Analysis

  • max time kernel
    1184s
  • max time network
    1173s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29-04-2024 17:08

General

  • Target

    1_R-bNQuTbgcQda15zyXeMpg.png

  • Size

    2KB

  • MD5

    401512874f1f2ba9d1981aed13c4550c

  • SHA1

    ba22e642756149e0423c19551f1fe243b5c18748

  • SHA256

    2686676de2878920710d925c2a94afbd2bc9430f8f946190a5fb92425f797f72

  • SHA512

    e6329464bb20493fcaacbcbd5337460692686cba8d0ffe789237c3bb0bdaee9da1c32ac8c90ccc55d9900ad378191474124accab2cccdaaf1a5e3eb42681b7f9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\1_R-bNQuTbgcQda15zyXeMpg.png
    1⤵
      PID:2556
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3500
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc91323cb8,0x7ffc91323cc8,0x7ffc91323cd8
        2⤵
          PID:1904
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
          2⤵
            PID:1556
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2964
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
            2⤵
              PID:3140
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:1708
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                2⤵
                  PID:3292
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
                  2⤵
                    PID:2052
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
                    2⤵
                      PID:1044
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1080
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3792
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                      2⤵
                        PID:4888
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4468223420900503943,6535667816210790721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                        2⤵
                          PID:1924
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2464
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:776
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                            1⤵
                            • Enumerates system info in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            PID:4680
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc91323cb8,0x7ffc91323cc8,0x7ffc91323cd8
                              2⤵
                                PID:2484
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
                                2⤵
                                  PID:2188
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4504
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
                                  2⤵
                                    PID:4500
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
                                    2⤵
                                      PID:4976
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                                      2⤵
                                        PID:1176
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
                                        2⤵
                                          PID:1504
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
                                          2⤵
                                            PID:444
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:4724
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1980
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
                                            2⤵
                                              PID:2824
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                                              2⤵
                                                PID:4816
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
                                                2⤵
                                                  PID:2184
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
                                                  2⤵
                                                    PID:1508
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                                                    2⤵
                                                      PID:772
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                                                      2⤵
                                                        PID:1780
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
                                                        2⤵
                                                          PID:3788
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
                                                          2⤵
                                                            PID:2684
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2296 /prefetch:2
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:4212
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
                                                            2⤵
                                                              PID:4216
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
                                                              2⤵
                                                                PID:2708
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,13089695247771193124,13957145829164906048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                                                                2⤵
                                                                  PID:1476
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:2228
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:1808

                                                                  Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    5a85ad170d758e61ae5648c9402be224

                                                                    SHA1

                                                                    e6dfce354b5e9719bc4b28a24bb8241fc433e16f

                                                                    SHA256

                                                                    af0da8b5ad8127ae0ef7773bc9c4b145ed3fe7fbef4c48278649e1e3aa5ce617

                                                                    SHA512

                                                                    641414d91c993f74b6b71654522359d606c7f94ac0fcca6478d1bc33c30f4a9fdb9ce6f8e281c79a2f9b9670fda8a4ccdd80e7d64347c1f66d8c9ef024bcb09b

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    8af0f0ef29b2a7ff327f6a79357418c8

                                                                    SHA1

                                                                    66fcfdfcf41eed5db9254c2d9abe7fcf652ccee0

                                                                    SHA256

                                                                    3fc3e90b5a570e1da55d1708f3da3ffc87dd82b44118a739bebc0b2e54313198

                                                                    SHA512

                                                                    7d1c52303c47844f13b4629e508711fa37519f26a1ab4a778c9696ee11ae53ef679685b042c939ddbd01445c54ee23149ee6dd13b2abd2b3b5c4a47198bb8b34

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    22cececc69be16a1c696b62b4e66f90e

                                                                    SHA1

                                                                    b20b7f87f8bc64c1008b06a6528fc9c9da449c2f

                                                                    SHA256

                                                                    d940b85bc83f69e8370a801951eb6b8bb97efbb3aa427664105db76e44707258

                                                                    SHA512

                                                                    2b2e548f2c8f84d321ef2afdf31128065c3593b884ca8111b05800960b5378b99c7efa6165d02fba4c11e6e4b49b14e419d89f76d55ef574f4ac2b7d6ecb3d48

