ac2bf14e8cb51901b2135868c18ed5726505bf5ee203fe6babec5dec3c325eeb

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

options/options.html
Size

418B
MD5

4854e7c7223eca606401f11a7508806a
SHA1

761985c938b2460b9f783574604bcfcc24786a80
SHA256

67e4c8c2780123c3206c1cb206f95360d3b299c5721c3b987063aed3e51edf32
SHA512

58bceab3ac5ddbdc3070c1ec7944e308d4c2c60cbf0e566b1f07dd851a6d8f194a8cbcb4ec2775294b4dbe12da742933f9d41beec796f053af66cd2619360abe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{4729B79D-19E3-4A05-9A50-16016079194B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
744	msedge.exe
744	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
916	msedge.exe
916	msedge.exe
4912	msedge.exe
4912	msedge.exe
208	identity_helper.exe
208	identity_helper.exe
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
744	msedge.exe
744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 2348	744	msedge.exe	82
PID 744 wrote to memory of 2348	744	msedge.exe	82
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 4992	744	msedge.exe	83
PID 744 wrote to memory of 3780	744	msedge.exe	84
PID 744 wrote to memory of 3780	744	msedge.exe	84
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85
PID 744 wrote to memory of 1584	744	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\options\options.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13194726232529877919,14253510846317164509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17514660130133172461,1938852309382962007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5972f2b4a2012efd0d2dc230074abd33

SHA1
3425bc896219214ef3bc48f167760ac828f9f79e

SHA256
0b55c9de70d444000cb6d0c9117a9fe7af2beb0654e2aa2a8ccf2ddf7ada84bf

SHA512
71fe4271bea939055dda814c49e5384994f03aac4b2d08cd4ef24c29b89d4c4df964f3b2139ac570bc8acb475d4abdd920da444c7286713f83d9376069c53f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
25643af4c3bf597ea316f3e0c9f6d27f

SHA1
b863bd684e9ee958367c338510ce5ef75dd192d5

SHA256
3a49dc590224c34dfa3a4230a077804671d9b6b0f8d3f429bb5defd29c02c84b

SHA512
6e7e1b838ad3db3189f424fe91a58df4f5ef0e2389dc50173c59785a3054537042224d1c286b450426b8b5ad1ddbf349fd9f82e33a08b2331255bdc0ed276851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
ddf459dcf72f77adbd10510db43e1f4a

SHA1
964d1ace8a75d3306ede5685af9f197d232d28b7

SHA256
f08efe85f8352e0f4143bb17c030615ee6e07a2ff82f180afa94d31184cd1c9a

SHA512
392a513a3de0f703954e601c36996ff57d83bc078950923f1ec3ef7ec90aba19bf4495eb7970adc3a9798f6fd07e5c0adedab28272a304d07b82f8e8e27f01ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
73209848862429131380dda3120f0666

SHA1
e680077cf58e8516ebbf25ba2a6314b5f7dc15e7

SHA256
e41f9b136cc3a861adf98365a165b202a70787266a040e98ffd577118fd94dcd

SHA512
33503c72773cd36a0252b8882e1ca6ea2c1b2aa33faa37d482b6c7f48d0b807bf28c069e2c47d840768bb4b66a8a9382b635c851f43fe8d8d93f9bfe7cae4e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
39KB

MD5
c4f5a2c5002e359af0ae86ac63179eb0

SHA1
1903cf0fa83fa9a59d1fb0be9437cc02f64debff

SHA256
bb62ea8d6bc7060f675b25ccd05900c2a524f2d90f49a3aed484ef288298ba3f

SHA512
c8ed901f7b73d8d47c77caae4ea06f79543d523f12b6e3c2cfe75bccbb8346c3369adb6f8e760383ac370dc6c7d458a7d9c3957c156922091a0da1bad370c8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
6419b5f60bc594c792974f02862e4c81

