6ae1647e538eb0c92431a67b1c39dcf4dc36a7cb2a7e54bcf380d20f871

SHA512
4e3896c7b74554048a57962c022ef494e7e290065c725aee417f512f95fcc7c75328bd1717ce3c7321e9d8a3a7cf504f51558193e1e46d3e3f96ca8561094e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8a18dcc2fa346a7f3f3066a107568045

SHA1
2ac3f395e2fd89d3530aa77542ef8be3c9cebadc

SHA256
ecbd53c8d217e793397e02d36d765c7d5039e32aa3c9ba1fe84d09abc1ce59e0

SHA512
624686402d63bc05847b8e859da9047cbe4eed5543b954a43a9c714f09cf92fe115babfc21caa6cbf64b230ab7578fc4b2d9246bfe657190d049220dc9c6c149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6846b8c22fa9e60a6eabd98ca5396370

SHA1
5a352bdeb91e986246eeb3682096b77ef1c3f45c

SHA256
dd75b70578f4a19ff221d5bff6245a014a6fefdb7deb230ee0899b54169772b9

SHA512
cc691d33ef52dc93d1b21c6548e002c5133c637db632af988761cfbaee4fb4af57270b2948ef7df2ed0f3b75eead31af02f23b597849ba17704629acc5fa3934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0db479ef940a241a6385b10c16655fe4

SHA1
a1ba212131a8c41cbb6934086bfdb266398d4ef5

SHA256
b1c8482211dd5b3a9b0d2bb9273fbd5a1adbb07192bb50a6872f7730063f9011

SHA512
2207b3be003b20890bb5424b72bf4d87c447da4f5037f8f95bf76c14c28146dc66c8e722576383d497a0aa0137eddc52208f5097a1d9cac48047fa559a0d29ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3bec9572b65a95346b3fccc3c3344e86

SHA1
84634a4a209c6832510b7906ddb3dd7012542965

SHA256
4def3c2ad82cbd50c06d06a09fa44b2fe4dfa0b9c572e0efcf38863507bce1ac

SHA512
20fbfad91240864c5c3017291744abac6dd24bb87d74573443cc659003924865fc9b962b00e0803a7084ce7b980b016a48253ef7b4d5d7ab6010a624a861d1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
14f2dfcdafcf393c124ef6dfd1b78164

SHA1
99939f8dfc8c3c952de039cda38867e150a0a2da

SHA256
3521d47fb7a83160afe44bbd8905da72b849f4a57add69a62894a5c1854edfac

SHA512
2772a0b1f27376db6623234aab0a00adebd2b6bfd9e91bc26b254ace5ed2e1b5e053a515fa6367ec0b3e5bd8ee7c28eb1f7e4f3a130556d8c016fb2649e23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
Filesize
36KB

MD5
b63c99cd610aa836a1eded18a13ec2ec

SHA1
788f4b0d8d7bf9119cb76717f8415807ab841d65

SHA256
6e7bae39217bc5cd7c95c5730f5fa7788fe0562ac1a31b584b27e6d4571bff4f

SHA512
8b487ab1835e8b55f66207415d7db8b7e2cf4c5803a04b0808452b4c553b007c8aaff244a472d025cc8404a784a0151470fa2d32ae7771d2c71080d7a55f5e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
993caf306469362b8e884e1f01bd8e00

SHA1
b7b1cfde95466ebe9a2ab7d2e54d459440ce8123

SHA256
f8af1086ef971b9a9b5a91f40c73e9ef14fc5369eb56ab97601d66c9579509db

SHA512
8a69f53f4a8d27d87201acf3393338573be0fb99b83b1737d1b9b2af572d6f2d9f2d94f742692ef66e84866a2326b068c2ebfd326006a75fb5a539b1fc913429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353858555074924
Filesize
7KB

MD5
511c881d28c0cc731ecb7679912fde0b

SHA1
d292c199b434f4d212edc5ffc4a2aac9ded9c25c

SHA256
9e23e2273e414ef9b3fa56c823a8bbbd7171cc847d2129aed139f3ea4766d0bd

SHA512
6dd7babe212df028fb306ce1dfe1f911f9fd3549418e5c4cbf01fd0931ffcebb52cb5032fa8b89bc035601ed7d9a6dca8728338d17a5d0f2a870301d45d51e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353858555228924
Filesize
1KB

MD5
0038ba41a6d080ce71608da8459ced8b

SHA1
d4d2dc8bd9d49a8fdfd04da35114ca596723e6d3

SHA256
35884f4e684b5ed2d3a74ad9269eb7a62aea6a0d58066dc75d7503e3f8035a0a

SHA512
f4dee0046d5bd659b4c05f0fa154b40556cdd97ebfc3efbd887ec32680aa13e08562b3b9bc1de0a3fc9fd4f85bde2e7706fd118e2d5a832df44f5774a3dd54da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
706b81271d26b2a97fe54b17e4945aee