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    381c76517d20b975ee406e0dfc8ca1ba

                                                                    SHA1

                                                                    abb8705d6b6d9241f67eb4b1aa720f2310184a69

                                                                    SHA256

                                                                    812c0b0b0ca7b0b0862d1404aac4717f350487f75a66b8f213d0a511bb7eb7bb

                                                                    SHA512

                                                                    5185617d890efd07f4ab6913164bf8526e93ba6b9e6bbdb844ca42fd2d4ce8376777da63ebda23e4a7d5a90c81a538959d96c9db44d466ae5b4ee3a68a9bb01d

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    72b2fa02024356deb759012e01440023

                                                                    SHA1

                                                                    56ffc5056f94ac384f7e4a2de25e452f2bf1eb26

                                                                    SHA256

                                                                    bd094ca9aba12220784eb5593cfe916a760513a2d39ccd45e11856f9d6c5d7ef

                                                                    SHA512

                                                                    fcf044cc2d73637d424fa338ee47aa54abc7a694b6aef461eba6668a0394efc0c1681f1de9c489d93dccc2e931960d6cb3f0909ccc8f029b65474ed1237e9bb1

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                    Filesize

                                                                    319B

                                                                    MD5

                                                                    63181339439489dd4cb600c6f8db1564

                                                                    SHA1

                                                                    f2c747dc001344d846ad267f1cd29f1fd48a0df7

                                                                    SHA256

                                                                    6262a31271980296d622dde1d1a5fbb364181a83a9d226241d5201ad11fdd944

                                                                    SHA512

                                                                    7ebb3e0edf1c6bb7e7f6733343d595abc2c08f37f550206711b1cd555a5774a5610fe0aa9030eae32ff2b34a5b63960879e690e423c2d91f5bab966a00e3f472

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                    Filesize

                                                                    6B

                                                                    MD5

                                                                    a9851aa4c3c8af2d1bd8834201b2ba51

                                                                    SHA1

                                                                    fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

                                                                    SHA256

                                                                    e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

                                                                    SHA512

                                                                    41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                    Filesize

                                                                    334B

                                                                    MD5

                                                                    7134ca46b0cd788c0f8e9d36cf8f9cae

                                                                    SHA1

                                                                    f051d3a68724f8e1da9d794025a6c80f9c44368e

                                                                    SHA256

                                                                    85757009a69a17e7ee8cc2f947b1c21e76c4bc593d489c253b33d74dcbe0497d

                                                                    SHA512

                                                                    25be49c47139ba88737f714992f7881b05b7e739641f2bab97a7c2a167ad9d652564fca1a25bf74af3972b80dadbe4abd96c296b8bbfed12006a44183e4b8742

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                    Filesize

                                                                    36KB

                                                                    MD5

                                                                    b02a8f8b8c656c346a127accc756934b

                                                                    SHA1

                                                                    e463eb4ebd3f384ee3cb4317e80d1805404aa145

                                                                    SHA256

                                                                    c9ea268e5fd36de72813e996cb862261ac6d4c5c17335d7b0c9e3f8ecc8b13e3

                                                                    SHA512

                                                                    50501fc4385f49e9691c01b62c8113bc17d0dd104d28dad8fe035b5060f534e669b2ce7ee836cc573511f2901fc8cc7429eaf37da194dca71967d4e4861d3016

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    339c8923ba863c95eb0a31afddb86b3c

                                                                    SHA1

                                                                    26a0823917c5d5125e45f245709cadf5785f514d

                                                                    SHA256

                                                                    53145662acc1be3eafc57ce93da97a2272ac81565e51712c203436fa90617036

                                                                    SHA512

                                                                    58e86ff98672be46d81aafe68fa810d9a3411e9f7a7f3496e148ae582740c1a4b4e6dcb1af00dfcebdcb045a4242b0c6cd2bb7cbb540da4277375a80300ff43c