SHA1
64854cd60caa5cbb3257ea79319cb6d941fedc6a

SHA256
9b6671504152b77b40db54ac9d92e3213de54eebc7da4c4d67a5162ec2d35f21

SHA512
f0f061a9773618b4536bedc4a0ed03e1c4d95fecc25f0248ea57dbf7e9ae1dba1685c1087db4675877b35fb885460772d6c01bb71c88e13685e1674225e5a7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f3e03a4d219f0f11105eccec8496b764

SHA1
51a0cd29e0bad74f11aacf5315c028d13186db19

SHA256
837ea8cf8937b0a00bbecee91563d4a388d26dd810e08a713cca5274e63ec827

SHA512
1dcf7c3482606101fa45017c0602ce1b56126c493e230e6c0a87411bd0983ee87dfc9bf2fff7604efdb94e6223b75da4d9da1a1054a388d490a9d8ef39ceeba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
059efa5ea7cd40ab33ffc4853d474cd3

SHA1
6c2e51adf10e018bf0408911932916657e21f259

SHA256
e8b8a9c3fe6100c02e89ffc22709b25179d3968d7a16d80357e97443dd92bee0

SHA512
698b3c36265ac67389292469a38a51e3a7dac3839dae9c52bd524e9fe4a4fd541db6e0772ccc4361dcf950ae3a48e9ac92e5d8f3e5f52ba07a04ee2b359f3a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
cbf7ee5bb529013a089777385928bd4f

SHA1
338e39923ce7be67bcb4ea09a76e24dda34871d1

SHA256
e4348bb88d2cc02677b2792faa71ae251d6eaef131a120aff201c84b3bea89a6

SHA512
a16e763fc59ed341a861d95969e35b78bdd9df0c93ef573cf4085a283a1fc1b2f15841fe245ff1427b87fa5010610352b9c37dae335fa9460b430981e50cd541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
1133fd4f5c98316ec7745cea1525d152

SHA1
095fc2207dce4c3317dfd3e5fd95c39a232adfbc

SHA256
727c292fb4d9f0183a29c8a0ecc7a17cd0baf61df26283847eb1a73aad287c2f

SHA512
88e2e857f776b122a6232bf6f168d7cf0ca0045e9779f1619cc1847bf60ae45c588c2324249ecd754d9e44a50409fbe67a9ecaf36b73da26102e3ae5b119e941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
649B

MD5
f6e836061404967fb7cee8821cfa41e4

SHA1
e5d8a9e1a99088132539f61106fb6a2a19c787d1

SHA256
49dd5e87f7ed99dc8613736a5d604133ee59b2e676f671bf24bf6ba7f21f38ef

SHA512
ed02c603189cf35611c566fbf0e34f1c3ea3f86637250b2fb2ed1fa11a2870acde4e9aa9ea485617611fdbb032f19b94e7160dde2f8c39fb203795eda266083b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
5fbb85642741c041451273d161cc39a2

SHA1
c463b06eefdc07554b33155661d41c4ab73d0149

SHA256
c7554b6812e455c76f39c0a1d31f85a10891ec633f9a2b5556bb2f39cf5669fe

SHA512
0b5e54a975141823a6d887542e06755884047930e031e4ed1027e0bc310542fb93e112d7dc888db689843ca13be6ec6227a48ead88a5e893818e0d4d3472e9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
73fef153ef1b6f29adbe44f72144aa2f

SHA1
cdf547ea615153c750be4415229bef9b8ff77ff9

SHA256
9b8044f6d0f84c2c76db883fdd1da6e244e1d4da7b0648725cbb2f83684aed28

SHA512
9659012f0a745b9e5eaa26c3bbe085b69c0bc9db2ab73a147de60742f102fce4eb079b79fa71d3cc2183788721d9a6a0638579392c764572690453fdaa8209c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3ad35f71214bbf1c036b2358a9e91bcb

SHA1
fe245637586574a9ee3ddb1f3a07053604603dea

SHA256
7495b8f714df407ce0c0f2e06f754fe84e4de76de36a7d403be3c4b828efa0da

SHA512
86a4482c23dc0c9af7c981420a793fe68e254a73db7273e6f730664bbb3a814dc9a1930684a57294b989f4252c45b49a0d590c4c6c3dee92f2b24182d9525750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1713ba71ccb6b244dab2d148c2eedca

SHA1
36f3100e1a73912c03f5da4c43b63b2267d2f3a7

SHA256
5db824072d24eb7521201e9c7329aec9c1f967b8e2987f6d52a727e00653a01c

SHA512
ae167f736c0e905d38f3ff69b9e5422c74e63da2f899b8167075162cb449d3925345ae70558d649f970346869e0811a042a023f9208b65d7288dafbcb9501aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7336037bac3e48daccf5cf09a4255f9e

SHA1
95e8221552cc34fdcdc2ec84127e2b3940204a56

SHA256
73969f83e32dc75fa834c08aed4058dc544917ff782128aa8a6fa79d94c7b03a

SHA512
2800af9dcb11163ca067018ee5756524980d1fd1ad9c4ca7629e427bfc9e70c53a1c2fa02729a6bfe90210b0c18874967c4389382e940d9c2dcb357bbb60d6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1f97188fafa1249a80afc350f51e23f5

SHA1
a1fcf3c1e0069aec6d43a6cf0a767836a1df2310

SHA256
2818535a7a1ec0c61e572d0f6c1eb9e363d9fa58b77c1a8efe2b62c01d963cfc

SHA512
8d4dbef5bc49258e907164d5a77f8d8abe8a26f421dd9dbe94727b66cd1c5b2c93329f4f19bca73024e07c09529e2dea75ca90347cf03feb6f289a2e96d16a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2cc84adaeadd1b8724dd959c401f904d

SHA1
d1d347eed4c8d12d8c54c3551321ebbbe45b599b

SHA256
2a2c1ee32c0dbf3a402c66c36ab92e8b95b019e4c717315517f530978abe08e1

SHA512
c837e1452d97a6f9ddcfed281f36e9e506ce846e1afea115b5fa8d46e0f07e1d1d67aa5f3dc5a38a7d9de67f54894cb2e65f69d063a07dd7d50b7cd5ce78a759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0e0813b6a1797516106a22bbdabf2f6

SHA1
4896282394929c846a5c0d293f861cd479e8fc87

SHA256
980ccc456bc488d429d373ed1749d6884a714f172e7c9c9c367490a3e9e1568f

SHA512
05526013a2b78d25d7deb9351f14caf1c6d51dd412aa11eb92dfe4dd3e470c76319b78563f21a0828b7911ccce3615a6fdf4a44708686d8be98f2bdb3eb711f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c46e48ca73cc512fdb1e12dd85d58703

SHA1
8f1b18de56273b26eeb27cef58a9b08377039e63

SHA256
0e13fbd5dd89c1d9e38f2cc2ca05e0041523cd9da0fa3024bf680a1e1c0a1037

SHA512
74c85f25521e897d9d263ca0c230ed1e487ba8d7fbccf4ff32d54d2fda25368836e6d086317d1232ff9039bd1e8399aa4bb0f9011a12a0198b77ee3e4c64c234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40c68514384e88f7ccff19024dcf75ab

SHA1
8459f24067ec05aeb3ae4f448055fa6255a4d63b

SHA256
def75ed0298889c611b00eda9880ea6979ef7c456f7767af050ec69143973fbf

SHA512
2e0209664daa60691c69939e5287a4e1146e4db4d14423fb9d7e364e667d1131176b11d574bd4a4eb74741c69df24fc7bcbf9f9887ee7dd96d7c9560cb8bad8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc70c40b998adcdf45c86720b1ed5d3d

SHA1
0036cbc0b3243b916b7718880a276c1d0375e12c

SHA256
68a4bb8eddfe7097e910983e35ca76ce052cf3a7e7c09659be356e3fb9534293

SHA512
e57fb7cc9ee8c59f8e9130a1157d197d0be6cd337ab118fbbfc577f34f6038a2f37d96808a372e87e46aa0f70398a4a5d9109125cfb1c274026a39c044bbedb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
3820d9f84f6b8ed640554b6a83a83b6e

SHA1
f937933f724cc525a0f87c850b8854e3113cfbf0

SHA256
3a868e06d618cedd1d6512d7a1b56249d4a3a174846e5364a417502e5cfe7a3c

SHA512
11a1e092f4bdc02a756d976f358e2ac122d38694ca1af3e7d21615cb8818919c45f042a7bcb83e72b1af68cb36465fcf5f85a9c75a7701666a5fd81a324e27da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13360272711456799

Filesize
1KB

MD5
253c122287b4a6dffbad18922dd50fc0

SHA1
99bea8d14baa499ed0e646a4c66b75890cb64c0b

SHA256
d88089520d0e7b4c13b2e5e48e84024cc1e4612e95981bce2cd13e05c4391476

SHA512
63886f7c8979a1ce63af89dfa46e3721ed381745e884c2d87fb486cc57f3eaa5f5cd425b1aee717984169a00a5a684389dc781ad496708dd086cb64edb73c528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13360272711721799

Filesize
2KB

MD5
439ef8da918f10876ce5fa4ed5d44521

SHA1
dfba333b0388811e9274607f48681cb2dababa81

SHA256
7a6a0b4516f7c810fcc27bc107dd0ebc98023985cc737057d1cbb72875bc2cfa

SHA512
8bf964e0ccda9b8ca38f6d1c293db59348324c998b69f447b6e05d5c2019377a255a0064678452975558aa0a2056127efd898f1df13c0d731d4d9bab30d088ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts-journal

Filesize
8KB

MD5
8314d9b5a37937de082e74e7cfba9115

SHA1
8e67c5757adb285b7b86e3f17bbe6b275c8ed4bb

SHA256
fdf8bcf16e713c13fd0616f7f35a667eaad3b2f38002292f8e371696c467fc32

SHA512
d5c2f25e7afd5cc3086ef2d02fe10090d8f1266815d62cfe0f1a091345bc923c8343b708da715aafc091900ab3b7c1df0452cd25634d322aa9fca14254f3b07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
78144e04bbfbf2c6cb3d5c27e6b1c346

SHA1
5b8cebe0974d22d3ff9823db4ee2ef7d287c65bc

SHA256
cbbb2c17481562407c63c6cc96b032bd0cb1aa2ff7a4055a666e366cda7b368c

SHA512
d5db739e2d798b4c91162eaf5ae5830c1f84f9397458abde2b824c3e26c8a9c631593f60855dfa91a1017d5711ba2215fe289907c1b906dcd2b5d6ee560b0190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
68ed43baa0f81473e45941101ec68367

SHA1
f29554e4f898d7bf0cd0af4011d336234d8de218

SHA256
6544a7d8aa9239232d32888e944ddeb5705759345a2bede88b7cefe8800f8c4c

SHA512
e0fea43c08b46790ef57f169e01c0fb1b9bb28d284594039e6bb6c79aaf9a50127edf7302b3445e249d7c8617e79bfbb9979d4ffdf85675b1b8d4a4c501e7115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d8304537359ca9b8ec011f035a4c7ca1

SHA1
1f062274784df32271ef0febe92962a087cc92d7

SHA256
68145c1846c2cae10c22f69bfd85cee8f2183ba3cd3ecb73eaaa4905db0cd531

SHA512
fd5229a4d28f6b023e0323227ac933a9db8e45d1314d519535aa89d09e70ff9fa8edae79205b8a45ae01dc3f647f389fb61896e19f1ea1ce548585c462010f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5917e3.TMP

Filesize
538B

MD5
a70e6808bc1357b4ac973131088b91fe

SHA1
3d62ac9ee4e73c37c4d259c30088837fdae44c83

SHA256
f13996799f87d24b90b0cc9139a4f1fa2bb87bac64007a97a1926cef36a3fe5b

SHA512
347694f6ecbb6c39d0514b8dfb7f4ae27e3422d21d1876a22157e1e26b2fc0c42d06910de71d646e84cdac5cbadcd1f7d15e0b5876dfd5d78d755fb046393128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
16dbe46bf2103c29d1b036b74011060e

SHA1
46ea4ff6b284ff2b394a3924048db64cede05e1d

SHA256
ec98409e4bb51f6d8f77d448d1c1284a9ae09edfbf6a32107235e798460706eb

SHA512
811201f30100e0ee1006ab0b3a4c82b2a3d92d90bee02c7cf537f78a634c5ffb1354a2620116535a42ec5841827edf4b04ed2f7ef16e3f51b80cf28e4786c9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
fa27d9818ae81e40665b8c1bed1cd273

SHA1
e0d57a3a8742ebf66a39e8f7864088bd0b3c2535

SHA256
2521d39cc9de6ec047a6e22d44daa5c36862593d86df064faa92cdc4732d0a07

SHA512
2d52c79fc2914c953fac213c41cf6400e92109df128fe1e3c41c79050cec99a15597b5bb8454b923e93409937bccef50923c3e4ba9f74dae86390dd1dfc03db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
9710bd4560ebd95b6e3769f558fe45a6

SHA1
08fb8366120d55e36ee690ec026f0a5eab977e4e

SHA256
c34963d44bc3fa39a2720025f0a6562c70d6fa5aa28d37aacc8998060fdf9480

SHA512
5f8ad6cb9005b5cb9ef279685c50f7083fbda2fde211935a5d5f44941bb2eb74e227a77df88454545e413057a4b2579abff76ecfde1551dbef8d93004725cd7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
7434d1b95a5fe2a4fe9465490188b0f3

SHA1
e78ac54dae70eb35d16e92f5fce7e266bf034546

SHA256
0c4c30241f2e57a785e1d0a65c9ff29dedf29dafdad5c4ab6f66a9c22ec5b09b

SHA512
8c2b481e331d186100682de6dc3297a29610afac79702c20c9bd4beb40e614a33a4ca01e80fd781a730833ba9274339305b140a8b2864414be257c255229f1a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
59e2e19515962a8266c498fd245ce484

SHA1
55eae36cfc4cdb8dfa4306adb2e6114fa256adf0

SHA256
bdc0aec0342e60772dc8c84595fb69550025dcad75c9f62007ab8bca7b47f004

SHA512
62d00336f722dddddbe35152c595d422def194b00bc34a44ec9f4c7560ffc8299a2341f1f9d6366e89be3898eb78b475a776a75d929b0804873e8870e06eb6b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
ccede98fa3b8e7827d0be677b862600d

SHA1
92433c209d3b691b67a7f67eeb207bab33cedd71

SHA256
1d7a4d3d52cacf2621499ca25b8fef1f757d56f29b8931155f5cbfea7f789dea

SHA512
5484bd1ce7e32ad03a41240fcb1b546336355db8c99f8b174daba96b68498debda3a0bc3644bdf9cc18f37cdb05f1ae771bdc5f789d2534c87f9425832a8d8c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
2c0a732c7bcbc2b285e6406166735784

SHA1
bb818a20d67b1aaf33eec2da73f7bc93ac4146c2

SHA256
f749eac4834980ecae140f0ace54ddd19f8bf55209fc4e4e91745c5c77493cea

SHA512
a6aebed56687c0fe047604c08c4a952af65cdb5ae5984c3d3538199a54bfb21f5a9e596fc8d8db0c6c703510f14f470c37a923e2c9937b752c30d55217b03975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5aa34b53e5c1d536f6b5605a113cf7ea

SHA1
8d870318ea105747c77400f654b34e23fa921f85

SHA256
7975a615ae5d29e7c9d63ea056a3f2d4b9fcafea6f884b13241b5b871cebc978

SHA512
b280d189e9f69f2cba61249c9a58b1161060f54ae4e59134503494273ca57a1bb6a3fe5eda27f40f1be0a925f4ac6ee782020e3c68a52b4ee46adf920998f93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
99dcb091fdf41c58abc5af92ce9818b4

SHA1
255e14616fe607c839b1e94c31ba90d0ebb45fe8

SHA256
7571d387a7adb484f0b4c8b4a5615f36dac47cfeab66cd233e6d88ac833eae5d

SHA512
b0b10c5e96cd433f3c194e8691cdb279c89da9651399060db2f6f9295e1cb688c3230155da2cd264bd5a9126f0b3d9cec1ad870011e296efe49e0b046de762fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0982b89c2eb9865bcbc448fe602e5460

SHA1
22a7654bf7116408047b67b88372004e87d7b09f

SHA256
15a45aba8d2b622139ef4eb30cb0f1cd537b99d4697a9344c594bfc22b6537d3

SHA512
a44d033fbaaf8f9e9aa843f746ad208f3a3ab12d91b637624679ee0963d3ca43a55d7accb4160255d3a1e2af5bfb42520a45eacc69515d9da35012d674ba2781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea5ee6a55432928518b8913e42880762

SHA1
845583b93a411f4bda4731efab1d796e4c24fd3a

SHA256
4437e88b68d69b96295f790aa0a8c09385a8bf517f92a63d5207dd524ea33e1d

SHA512
7e64c3775d5acf4f0acc44a58adbb81753198493b563f685f55a36e8b8a8b1744ffaf42de834c2c9dcbc5100db860f4a20c56ab4f05bbfe011fc420a0da77d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f70988ca795d745dfe661df81a05b8ed

SHA1
78b16c2f8cc4f8da434388caa8f612991d46f1ae

SHA256
59756c7e0b8faf2b115a6a06ea6fafe6e56c86f9648fd3a4f518ef76730a5e5b

SHA512
fe7e9a9a1c430f8264c543e8e67ec423c97017f2c5845e4b09e9f01d95bed125125ad169f9b76967610327c93b3f56287e13334860a66f3c8d1435cd693c5ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bedf41000a586fe5e5724812f053853c

SHA1
ae058b34ec1b5059f2ea5860e9e3ebc668868d54

SHA256
97f331d008581c1d800698128402ca1508565af45ce7ec2dcbfdc887f13ae4e5

SHA512
505e9c338735af4fe8deedb9a01de79772ce737be31ee7896ecedf9cd396e097de64d8e0de9f849dfa0be1a79178fc88abf1ee25f9100ade7647deddfb9f495d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
67535db07262489144d1f5767ebb4678

SHA1
9f5bf9b115223c8462cc67cc3ef7780db8aa48b3

SHA256
5f2da30c1e25d8a575b71ebbfc908fda1cd472d09ad916afbcd3623989149a43

SHA512
57005571d43c794d9a3765b0965d6adcd43a3de8015ce0f6eb887d68543346dd5ae13ada84c6809f11c89c94624c22c6e6901b48209d01d76a569e3f701c5f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
144f2214061ac1763586138e3b420071

SHA1
cc320164df1a2130045a28f08d3b88bc5bbcc43a

SHA256
a787b6772e3e4df1b2a04d5eee56f8570ab38825eed1b6a9bda288429b7f29a1

SHA512
06a7c04bb382ddec9381b2f2799317cc55472e91b03d1ccd3d236bb807187bb5773e88eade5483ee90930664d290886143d3d542de2e9bfe1ee90f7c15639183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
612edfb3db47cb38488094b166f2211b

SHA1
3c44916622d5cb63cc22bc65fb03bb7412760cc5

SHA256
a993f970acece90a56ebfc1a5af832757e11018dfb2156b4b2a339979fa62089

SHA512
4a4b169bd28624e9dbccf739ae8eeea926ab6cca8174eadfcaacd4633c61abe20f5af73e16dde51cf8f457f94ff137ffa75df6111d4c6aaac04a5e63b3979477

Download Submit