SHA1
0ae6397abec6e01b8809aa75f09ce32380a1abf8

SHA256
7d6f38ef68d2662a9e7a3fb5c625c2e372bf9e7ee0895bf127f9e4e9da73712d

SHA512
dd0ea1837e73ad05ffa90da360dfa95100e6faafbe48111766c2af385c7f689aea072c0848844813ba17746877a0402db4be7b59689f8d972b556d597a46bebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
62bc999cc352f160d17027455cebfab1

SHA1
6db6068e86c47c34483d3a149ec4e7f54f335c60

SHA256
52e2164be0f482e414046220ce9b6b35f51c69d85a908a41d9e267138da3e4f2

SHA512
a263744fd1bf9df2549fcdf7d91b31fc981b770aaa589474806edfcf49375268dc529494220c440a86e7ee874d45a14c1f817561f3ed729432657f0afb11fc77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
3e0390d3b0057f041eaf7f84931ef132

SHA1
4ccd57fac1ed1618d09a31eb6c55526a3927f016

SHA256
e14780f4896fad17feba6ec8b28db0c43315be55808c49708c1a9648dbdd56fd

SHA512
d892aeb69ea2c170caf04cc8696ca829c4fead27714763b2ba9ec0f5b18e6d938e7c9a116763f83d05f9f50dcbeacb80162fcd94611c14ef6a2864b9e2263450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
3364f24137843d49ea07e7bd685edbeb

SHA1
8a5499ec9ff83b3d81ff43b044f6b941596bf3d0

SHA256
7709ba460d97ecadb4cfa30933163f16aa5024c982f6dcf39256c5db583e1ff8

SHA512
8fe7bebd0d5eb60f82171d6eabf808b676e0d88d581c940fc556eac87ff9343d8a960cd98d0dbbf781d397d027d4d0946d9b096e6a537185d0d12decb0f8679b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
d9eafe14101901db3bc09eeebc57b15c

SHA1
307d62aefa02978421aad094be00b556bf93859e

SHA256
b6770dab2fa7b3879cac837825031a2d25333fb70b133c06a9afc90fb92230c9

SHA512
7e22523a6cb64d719f01cfd570b7457053bd5d1243d763683808c9cd05c7bab1bb0dfd79835d69c2c4a86c85c8e1847101010cfddd23bc05e54f9876dec87c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase
Filesize
10KB

MD5
3f1f768b338ac357147539c6ac24678b

SHA1
d7bebdd247e34efabdc2c806adf9aa6fffb03f7f

SHA256
168fc0a08b04a9ae6ace69923aa9116b2d41d857a2dfdf484ce1fa9861e8c36b

SHA512
b01609f780471455dae2a2429f7b0819c156b8f0573863250a1cb99e2157c6708e9f10bc7ec0a715bf4b3f4eb6ff3dff99d9a7395a4ef320e998b87f9610b3be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
Filesize
136B

MD5
ee4085e597c72184101be05217d62670

SHA1
e7a56ad5a296815e5c7593ba593c565fca8bd9c5

SHA256
e32b0fe1348b27b257ce1e33574a56f2f837c14c9a2bd3e29bda4fad42149763

SHA512
10a815ccc81c34b03d823850419f2d95ef04e865ed39cb73c6c335eaae3f76c0e999ab97e11c2e5e1755ea043476d2829fc023e661804f0a0270ece2f09cc717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
4232419a3864f8b000cb7a8d36480844

SHA1
c46714e65b0db5e4d723943f5934fcd7c95594b0

SHA256
50286184c872c3c26e0588a538c19f4ab142c6ac0c3baa14928ac29c02e0f698

SHA512
b3bcccf83f46276f47b0ac4caa670661eaa2921942355935f57d3788be97e72a22d7d625516888ce0aed8f51ff924735a06d71096642718f1f08d8d0f46480e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
206B

MD5
6f5deb01a798ca228d72141645e7c047

SHA1
3c3cf12d95e07c7e67182ee86b5817daaf2da6b8

SHA256
66950cfde0ba8429fd16a63bd02e09e3cbf615dcaa34628a2e854cab22848bdb

SHA512
ef7207a711ab35a0b30444d8cd1b2628115a89fcde79b90ee15fae73d4af1692559ec728f12059c116599b182e0a871a79d08f7d246e436beb0caa74b74508a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
1370fd942f36a234e9a148cafbbc47e3

SHA1
ad91aefa9f5735c3a54df75172f245c0890c4b04

SHA256
4422c9dc828aa5b6b78d7a93833c5ada4c8e91d9e88111294fe0fe75c4059e1e

SHA512
165b5817e32ef3bb28d42fee50b473aef88514eebf0c34da84b4bb74682dcad072e7834f112ff30cd663ce356f919550e01b1c2d02a37736bcdc852052300aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
594B