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    3b8a52ae4d841ac01bd5e9bf888e9b43

                                                                    SHA1

                                                                    9f17c6c73043d080a2cc0141db774eade29a66e7

                                                                    SHA256

                                                                    7fdd7a4d73f11a45615741b9366e50abf0f580b00037d55e3381d650679becab

                                                                    SHA512

                                                                    3c538831d61d41dcf6612314eff87ebd98de8a8e4c98eecaa8bc30579ff9d02fa5fe0dbfdcd3a220f593437e4e129e444af9e1e75e66121598a1d04f3cd6fc4a

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    47f4792f4e8a67606a46ff64d0a268be

                                                                    SHA1

                                                                    718fc36fea3694aa47b101cd1eec8ed9ba2c31ff

                                                                    SHA256

                                                                    98db07917aed1947e45905dfa5e23a71236ea1cd2c3c80f2fbd435366386365e

                                                                    SHA512

                                                                    a757c25a9f94232d9b1af00bf39d65dae4d8d718900007f119ffa278b6c81857c12e0dceb6bba3d9ec0f54ee486510509bc9e00ee40732a33d74f5d42c5fd98f

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    1d7b44113ce31a072ecb138ac2b57b52

                                                                    SHA1

                                                                    4d097ba0c0fdf5248ffd6a145f2c993a8137992b

                                                                    SHA256

                                                                    39c58f64a54c0db2f43b759f67b24c6f6db323d9d524c7f1f3dd53fc16328c35

                                                                    SHA512

                                                                    e9adb4dd2a0fd0b7e9a1a101f22bbbad563d8e660696a108c48df3647d3d8b728921d1c34f4f80261c31019443862186ade3a594c1a31155cb4610e3ec031f63

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    01ebe554ca2ee8ce4bab5d7be66e7e8e

                                                                    SHA1

                                                                    762e292bb9b7f4dcf6ad73a665e03b4698f94dca

                                                                    SHA256

                                                                    1c6ed6bcd7d35411425337bd0d58dbaadb3adf00c156d8e1b5934295b0895e36

                                                                    SHA512

                                                                    c54888dc0ed56c8b0bdcccedffb6d531cada85a797e1dd96e1fd9d46a7cbf9a7aa4531fc568f647b75195e133a5cef2f74c06d22a309bacfeb65ffaebe8e90ba

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                    Filesize

                                                                    33B

                                                                    MD5

                                                                    2b432fef211c69c745aca86de4f8e4ab

                                                                    SHA1

                                                                    4b92da8d4c0188cf2409500adcd2200444a82fcc

                                                                    SHA256

                                                                    42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

                                                                    SHA512

                                                                    948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                    Filesize

                                                                    137B

                                                                    MD5

                                                                    a62d3a19ae8455b16223d3ead5300936

                                                                    SHA1

                                                                    c0c3083c7f5f7a6b41f440244a8226f96b300343

                                                                    SHA256

                                                                    c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

                                                                    SHA512

                                                                    f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                    Filesize

                                                                    322B

                                                                    MD5

                                                                    7d922851c926683ebae6c8df8afd3520

                                                                    SHA1

                                                                    9ab6bd98e0a0a21c602b0c8388fc45b7128ed5ba

                                                                    SHA256

                                                                    c73b6a50528cce7de06009a40ba0fac7adfd303b377d939c3d13160e9b9aa73e

                                                                    SHA512

                                                                    bee9c485a1584b13e0c483a1c2f9d2af1b4a30941e07b9c854ae2e85a8d337381bfec6425bfe9d7c612322a97e544cb384d46617c2c989c003b8eb218ef0e83d

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358884102912948

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    642e727ee9b43bcc7cf2f649925f604a

                                                                    SHA1

                                                                    99a417769104f2000b0d053f23a2a36fc7246bd8

                                                                    SHA256

                                                                    eecb3970d528f1d3ad2695f2e8d6ad973a4e17a7609e1501a00d7c211d1194a8

                                                                    SHA512

                                                                    b5fcf6576fded873f11d796bd2ae88e8417f52fa857bd708102910574d73cbdd64c73667b14f335e60c5f418b9e95937bbc85b70731be90a5c65438baa0f3900

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358884103031948

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    d65043f2b802273490bf0ba797762d15

                                                                    SHA1

                                                                    516b95c04280b7cf637979bf8da595ce829c8e0b

                                                                    SHA256

                                                                    def47deeb5e8f08a9f417c822e0ddf86e52d21d4ae3d422d45f84d510677fdd7

                                                                    SHA512

                                                                    2d393d6da847584a9416c12724b14cf68cbb52a7bbd9568c2e1acb20e1f77674e248103a25b048090eab0bc92b5c7ca601f564d58bee36657a87703aecb8d7d1

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                    Filesize

                                                                    20KB

                                                                    MD5

                                                                    8be985ece811ba0a3f10087f5f4e6fd4

                                                                    SHA1

                                                                    c87c84d4fe182ffb8362f3cabd33349af94e9b55

                                                                    SHA256

                                                                    da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a

                                                                    SHA512

                                                                    901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                    Filesize

                                                                    347B

                                                                    MD5

                                                                    bbc9159c65abed54ad80a3205bbd22ed

                                                                    SHA1

                                                                    7817e8571b5185a3983539a32cff82f3a321cec1

                                                                    SHA256

                                                                    144c206b5eaf00f27295c8b9721bf4644ca5ac21c060bdab3ff5ce8e6b01989d

                                                                    SHA512

                                                                    0fd64583c07c1259afc6a5de01927ed7fe638cd639019c462d3ff7f44ea13c846adfa7bf7b898cfe01950b4f4369f64fc0388cbc4d7a4c07d7ea1eea6941a310

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                    Filesize

                                                                    323B

                                                                    MD5

                                                                    8d19c26190920d6c3eb2bf18625d3dfa

                                                                    SHA1

                                                                    d2a233a5602f749d5e813d6953f3648939c0d679

                                                                    SHA256

                                                                    08c6a74403f80e2947c3a19570adf3be90040849b42bd18d70c7e48fbc8a0f55

                                                                    SHA512

                                                                    3deef351b82d6cfa84e18bbeaa5de8a9dd6918cd7a29147efc9bfeceeec2b754c199a8d03d81c1cc91021be310570c6e3b0165bf33a7fe53f76af054ef820736

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    46295cac801e5d4857d09837238a6394

                                                                    SHA1

                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                    SHA256

                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                    SHA512

                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    206702161f94c5cd39fadd03f4014d98

                                                                    SHA1

                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                    SHA256

                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                    SHA512

                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                    SHA1

                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                    SHA256

                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                    SHA512

                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

                                                                    Filesize

                                                                    198B

                                                                    MD5

                                                                    f5b83d447fde2c22e2f6b326910a1426

                                                                    SHA1

                                                                    a079aeee7ed25d07a3ff4378cf30c5f8b1dc966d

                                                                    SHA256

                                                                    d8fbf05a7e03cb11684c5521cb96d878b2550779192f602b8ffa449ac1b880e6

                                                                    SHA512

                                                                    70c4b07c9dbb3fc41fc58c02d69530ce02b64c41ec7dee59e8c79919679e912ed7eb327f3a9b1d82a61affc6928d17d02c4e2dbed827929e85d0949ad808f95f

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

                                                                    Filesize

                                                                    50B

                                                                    MD5

                                                                    22bf0e81636b1b45051b138f48b3d148

                                                                    SHA1

                                                                    56755d203579ab356e5620ce7e85519ad69d614a

                                                                    SHA256

                                                                    e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

                                                                    SHA512

                                                                    a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                    Filesize

                                                                    16KB

                                                                    MD5

                                                                    9a8e0fb6cf4941534771c38bb54a76be

                                                                    SHA1

                                                                    92d45ac2cc921f6733e68b454dc171426ec43c1c

                                                                    SHA256

                                                                    9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

                                                                    SHA512

                                                                    12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    2b3b1662836421d3bf8bc10bdde8ca71

                                                                    SHA1

                                                                    20e81055c35557f08b6f2c68d5f0636c91369fa6

                                                                    SHA256

                                                                    ff5bc6849177e043093d602f59b25b66aac1e192aa4d741fa6e104389c11e5ec

                                                                    SHA512

                                                                    7055e02c919f12c5567e0d753e405bf2bd270a6c03ebdbfb0ca96871797962342b7c3881987abe5bcaf3f9a3100eee658d222c54a5b1806909012b4f7232c2cc

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db

                                                                    Filesize

                                                                    16KB

                                                                    MD5

                                                                    d926f072b41774f50da6b28384e0fed1

                                                                    SHA1

                                                                    237dfa5fa72af61f8c38a1e46618a4de59bd6f10

                                                                    SHA256

                                                                    4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

                                                                    SHA512

                                                                    a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                    Filesize

                                                                    19B

                                                                    MD5

                                                                    0407b455f23e3655661ba46a574cfca4

                                                                    SHA1

                                                                    855cb7cc8eac30458b4207614d046cb09ee3a591

                                                                    SHA256

                                                                    ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

                                                                    SHA512

                                                                    3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                    Filesize

                                                                    319B

                                                                    MD5

                                                                    e24a5e97b022419b03f34d049e85d80b

                                                                    SHA1

                                                                    b5a42259e6be14cf46e8492a166f5518d99ab215

                                                                    SHA256

                                                                    384ba035152edb810ab27a6a634d707a08330524d101857c79a774a1382d5b64

                                                                    SHA512

                                                                    c2c32b0ca3bba35b580e63726c96535b2439fff280137aaa89556c9e13568bbd7bf02b547bca2163cda3ad5ff8f31b0d93d7fda0733b7cf3fc4fe065490eabe0

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                    Filesize

                                                                    318B

                                                                    MD5

                                                                    c4bfc34fd57928ee6c9e41a7894eabf2

                                                                    SHA1

                                                                    8bcd06799715959383bac494d475e6bff23fa35c

                                                                    SHA256

                                                                    39fe46fdf9f272d43bb1a60705e53a0e44bcf6df77d0b2de2fba8c6793befd38

                                                                    SHA512

                                                                    6a233d3b422ad2fa87acd4f95f50c1e8334a06b89ec52429934d31f8c5f0039f63f4263d5a99aef64c2112aa13f7d720c641ffcba7c1b3b2dfa093671f38e9aa

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                    Filesize

                                                                    337B

                                                                    MD5

                                                                    ea12e85f3286d9012b72959be6445076

                                                                    SHA1

                                                                    8955d2ac4f5c0e5a386017a934125fd55ad6972a

                                                                    SHA256

                                                                    a45642f269cbd5dfe9d2635d7dc0954800ba4ffc4065c147404fa938bec5a3d1

                                                                    SHA512

                                                                    12151e7849d6350722e818cc2ab04e9597f95abe7169a063838d976e10073dcc81120dafeac0827528e52c16360dd4de7eb705be599041e9228601778781c731

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                    Filesize

                                                                    44KB

                                                                    MD5

                                                                    54998dc2b0b74235b733cf95243b8a00

                                                                    SHA1

                                                                    d0bc76a9c7840c56a8ab4e1e578ab545210f998d

                                                                    SHA256

                                                                    4f44cc74d04a7c29a6ff0ce8b4d2bc3834cad55c8a0ba4e59da753d11ec98d52

                                                                    SHA512

                                                                    910a0275fd46739e4153297329d72367cc2e1049d561cbae7429a97c896e56b1d6997d510adb21784e534974c4226865ba20b1567aac54c1495fbb1a7f28e050

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    48ab537516ded59601b8a3218d762552

                                                                    SHA1

                                                                    b057ef2e2462f11c37a899b81ca9978366ea576d

                                                                    SHA256

                                                                    694af15302540ac7b76467ba2e9f2f26d3e8ca96b0eb046eca0f3b16487bcb2e

                                                                    SHA512

                                                                    15306f934f28c241da7f7592cbbc8be92e6c64359938ecc1f75a59376fe7bf74ea6a5edd76388060190b0247b15f79b0339db8d6207e2e280030810004578b7a

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

                                                                    Filesize

                                                                    4.0MB

                                                                    MD5

                                                                    fe486eacb30f501372eeedf040de8539

                                                                    SHA1

                                                                    6081c4c86369840f3041cc845625ab965069ed16

                                                                    SHA256

                                                                    454b56cd5c386ad403a7c11ad5882973eec60bb5462f6dafd1bfb640fb9f29e4

                                                                    SHA512

                                                                    f4194f5165a87b2856497b9232f3eb9b9b9668ca5ff147f5d91d2bed5e20fc7ca45fcb73261ee4e45a237652ee0e8e7c3dd09f2d587fbb68d52227dfc1ee9174

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

                                                                    Filesize

                                                                    20KB

                                                                    MD5

                                                                    ef9588ca82f853399e5968af99985e74

                                                                    SHA1

                                                                    80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

                                                                    SHA256

                                                                    9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

                                                                    SHA512

                                                                    a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                    Filesize

                                                                    120B

                                                                    MD5

                                                                    a397e5983d4a1619e36143b4d804b870

                                                                    SHA1

                                                                    aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

                                                                    SHA256

                                                                    9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

                                                                    SHA512

                                                                    4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                    Filesize

                                                                    11B

                                                                    MD5

                                                                    b29bcf9cd0e55f93000b4bb265a9810b

                                                                    SHA1

                                                                    e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                    SHA256

                                                                    f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                    SHA512

                                                                    e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    d89f69e9b6b2df17e8abf9d44e2501ed

                                                                    SHA1

                                                                    383ab2d5c853a1ccceb69d8fce6cf2130be9d4a3

                                                                    SHA256

                                                                    f4e0ca8493f50197a65e37908704e968040af9c1c73275f088074c724db5ccfe

                                                                    SHA512

                                                                    7eee336724eed40a8cace29cea3dcaf0b85cdd250ba4a5b0226faa0e1c4ccad3905797e4f4277e659756951be3e1ede9ea606b45b3a20357e7c7e0032011ec60

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    c0e59ebeebd7da8a7393c5c73961f703

                                                                    SHA1

                                                                    891990f3b8e0379e6d7a6d7b29878e6b4d6b09c7

                                                                    SHA256

                                                                    672ffc9bbfc45829a517dd575b4271bc3c43adb024eeb84f81763927b638025d

                                                                    SHA512

                                                                    45951c09ca190985a7e33a66e52e8e6aa6426650e5fb0f46e65515a9ed994918a17f8d03f27ae8e77f5b600ea0f529754247e8120bcb3f8143cfb0965730a486

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                                    Filesize

                                                                    264KB

                                                                    MD5

                                                                    f50f89a0a91564d0b8a211f8921aa7de

                                                                    SHA1

                                                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                    SHA256

                                                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                    SHA512

                                                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

                                                                    Filesize

                                                                    5B

                                                                    MD5

                                                                    90c2a5b51f72a3ad91d5f82a57715db4

                                                                    SHA1

                                                                    daf9fe56c55d0a1215cdac1f16b05157e74a4fd4

                                                                    SHA256

                                                                    e7e8aa70eeecb86db2a4ee3f94a6b6546f0d1d894851f865c6660e79354923c3

                                                                    SHA512

                                                                    c60821c1a08df9509710b206073fa4b518bd3012a2d5514ba4ebdc8e9ebdcd79c32df47312e8382e37ee9fc37d0f2eb615d3206fe5b18b4a405ed13d38c1340c

                                                                  • \??\pipe\LOCAL\crashpad_3500_EVQTOOPMKBUGILSW

                                                                    MD5

                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                    SHA1

                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                    SHA256

                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                    SHA512

                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e