MD5
c79bc0c96d3a43f92276c4158c0eb82a

SHA1
a86692051766c4124376d4cdd829a4e59fd3f1a4

SHA256
12faad0a0af44e253d914577c9dad4e3200e6e14b97626fa92e60940e6b5f4b0

SHA512
28dd7f056828c7ee3bc11fff36a3b88d242fa21dfc99db443bf664492a9a8aff1f6351d666dac88b41c1dc26aa3bd4f14e3dcf4a40ce3ad0e326c3a54f3534dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
f36c045ab1bc6a703b5e17470d959202

SHA1
f48079ba513c71cdd043c70d5ce4e5cd762ffa3a

SHA256
2ec5812527afa3a299bcb16959237350fe5f2c19a413b36ab0212aac558eeafa

SHA512
986af2ce2b499d10c5508e14dd4d08196b41aa7be66f604465765569f61bdfb94ea52ab3ff02568a781a13d90bc416911032b347a186f29afd3b6431af7fb78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
a915ec032a95e53ac12314edffaa0030

SHA1
4e7000f584ca4b5420ee05b1a59f1f447ba0eaf5

SHA256
6224544e57668a93947a2ed0d3de220065bbb5ffc8b7ca5465543b0a0c6a6eef

SHA512
c4faf59c979cc1457acb3675313655810fddc8a90dde2c2a7dc4f4e63f915e52377e3504c9e667b7e3da43b1b4158dacb1d9a3e7f48da6d33fa1bb7cfec0e5b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
fc4fe917e7973622d4daf43c8313904f

SHA1
87f2a49d8074a4996f482a53746deac46b37ac48

SHA256
69b38c2d422b96e8346226a7261961be17bdd0bf8faa7a7a27f40d2b28a3dec5

SHA512
f506f3415e67148f748c2ad673c5ef8cb34582270b1f43f04721dad20f3c772cc46dfb6274338056abe9e01e384c12df0a862649727c223443771d9eb991325c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
be4cd8e14b23b63268b3203d65e56915

SHA1
57c9973e2a1ce9011bbea1426626bfbb8b4a578b

SHA256
bdf9c80306d3031c7dfc7b839426c22e99d62c380c55d745bc532224acc44e07

SHA512
2d34e99aa7623162887cfe18827d6727d852b1700801fb4ec577c1d04bda3f77d51bfa1c25ef7ae00fbf26a22ac7070b8401a7669f6eb74d7b8c493c3f1a20a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
27f6e99ac51ac7e3953a45e07dac9409

SHA1
00984531c4a146040acc4034005f7de3afc9d2ca

SHA256
8fae17eba1a4f8d7f0657adb3ce7a2c902cbcba28e48ec75307cd764f62f466f

SHA512
5053cb1b48a0c77aef6f5e18c93f1a43a23a24a42fb401c1fc22b4bcbf7f5a64d85fbad0d3c352b2085f648a43c92bb8ff8ead891c3d2755ee0eec4e44bb25df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
08fa705b333bebc7e7c9567ba177a2af

SHA1
0cb6b5304c10c311c85db8668b61f05d2d2b7bcd

SHA256
5d93cdd31eabaeea2e1117f8df0ec2e25384ba3e3422d7c1d613acc7dbc70cfd

SHA512
c00ea3b49d3e352bc628925745122b4df0d266e1ee4af1565fae870a0c46dfe290df456a944939dfbd764fea1782dfee7f4cc33e3d13568ff17dfb65e7d68d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
1afbe0b069abcf71f25918d269096595

SHA1
9f9ef6807d9a9f92d26d15730897bb221055c4ec

SHA256
3ca45c4c66af139a5a2abfc3cbe31fa1d5cfeea46081fcf2c9669c7dd1e3d316

SHA512
866dd5265950cb5acedb35a2fa1190f46737189a3107511d79b32a173d2c0ac1f2cca3320dabcacbf89212b33a481c57fd54480443ff1664aacf235ed9e41c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
3B

MD5
6cad92cb1bb42d1284873fc09725e732

SHA1
28866a9fbcb3e7d712014bb67b32d96a5891efda

SHA256
39e48953208eccaee9a0186ab45861bd8416c5d86fab4581035445c681a9ec68

SHA512
1d616ad9439ea20538148a9183ff7120f69f0ad43bafbecba77fdbc4fd4a09b4fc2db38a12c46a92a6788652240f243f838c78493acbd71d9f0db0c1cbfa7ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
097b942efce6a48b454b56ac213b6097

SHA1
df5c71947b1a7cd80887182b0c3ef2d42434161c

SHA256
ed3e8b797897a1ee5bd7438eeb6e27c6b19c4d9a0fa1e80950f9e06992e1e544

SHA512
eb70968dc8cd9400e2aa41d3cd8b12f395813be753372c17008cd1bc1cd5cb27f8139f09e6b8eb16fc8e14524b83a3be6ad9d9f2ae0bc5ab1aa333f7d39b73c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_2888_VQDUCWCXIOHMEHSZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit